WordPress Sites Hacked

Last week a critical security leak was exposed in many WordPress sites which allowed malicious code to be injected into the site files by hackers. In response I installed the security plugin WordFence, which scans and identifies files that contain malicious code. WordFence also has many other setting which help secure a WordPress site.

After scanning the site WordPress lists the files that need attention. Files can be deleted right from the WordPress console which makes it easier than logging in through FTP or the server console.

WordFence can be set to scan files outside of your theme, or even outside of the WordPress install itself. Some site had many infected files. In these cases, rather than removing files individually, I prefer to replace the entire WordPress files, with the exception of the config file and the wp-contents directory. Why? Well, I found that when updating WP through the CMS it didn’t necessarily remove some files. By replacing all of the files I can be assured that the infected files are gone.

When setting up the options in WordFence I made sure that I selected to receive emails if someone tries to log into the site. Additionally I set it so that if anyone tries to log in with bad passwords or usernames they are locked out of the site. At first I was skeptical about this but I was amazed when I started receiving emails. In one instance a site was hit 61 times from locations in China, Russia, Spain, and Italy.

As of right now I have installed WordFence on about 30 sites and I’m pretty happy with the results. I would strongly suggest that anyone with a WordPress site install a security plugin right away. If your site gets hacked it could be shut down by your hosting service, as a few of mine have been, and you could also get a “This site may be hacked” warning when your site is searched for. This happened on a couple of times on Google. If you rely on your website to be up and running all the time you don’t want to get hacked.