Go here to let Sucuri scan your blog for free to tell you if you’ve been hacked or have malware.
So over the last few months I had been chasing a nagging malware issue on this blog. It looks like (knocking on keyboard) it’s finally cleaned out, so I wanted to share what I learned so hopefully you’ll be able to avoid some of the same problems.
First, here’s what I think happened: It looks like somehow someone got access to the blog, either via stealing a password (doubtful) or exploiting a security hole in an outdated plugin (likely). Then what they did was they added code to the template and plugins that let traffic be redirected from this blog, to their site.
Here’s what I did to clean it up:
First, I tried to download some security plugins to give me an idea of what had happened. I added Wordfence, Better WP Security and Bulletproof Security. What I liked about WordFence is that it scans your WordPress and plugin files and will tell you if any have been changed and will show you the exact changes that were made. Better WP Security gives you a nice checklist of options you can take to make your blog more secure. Plus, it gives you the ability to ban users that repeatedly try to login to your blog or access security holes in the setup. Bulletproof Security has a few additional options and honestly I have it more as a ‘it can’t hurt’ option than anything else.
But the problem was, at best these plugins were alerting me to the fact that there were issues, but couldn’t fix them all. So I ended up paying to get Sucuri’s service for my blog. Sucuri costs $90 a year for one site/blog, but it was worth it. They were able to go in and clean up my blog, and then give me tips and ideas on how to keep a re-infection from happening. The problem was that the issue kept popping back up. We’d clean the blog up, it would be fine for the next few days, then suddenly the following Friday or Sat, Google would blacklist the blog and we’d start the process all over again.
It turns out that what was happening was someone had access to the blog, and they were going in every Thursday and changing files to have traffic be re-directed to their sites. This was somehow taking place the following day, and then triggering the Google blacklist. After it happened about 3 weeks in a row, I finally figured out what was happening, and was able to alert Sucuri as soon as the files were changed on a Thursday, and they cleaned it up within a few hours and we never saw the blacklist from Google.
Also, I noticed that one of WordPress’ core files had been modified, Sucuri changed that back. I went in and changed my WordPress password, and in two weekends since, there have been zero problems and no files have been changed. So it seems that the problem, at least for now, is gone.
So if you want to avoid this headache, here’s some simple tips:
- Create strong passwords for your blog, including numbers and letters. It’s best to mix in upper and lower case letters, plus a few special characters as well.
- Update WordPress and all your Plugins as SOON as the updates are available. I learned this the hard way, but often plugins are updated simply to close an existing security hole. Before I *hated* updating plugins and would often wait till I had several that needed updating before I would. Never again.
- If you have a user as ‘admin’ then delete it. That’s the user account that hackers target the most.
BTW, if you install the above plugins you can see how often hackers try to access your blog and it happens CONSTANTLY. One of the settings I have is I get an email if someone makes 10 bad attempts to sign into my blog. They are banned and then I get an email saying they were banned. I get 5-10 of these emails EVERY DAY. Seriously, it’s scary stuff to see how often bad people will try to access your blog and look for any security hole they can find, so you have to be proactive about protecting yourself.
We’ll have more ideas for keeping your blog secure tonight at #Blogchat, so please check in and let’s learn from each other! See you at 8pm Central!