WordPress Security By Professionals
"Restore my site as quickly as possible" shouts someone from across the line. We ask first thing about who built the site and if it continues to maintain it. The answer in most cases is that after finishing work they parted ways and are no longer in touch. That's usually the root of the problem. Customers who buy a WordPress website are unaware of the security issues and many "web designers" know how to install and design a WordPress website using a template but they have no idea what it is to maintain a WordPress website over time and in many cases also do not invest in security and hardening the WordPress properly.
All of this eventually leads to the hacking of the site and even the infection of the installation of WordPress with dedicated viruses that make it very difficult to recover. We recommend that all our customers who use WordPress develop a relationship with a web administrator that will ensure ongoing support that includes regular updates to WordPress, the template and plugins, hardening WordPress and the template, implementing security mechanisms that the hosting company offers and providing customer service along the way when it comes to the functionality of the site.
So what do you do when you find out your site was hacked?
First of all relax, and call the site manager if there is one. He is supposed to conduct an incident investigation, recover from a backup, usually without the need for our help and fix the breaking cause once detected in the logs.
If you don't have anyone who can handle it professionally, here's what we know how to offer:
- Investigation of a hacking incident or in professional jargon – forensic investigation.
The investigation is possible if nothing has been touched, no backup restoration took place or any file tampering of the account has been carried out.
The investigation begins by identifying the nature of the hack (file change, sql injection, deleting material or stealing/leaking information).
If we see a corrupted file we will check its modified date and then we will look for a blog of the site for what happened at the exact same time. In a few cases, we recognize that the file was uploaded on FTP and then realize that the client's access password leaked to the intruder, perhaps as a result of infection of a virus or password used elsewhere that has leaked.
Usually the file will be modified by another script, which is used by the intruder as an auxiliary tool and usually includes a file manager and all kinds of other unkind functions. This file also somehow cost the server and that's what interests us. Again checking a date and cross-referencing with logs. Usually you reach an hacked plugin that uploaded a php script without checking an extension. The common weby document editor FCK Editor has an extensive history in this.
After investigating the incident and detected the way hackers succeeded to break-in, we perform a site restoration, still having it closed to the world, to minimize re-infection possibility
If this was a simple break-in, usually a restore and full wordpress/template/plugins update will do.
Complex WordPress Infection - Here the work is more advanced and requires a new installation of WordPress, the template, all plugins and the merge of content from the infected site, while ensuring that all content taken except text from the database is scanned for viruses and malware.
The work usually includes upgrading the Wordpress site to latest version, then template and plugins. Then we merge the content in by copying content between the old database and the new one. The service is based on working hours, a minimum for such work will be about 15 hours of work.
After recover, we monitor traffic and check that there is no re-infection. We provide a 30-day warranty for the recover work and of course recommend finding an experienced site manager for the ongoing maintenance of your WordPress website, or letting us maintain it for you, as part of WordPress services for businesses we provide.There are a number of actions we take to protect WordPress after installation in order to prevent intrusions regardless of the ongoing maintenance of the site.
Among other things, we install brute force detection mechanisms for user access, mod_security for variety of sql injection-based malware, scanning media during or after uploading of the site using an antivirus, implementing dedicated plugins for general security and of course – most importantly – performing automatic daily backups and Wordpress/Template/Plugins updates on regular base.
In conclussion, recovering from a security breach is usually a task for advanced sysadmins/webmasters with decent knowledge in PHP, MySQL, general Linux sysadmin and most of all, a "forensic" mind that can understand the kacer's actions, look for left back-doors and prevent re-infection. CONTACT US FOR HELP using the quick form on your right
