Towy Web Designs

Towy Web Designs

Web Design & Eco Hosting
with Free SSL Certificates

Get in Touch Now

Website Security

Website Security

Malware infected website

Website Security is essential as one of my old web hosting customers who I did some free work for on her website as she was a charity failed to keep her WordPress website up to date.

I initially had website security in place with both Wordfence and Sucuri plugins installed and configured to help secure the website. With both plugins installed this would have probably prevented hackers hacking her website but they got in and injected a malware virus.

I had not been in contact with her for some time and she had some problems and a Web Design company who had been in contact with her previously, stepped in and she then asked them for help so allowed them access to her charity website. Unfortunately when I checked the website both Website Security plugins were uninstalled.

Unknowing to me about this other company and whilst I thought she was still my customer and before she left, I reinstalled both Wordfence and Sucuri plugins then ran the virus scanners. Sucuri found a virus, which led me to the theme files. In the header.php file I found a suspicious script written in Javascript just before the closing head tag. I deleted it but that wasn’t enough as it had infected other files in the theme and WordPress.

The charity owner of the website left my web hosting company to go to someone else i.e. the other Web Design company and her website has now completely gone. I bet it is still infected and they don’t know what to do. This other company interfered behind my back with what security measures I had put in place or this wouldn’t have happened.

With a bit of work from me and a bit of patience on her behalf I could have got it back up again as I had earlier back ups. Her theme was based on Twenty Eleven but the original designer made direct changes in the stylesheet and renamed the theme name (Ooops). With doing that it never got updated when a new version of Twenty Eleven came out. It should have been set up as a Child theme from the start, that way it could have been updated.

Because she loved the theme, she was reluctant to change it and also didn’t update any WordPress updates including core files, plugins or make regular backups.

What was the problem?

Subsequently I made a copy of the Javascript code found in the header file and sent it to Sucuri after reading a similar article on twitter. They had a look free of charge and emailed me back that it was a Fake jQuery injection that occurred 2 years back.

I had Wordfence and Sucuri plugins installed but behind my back they disappeared and consequently she got her website hacked when this other company took over. Her other website is still running and had Wordfence and Sucuri installed when I last looked so it looks like the lack of protection caused this to happen.

How to prevent

The obvious is to install security plugins such as Wordfence or Sucuri. Both plugins are similar but each one offers slightly different options so I like to install both of them.

With Wordfence I can limit the number of times someone tries to login and fails, WordPress allows an infinite number of times. This isn’t good as this leaves your website open to Brute Force Attacks where they are trying to guess your password using some type of script.

I limited unsuccessful login attempts to just 3 attempts before the user gets locked out. Once locked out they then have use their email address to gain access again, well that’s if they have one.

How to fix

It is easier to restore an earlier backup but you have to make sure that this backup hasn’t been infected with the same virus. If you don’t have a clean backup then it will be a matter of going through the infected files and this could take ages.

Another option would be to install WordPress into a different directory, install all new plugins and theme files.

Change the URL to the login page

Hackers will know or even someone with some knowledge of web design that your website is developed using WordPress, you only have to look at the source code. So to login to your WordPress Dashboard you either go to wp-admin or wp-login but the hackers know that as well so simply change the login url by using a plugin.

I use a plugin called WPS Hide Login, which is very easy to use but obviously I am not going to tell you where I moved it too for security reasons.

Before I installed this plugin, Wordfence alerted me to some failed login attempts from 2 different countries so I blocked them within Wordfence then changed the url to the login page. This has now prevented any further failed login attempts as they don’t know where it is and they simply get page not found.

Website Security – On a final note…

We now take Web Security a priority so every new or existing website will have extra web security measures built in. Hopefully with my new customers this doesn’t happen again as I supply free SSL certificates with all websites. I also make sure HSTS is enabled which helps block Man in the Middle attacks.

** Since writing this article her other website that is hosted with the same Web Design company has now gone with the same errors, although I don’t think it was infected with a virus as it had Website Security in place.

Click on the link for more information about our Web Security Services

More Information

Sucuri – Fake jQuery injections (external link – opens in new tab)

Test your website for Malware

Sucuri’s Free Malware & Security Scanner (external link – opens in new tab)

If you would like to have extra Web Security for your
website then please Contact Us Now!.