X

[SOLVED] Solution to a hacked WordPress site

It’s very easy for a WordPress site to get infected with a virus (get hacked). Here are some of the symptoms:

  • Some of the pages will redirect to a malware site and cause your site’s reputation to go down
  • A large amount of SPAM will be sent from your site and therefore blacklisting your server’s IP address
  • Defacement of  your site can happen or some content will get removed.
  • Some plugins might stop working or will get deactivated
  • Lots of PHP errors like: “Cannot add header information – headers already sent”
  • Back-end might stop working or the entire site will display a blank page

Tracking these down and fixing them can be a very time consuming venture and in a lot of cases a restore from a backup is needed but the problem with that is that you will still be vulnerable and have no idea how the virus got in.

So, is there a way to combat these effectively or even eradicate them completely? The answer is yes but let’s first take a look at some issues with current antiviruses and scanners.

All currently existing scanners only look for viruses and not protect against getting infected. Also, not all viruses or threats are detected as they go by signatures and it’s impossible to always have a complete list of those. For example a virus can be inserted in this format: “eval($_POST[‘any_php_code’])” and an security scanner will not see it as this is very similar to regular WordPress PHP code. All these point to how imperfect the scanners are just because it’s nearly impossible to account for all possible variations of infections.

The solution we created prevents any further viruses from being introduced as well as current ones spreading. Once that’s done any scanner can be used to identify and remove the infected files but even if anything gets missed, it’s not a big deal as the viruses will not spread and will be under control.

Our solution is by means of a plugin that works securely within our environment and allows to lock/unlock various parts of WordPress site. The screenshot below shows the settings of the plugin.

After the protection is in place no future infections will happen and you can safely scan your site and remove any virus-like files. When moving to one of our annual packages we will be happy to assist you with your infected site and get it cleaned and protected. Happy sailing!

 

wpwpadmin: