WordPress Sites Getting Hacked

Word Press Sites - an easy hack?We have seen a number of  WordPress sites compromised over the last few weeks.  In both cases the compromise was innocently installed with a valid plugin for the site.  The last plugin we found infected in this manner, was infected when it was downloaded & installed carried with it a couple of extra files that allowed a remote attacker to use the site to send e-mail through the website.  In this case, we found that that plugin was installed last June, so it was a sort of Trojan horse infection.

A few things that you can do to insure that your site is not the source of compromise:

  • Keep WordPress and its plugins up to date for your site
  • Download and inspect the plugin contents on your computer prior to installing them on your website.  Look for oddly named files that don’t seem to fit the plugins naming scheme, when opened these files contain encoded data.  Encoded data would look similar to this (<?php ${“\x47\x4cO\x42\x41\x4c\x53”}[“\x6dt\x6f\x79\x6cyj\x77″]=”\x66\x75nc”;${“G\x4cOB\x41L\x53”}).  Query the vendor or send the files to us and we can verify the files purpose.
  • Rather than using the servers default php mail function, use smtp authenticated e-mail for sending mail from contact forms and e-mail responses on your website.  If you need an extra e-mail added to your account to do this on our servers, we can set one up for you.
  • Remove the default ‘admin’ account from your site and rename it to something more obscure.
  • Keep your passwords hard to guess – 8 characters in length, upper, lower, special and numeric characters.
  • Use multi-factor authentication if possible to protect the admin page of your website.
  • Remove unused plugins and themes from your WordPress sites.
  • If you haven’t already done so, download and install a good anti-malware plugin for your WordPress website.

If own a WordPress website and you are not sure it is being maintained please give us a call and we will do our best to help you out.