Protect WordPress

How to Protect WordPress from malware?

Protect WordPress

 Malware

WordPress is installed on so many websites now, the global reach is comparable to a company like Microsoft. You probably already know the word malware from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came spyware (programs that spy on what you do and send the details to a remove computer), as well as anti-spyware computer software. 

Best way to protect your WordPress from malware

1) Reset your password:

Regularly reset your WordPress admin, FTP, and web hosting control panel passwords every 30-60 days. Be sure to use a 12+ character strong password. Never use the same password at multiple websites or for multiple accounts.

2) Update Everything:

To keep WordPress itself updated, and all plugins and your theme as well at all times. Check to see if your theme has an update available if you purchased it from a developer or a theme house. Have it reviewed by a competent WordPress developer once per year for vulnerabilities if it was custom coded.

3) Limit Access:

Limit and give admin access to only those with a “need to know” basis within your WordPress website.

4) Remove unused items:

Always remove all themes and plugins that are unused and inactive. In addition be sure to remove any plugins that haven’t had an update in 12-18+ months or more.

5) Setup alerting and monitoring:

web hosting companies are all kinds of free services that will alert or monitor you if your website is down.

6) Register with Google Web-master Tools: 

If you register with Google Web-master Tools and they find malware in your website, they will notify you via email. Keep in mind by the time they notify you, your website could have been infected for days or weeks.

7) Update wp-config security salts:

Since before version 3.0 the wp-config.php file of every WP installation has contained security salts and a URL to get random ones to update the file with. Be sure to update your wp-config file.

8) Install and configure a security plugin:

Setup and configure an all-inclusive security plugin, something like Better WP Security or Secure WordPress.

9) Setup and test a backup solution:

You can use a free plugin, premium solution, or web based service to backup your website to an offsite location for recovery in case you are hacked, or something at your web host goes down. This is even protection against issues if you upgrade WordPress or plugins and a conflict takes your website down. At least with an option like this, if you are taking regular versioned backups, you can easily revert to the last known good version.

Read More

Malware Infection Breaking WordPress Websites

Malware Infection Breaking WordPress Websites

There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords.

Malware Infection

  • The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:

Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91

 

  • After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:

< ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…

 

  • If you are running MailPoet, we recommend upgrading it to the latest version.

Note : If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.

Read More