Malware infected website
Website Security is essential as one of my old web hosting customers who I did some free work for on her website as she was a charity failed to keep her WordPress website up to date.
I initially had website security in place with both Wordfence and Sucuri plugins installed and configured to help secure the website. With both plugins installed this would have probably prevented hackers hacking her website but they got in and injected a malware virus.
I had not been in contact with her for some time and she had some problems and a Web Design company who had been in contact with her previously, stepped in and she then asked them for help so allowed them access to her charity website. Unfortunately when I checked the website both Website Security plugins were uninstalled.
The charity owner of the website left my web hosting company to go to someone else i.e. the other Web Design company and her website has now completely gone. I bet it is still infected and they don’t know what to do. This other company interfered behind my back with what security measures I had put in place or this wouldn’t have happened.
With a bit of work from me and a bit of patience on her behalf I could have got it back up again as I had earlier back ups. Her theme was based on Twenty Eleven but the original designer made direct changes in the stylesheet and renamed the theme name (Ooops). With doing that it never got updated when a new version of Twenty Eleven came out. It should have been set up as a Child theme from the start, that way it could have been updated.
Because she loved the theme, she was reluctant to change it and also didn’t update any WordPress updates including core files, plugins or make regular backups.
What was the problem?
I had Wordfence and Sucuri plugins installed but behind my back they disappeared and consequently she got her website hacked when this other company took over. Her other website is still running and had Wordfence and Sucuri installed when I last looked so it looks like the lack of protection caused this to happen.
How to prevent
With Wordfence I can limit the number of times someone tries to login and fails, WordPress allows an infinite number of times. This isn’t good as this leaves your website open to Brute Force Attacks where they are trying to guess your password using some type of script.
I limited unsuccessful login attempts to just 3 attempts before the user gets locked out. Once locked out they then have use their email address to gain access again, well that’s if they have one.
How to fix
It is easier to restore an earlier backup but you have to make sure that this backup hasn’t been infected with the same virus. If you don’t have a clean backup then it will be a matter of going through the infected files and this could take ages.
Another option would be to install WordPress into a different directory, install all new plugins and theme files.
Change the URL to the login page
Hackers will know or even someone with some knowledge of web design that your website is developed using WordPress, you only have to look at the source code. So to login to your WordPress Dashboard you either go to wp-admin or wp-login but the hackers know that as well so simply change the login url by using a plugin.
I use a plugin called WPS Hide Login, which is very easy to use but obviously I am not going to tell you where I moved it too for security reasons.
Before I installed this plugin, Wordfence alerted me to some failed login attempts from 2 different countries so I blocked them within Wordfence then changed the url to the login page. This has now prevented any further failed login attempts as they don’t know where it is and they simply get page not found.
Website Security – On a final note…
We now take Web Security a priority so every new or existing website will have extra web security measures built in. Hopefully with my new customers this doesn’t happen again as I supply free SSL certificates with all websites. I also make sure HSTS is enabled which helps block Man in the Middle attacks.
** Since writing this article her other website that is hosted with the same Web Design company has now gone with the same errors, although I don’t think it was infected with a virus as it had Website Security in place.
Click on the link for more information about our Web Security Services
Sucuri – Fake jQuery injections (external link – opens in new tab)
Test your website for Malware
Sucuri’s Free Malware & Security Scanner (external link – opens in new tab)
If you would like to have extra Web Security for your
website then please Contact Us Now!.