Protect WordPress site from Hackers

blackhole-exploit-kit

You need to take pre-emptive steps to protect the WordPress site from hackers. Attacks on WordPress are not just based on brute force login efforts. Blackhole Exploit Kit, Blackhole Exploit Kit Detection, Phoenix Exploit Kit, Rogue Scanner and JS Redir attacks are currently the most prevalent of all website threats globally. These can destroy your website’s online reputation and drive your visitors elsewhere. Malware may be installed onto visitors computers directly from your website, without you being aware of it.

Attacks on WordPress Sites – Hacking

Even with the best security, your WordPress website is at risk of infiltration because these Blackhole Exploit applications exploit flaws in the  JavaScript code itself, rather than being hacking in the conventional sense. They can compromise your website without you even being aware of the problem.

How To Tell if Your Site Has Been Compromised

For some people, the first indication might be a complaint by a site visitor that their PC’s internet security application sounded an alarm. At that point, you should reach out to WordPress tech support services and get some help. Some search engines – like Yandex – now email the website owner if their web bots discover malware during site indexing visits.

You can be a little more proactive than that. Aside from using a premium internet security suite, and visiting your own site regularly, you should also regularly check your website on the premium internet security sites! The following are those I have found to be accurate;

Of those, Sucuri.net provides the most detail, right down to the infected file and the type of infection. This allows you to go straight to the source of the problem and eliminate it.

Not checking, not being aware for an extended period can result in your site being blacklisted on sites which monitor inappropriate activities such as malware, phishing, virus distribution etc.

Another good site is www.virustotal.com – click the “Scan a URL” option, then enter the website Domain Name to be checked. VirusTotal will check your domain against almost 20 different databases and report on its status.

How To Minimise Attacks on WordPress

Implement each WordPress upgrade as soon as it appears. This is extremely important and is the best way to prevent exploit attacks in the WordPress core. WordPress developers quickly remedy any newly discovered issues, so an upgrade is the best defence against known security threats.

Make sure that all Plugins are kept up to date. Upgrades frequently address newly discovered security flaws in PHP and JavaScript code. In the past 2 weeks I’ve seen successful Blackhole Exploit Kit attacks on the following plugins;

  • Contact Form 7
  • Contact Form 7 Calendar
  • ./wp-content/uploads/wpcf7_captcha/

Use a Design Theme that does actually have an upgrade process. Some developers of premium themes provide incremental upgrades and security patches. Those produced by Studiopress are amongst my favourites.

Cheap, nasty, old or free WordPress themes are an invitation to disaster. If your website has any value, add to it with a professionally written design theme… Signing up for an annual WordPress Website Maintenance Plan makes sense because prevention is better than cure.

How to Fix a Hacked WordPress Website

The first issue is accurately identifying the problem. Use the www.sitecheck.sucuri.net/scanner/ to establish which Directory and or File/s are affected.

The second issue is to eliminate the problem immediately!

Elimination of Exploits

In the case of WordPress, the “upgrade” or “reinstall” provides an immediate elimination of compromised core WordPress files.

Plugins that are compromised are overwritten by an upgrade… Where no upgrade is available exists;

  • delete the plugin directory
  • go to WordPress.org/extend and download a fresh copy of the plugin
  • unzip it into your PC’s local drive
  • use FTP to upload the plugin directory to ./wp-content/plugins/

Design Themes that are compromised are also overwritten by an upgrade. Alternatively, use an FTP program to delete the current Theme directory, and then upload a replacement copy.  Note that if you’ve got any custom modifications to the theme files or the style sheet, its a good idea to have a local copy of those edits!

Having cleaned up the offending file/directory, it’s useful to go through the site looking at date_modified dates…

Some exploits or hacks insert files, these will invariably be dated on the day the exploit or hack occurred. Look for any dates that stand out as being different to those of the recently uploaded WordPress / plugin files.

If you’d rather not do this yourself, the Securi.net malware removal service is recommended. At $89.95 it also includes a full year of website monitoring!

Exploit Prevention

After the clean-up is over, and scans on Sucuri.net report the site is now clean, you need to take steps to ensure that security is now as tight as it can be, to protect the WordPress site from hackers.

Password Changes

Change EVERY password to all areas of the site, including;

  • WordPress Administrator account
  • WordPress Database account (you will need to update wp-config.php)
  • FTP & Admin Control Panel
  • Email accounts

Don’t use recklessly simple passwords! Make sure EVERY password is at least 10 digits, preferably randomly generated with a mix of upper and lower case, numerals and punctuation…Use this site;

www.pctools.com/guides/password/

So what if you can’t remember a difficult password? There are products like  Roboform password manager that can help you with that!

Directory Permissions

In most cases, directory/file permissions should be no looser than 755. However, hosting companies implement permissions in varied ways, and in some cases, the only way to upload files to wp_upload is by setting that directory to 777

That’s a serious problem, as it’s offering free access to anyone with nefarious intent. If your hosting company can’t / won’t help you with sorting out permissions for your WordPress installation, change to another company!

WordPress have detailed information here: http://codex.wordpress.org/Changing_File_Permissions

Remove Extra  FTP Accounts

Some hackers like a way back in if their efforts are undone, so they add a sneaky FTP account access… Some hosting accounts with Add-On Domains automatically create a new FTP account for each add-on domain that is installed…

To reduce the potential for future problems, remove all unused/unidentified FTP accounts.

Installing WP Security Software

For the non-technical site owner, there are plugins designed to ease the burden of security by helping protect the WordPress site from hackers. See a list of WP Security tools here;  http://wordpress.org/extend/plugins/search.php?q=security

The ones I use and recommend to prevent attacks on WordPress are;

  • Block Bad Queries: a fast, lightweight web application firewall
  • Loginizer: brute force login protection
  • Wordfence: which does both of the above plus scan all files. It has an intuitive interface and locks the site down neatly and easily. It’s quite easy for a non-technical user to install and configure this plugin.

Backups

Obviously, when all else fails and your website has turned to mush, there’s a great deal of comfort to be had from a comprehensive backup of your website… Make sure you have one!

Page last updated on Wednesday, October 11, 2023 by the author Ben Kemp