by rritz
10 replies
Hi, maybe not really a marketing question, but as many marketers rely on Wordpress for building their marketing sites ... maybe someone can help me here

I have several WP installations and all of them get hacked continually
I have never seen anything like it with any other CMS

I have followed all the guidelines in WP forums and KB to secure the sites, I have installed Anti-Malware, Wordfence and iThemes Security plug ins
I keep changing passwords and salts

but still, I get hacked. Last time all my sites were down for several weeks until I could get my hosting provider to put them live again after some malware was sending spam
Now again, some phishing software has infected me and I see a lot of porn

I am hosted with Arvixe shared hosting if this makes any difference

I'd appreciate any input on what steps to take to secure my sites ... these are vital to business and I can't waste time cleaning up every few months and losing rankings and everything that goes with being hacked and infected.

Thank you
#security
  • Profile picture of the author yukon
    Banned
    I can almost guarantee you're using the same plugin, theme or host that's the vulnerability for all your Wordpress installations which is why you get hacked.

    WP hackers first look for plugins/themes that have security holes, there's list on the net showing the security issues. Some target the MySQL database but that's more work than targeting weak WP themes/plugins.

    Fix the problem instead of looking for band-aids (magic plugins).
    {{ DiscussionBoard.errors[10990265].message }}
  • Profile picture of the author LoveHammer
    Damn, this forum is filled with people who post just for the sake of posting.. looking at you yukon.

    Here's a few step process that works for the most common base64 hacks:
    1. install wp fence, it's a free plugin. (edit: seen that you're already using it, still proceed to the step 2)
    2. in the scan settings (under wpfence > scan) select "scan outside wordpress installation", "plugin dir, theme dir etc - make sure to scan your whole server.

    It'll take some time (depends on size of the server), but after the scan you'll end up with a list of infected files. In most cases they all follow the same malicious pattern so you can download infected directory(or the whole server), open the dir in a text editor > search and replace with blank for all files. Upload the files, re-do the scan see if anything else is infected, find the malicious code, download files, search>replace with blank. and so on, until you're left with 0 infected files.

    Note 1:Before that make sure to have a backup copy of the dir, just in case you screw something up.

    Note 2: It's a simple but boring process, and it can take you anywhere from few hours to a whole day.

    After it's all clean, make sure to at all times have up to date wordpress core and plugins.

    Themes, if you got it from place like themeforest or directly from wordpress (i've developed themes for both marketplaces and know the rules in and out), can't be the reason you got infected.
    {{ DiscussionBoard.errors[10990283].message }}
    • Profile picture of the author yukon
      Banned
      Originally Posted by LoveHammer View Post

      Damn, this forum is filled with people who post just for the sake of posting.. looking at you yukon.


      Don't be an asshole.. looking at you LoveHammer.





      WP fence is junk. Anyone that really wants into a WP site simply does a SQL injection.
      {{ DiscussionBoard.errors[10990393].message }}
      • Profile picture of the author rritz
        Originally Posted by yukon View Post





        WP fence is junk. Anyone that really wants into a WP site simply does a SQL injection.
        Thxs for the link! If you think wp fence is junk, maybe you have some suggestions on WHAT WORKS?
        {{ DiscussionBoard.errors[10991268].message }}
  • Profile picture of the author vishwa
    To secure your WordPress site you can use security plugin like Wordfence or All in One Wp security plugin. Along with that you can use CDN services like Cloudflare, MaxCdn, etc. These steps will ensure that your WordPress site is secure.
    Signature
    Bloggershook.com- Blogging, and Digital Marketing
    {{ DiscussionBoard.errors[10990572].message }}
  • Profile picture of the author rritz
    Thanks for the input so far guys, I appreciate it. I will try Cloudflare, seems to be easy to do from cPanel.
    As I said, I am using wordfence already although it is a pain in the ass because it sometimes blocks me from doing things and screwed up one site completely.
    will look at all in1 wp sec too, thxs
    {{ DiscussionBoard.errors[10991266].message }}
  • Profile picture of the author JohnMcCabe
    Another thing to look at is your hosting account itself.

    Are you changing passwords regularly? And using strong passwords?

    It's quite possible that the hacks are being done at the server level, rather than through WP itself.

    The same applies to your WP log in page. Use strong passwords and change them regularly.

    When you set up WP, use strong password-type strings as the database username and password.

    Bottom line, make your installation as hard to crack as possible.

    You might also ask your host if someone else on the shared server is accessing your account. I was with a host once that had a glitch in their setup that allowed users to view the file structure at the server level. With that access, it was a simple matter to substitute corrupted files for clean ones. A cursory examination would not show the intrusion.

    (I'm not going to name the host, as they've been out of business for over a decade.)
    {{ DiscussionBoard.errors[10992472].message }}
  • Profile picture of the author wordpressmania
    I think other comments covered most of the suggestions I normally would give... Only one thing is still left for me

    Lets, go to the point. You are using a shared hosting. It means you are sharing a hard disk with some other people. You do not know them, even you do not have any idea which type of sites they are running on their website.

    So it brings few things in front of us.....

    1. If any of the site on the same storage media is infected it can spread. May be you removed the malware from your part, did others did the same? Or were that done simultanously?
    2. Like if you are infected you might infect others as well and vice versa
    3. Also you will get less speed as if someone else is getting more visitors he will use more resource ( though there are some script running by the hosting to prevent it but you know those actually do not work well and something they just limit your site with certain criteria ), why, it happens? Well, it is a shared hosting right? You sharing everything.

    For SEO prospective as well as security I would suggest you to go with a cloud hosting. If that is not possible, then at least go for a hosting that is more famous ( the list of fame is not that long, search this forum and you will get the list). I hope it will solve your problem. Few years back I changed my hosting 3 times a year. Well, not good experience but it just saved my ass and I am happy what I have got now.

    The last thing, I pay my hosting each month. And I always have back up ready to restore the site if needed with just few clicks. So be prepared. It is internet and anything can happen. Why I pay each month? Well, I am ready to move to a new hosting if needed. But I think I will not have to move in near future Quite happy with my kids ( my websites ) and their mother ( the hosting ).

    Oh, one thing, A wise man once said to me................ for hosting, you will get what you pay for. You know what I mean, the cheaper hosting you get the cheaper the service you will get.

    Hope My Experience will save you a lot of time in future
    Sabbir H
    {{ DiscussionBoard.errors[10992499].message }}
  • Profile picture of the author rritz
    Thank you Sabbir,
    I thought it might have been a hack on the server level as all three WP sites were infected.
    On the other hand I also have n oxwall and 2 concrete5 installations on the same server in the same account and these have never been affected.
    {{ DiscussionBoard.errors[10993295].message }}
  • Profile picture of the author risgirly
    If someone who is bad enough wants to hack your wp site, they will, if they try hard enough. That's the truth. The best you can do is protect yourself enough but always have a backup, for when it happens.
    {{ DiscussionBoard.errors[10993618].message }}

Trending Topics