How to keep your WordPress sites safe from malware?

From time to time, stories about hacked WordPress sites appear on the network. Hacking can be caused by a variety of reasons, from a plugin to an old version of WP. As it has been said many times, if you have your own WordPress website, you must make every effort to ensure its safety and security from various intruders.

When it comes to WordPress security, you have to bear a lot of things in mind to be on the safe side. In this article, we will describe some of the most popular security problems, point out mostly known malicious programs, and suggest existing security tools for WP.

WordPress is very often criticized for its lack of security. However, this is not something we would like to discuss here. There’s one fact we’d like to remind you of: protection depends not only on the software but also on the way it is maintained. The end user should update the system in a timely manner and use only trusted plugins, and themes downloaded either from the official WordPress repository or from the websites of reliable software companies. Only in this case, a high level of protection can be guaranteed.

Why is WordPress the most targeted for malware attacks?

As already noted, many users simply do not update the system on time. What can we say about random users, when many large companies and market leaders do not always follow this rule! Need a live example? Well, last year, Reuters was hacked. When they started to investigate why their site was hacked, it turned out that the used the outdated at the time WordPress 3.1.1 (with version 3.4.1 being relevant).

If any vulnerabilities or hacks are found, the WP team immediately releases a security update. After that, the responsibility lies with the user alone – he should update his sited in time and nobody else!

The second reason for security problems is the use of “pirated” themes or plugins. There are many proven solutions in the official WordPress repository that will suit most of the users. They are all good in terms of security – clean code, constant updates, etc. The problem appears when someone tries to install plugins and themes from unverified sources. Lack of regular updates from developers is just a part of the problem. They main concern here is that in such a way you put yourself at risk. It is, therefore, very important to regularly update themes and plugins.

Finally, the third and most important reason for the attacks is the high popularity of WordPress. WP is one of the most widely used content management systems in the world, which naturally attracts hacker’s attention. The logic is simple: if you are an attacker, it is very convenient for you to hack software that is associated with a significant number of sites. After all, if you can find a “hole” in it, a large-scale field will open up for you to take further action! For this reason, the hackers most often break Windows and Mac, rather than UNIX and Linux.

Protecting WordPress: An Introduction

Before we proceed to the most widespread security issues WordPress users face, let us remind you that maintaining an overall safe environment on your device is a must. We do hope that you have a reliable antivirus on guard of your security, but if not consider reading Avast antivirus review along with a few more reviews of industry-leading antivirus solutions to guarantee that you will not one day loose access to all your files because of ransomware.

And now let’s proceed with the threats all WordPress users should be aware of.

Backdoors

Backdoors are what a hacker uses to gain access to your website (via FTP, SFTP or even wp-admin). Obviously, backdoors can have disastrous consequences – they can affect not only your website but also all other sites located on your server, causing damage to the multisite network. Most often, backdoors are carefully encoded and encrypted. Today it has come to the point that some backdoors can outwardly resemble quite legitimate and clean code. Sometimes backdoors can be in your database.

Backdoor infiltration often occurs through outdated software or suspicious scripts. Remember the Tim Thumb script fiasco? Yes, it was a backdoor attack that affected numerous WordPress sites.

The easiest way to determine backdoor location is to look at the files contained in the WordPress folder. Naturally, there shouldn’t be files that do not belong to the assembly there. Presence of php3.php or crucial-wp.php is a clear sign of hacking.

While finding a .php file in the folder with your recent uploads most likely speaks of a backdoor attack, it also happens that backdoors are hidden in legitimate files, and in this case they may be quite hard to identify. A special Sucuri Site Check tool was designed for this purpose. It allows you to detect most of the backdoor threats. Removing or disabling the backdoor is much easier than identifying it.

You can minimize the risk of backdoor attacks by restricting access to your site. A good option is to use two-factor authentication or restrict access to the IP-based admin panel.

In addition, if you have access to the terminal on your server, you can look for example for “eval” commands – if such commands are hidden in “base64_decode”, this indicates the presence of a backdoor.

Pharma hack

Pharma hack concept refers to spam rather than malware. You receive constant spam about Viagra, Levitra, and other “pharmaceuticals”. Spreading any spam is bad, though. Search engines may impose sanctions on your site.

Pharma hack is dangerous because it is visible only to search engines. After such a hack, your website is marked by Google as “carrying a potential threat.”

Malicious Redirects

As the name implies, malicious redirects send users to some websites. Usually, such redirects can affect both your primary domain and subdomains. Redirection may not always lead to a malicious site. Often, a redirect simply takes people to a site filled with advertisements and such a site may not contain any malicious code. You don’t want to lose your traffic though, right?

In addition, redirection can occur within your site. Say, visitors looking at wordpressblog.com can be redirected to wordpressblog.com/new.php. The content of the file new.php may contain various advertisements or some malicious code.

The most common cause of redirects is an outdated version of WP with security holes that allow hackers to access system files using backdoors. As in all other cases, backdoors can be embedded via FTP, SFTP or the WordPress admin panel. Once access is obtained, you can easily place the redirect code on the site. The simplest solution to determine if your site is a victim of a malicious redirect is to use the Sucuri Site Check. In addition to Sucuri Site Check there is a very useful online tool that allows you to determine the “health” of your site – Unmask Parasites.

Following the best security practices is the best preventive measure to keep your WordPress sites safe. However, if you face one of the issues described in this article, we hope our tips will help you to successfully detect the issue in a timely manner and to further remove all the threats.

About the Author

Susmita is an engineer, a writer and a dancer - not necessarily in that order ! Ever since she discovered WordPress, she has not ceased to be amazed by how this community-driven platform brings people together - in more ways than one. And yes, she loves binge-watching movies !

Leave a Reply

Your email address will not be published. Required fields are marked *