WordPress powers over 43% of all websites, making it an attractive target for cybercriminals. It is crucial to understand why websites get hacked and to implement robust security measures to protect your digital assets, user data, and online reputation.

Why WordPress Websites Get Hacked

Hackers attack WordPress sites for several key reasons:

• To send spam emails
• To steal sensitive information (data, mailing lists, saved credit cards)
• To install malware on users’ devices
• To redirect users to other websites and thereby steal your traffic

Often, attacks are part of larger schemes, such as distributed denial-of-service (DDoS) attacks, which target the website infrastructure rather than individual pages.

Best Practices for WordPress Security

1. Regular Backups and Monitoring

Always create backups before making any changes:

• Use your hosting provider’s automatic backup features
• Install a WordPress backup plugin like UpdraftPlus for automatic backups
• Ensure backups are stored in multiple locations
• Perform regular security audits

2. Keep WordPress Core, Themes, and Plugins Up to Date

Updates are your first line of defense against security vulnerabilities. Hackers often exploit known weaknesses in outdated software.

• Enable automatic updates for WordPress Core
• Regularly review and update themes and plugins
• Remove unused themes and plugins
• Download themes and plugins only from reputable sources

Updates often fix security vulnerabilities and should be installed as soon as possible.

3. Strengthen Authentication and User Role Management

Implement robust login security:

• Use unique, strong passwords
• Use password managers like LastPass or 1Password
• Avoid the default username “admin”
• Assign only the minimum necessary permissions for users
• Perform regular login audits and remove users who no longer need access

4. Secure the WordPress Database

Your database contains sensitive information and requires protection.

• Change the default database prefix “wp_”
• Limit user permissions for the database
• Use strong database passwords
• Optimize and clean the database regularly

5. Restrict login attempts

Protect against brute-force attacks:

• Use plugins like Limit Login Attempts or WordFence
• Block logins after several failed attempts
• Set up email alerts for suspicious login activity

6. Secure open forms

Protect all forms on the website:

• Use anti-spam plugins like WP Armour or Google Captcha
• Disable comments when they are not needed
• Activate SSL, so all form contents are securely transmitted to server

7. Disable file editing

Prevent unauthorized file modifications:

• Add the line define(‘DISALLOW_FILE_EDIT’, true);  to wp-config.php
• Prevent users from editing theme and plugin files
• Promote secure file management practices
• Ensure your server uses SSL to encrypt data

Conclusion

WordPress security is an ongoing process that requires consistent attention and proactive management. By implementing these best practices, you will significantly reduce the risk of security breaches and protect the integrity of your website and your customers.

Remember: No security measure is 100% foolproof, but a multi-layered, comprehensive approach can significantly minimize potential vulnerabilities.

If you don’t want to handle everything yourself, I offer a very affordable WordPress Maintenance Service.

The contribution WordPress security practices every website owner should know appeared first Web Security Malware Removal.

First – the bad news: Hundreds of thousands of WordPress sites are hacked every year!
Howevewr, having a secure WordPress website doesn’t have to be a big challenge.

Step 1: Install WordPress updates immediately

It’s important to stay current with the latest WordPress updates. Make sure your WordPress website is running on the latest WordPress version.

Step 2: Update plugins regularly

It is critical to update all plugins regularly and to uninstall inactive plugins. In a Wordfence survey, 60% of known hacking attacks were carried out via plugin or theme vulnerabilities.

Image Source: Wordfence

However, the security problems in most of these plugins were fixed a long time ago. The website owners just didn’t update the plugins and thus didn’t protect their website.

Step 3: Use secure passwords!

Use secure passwords! Also, don’t use obvious usernames – especially “admin” and “administrator”. These are the most common usernames attempted by hackers in brute force attacks.

Step 4: Make regular backups

A recent backup is essential to prevent data loss. If you back up regularly, all essential data of your website will be stored in another safe place in the event that you are attacked or make a mistake.

Step 5: Delete all unused data

Delete any old data that you no longer require from your website. This includes old backup files, log files, applications you don’t use (e.g.: phpMyAdmin and Adminer), or other items you don’t need on your website.

Also, old test sites (sub-domains, development and staging websites) should be updated or removed. Old data is an additional possible point of attack that must be protected. If you can remove them, you reduce the risk.

With these tips you are very well, but unfortunately not 100% protected. Should the worst happen, we can quickly clean up your website, find out how it got hacked, and help protect against future attacks.

The contribution 5 ways to improve your WordPress security appeared first Web Security Malware Removal.

This article looks at how this redirection occurs and what variations are possible. Because the redirects do not always occur on every visit (and are often deliberately hidden from admin users!), this type of hack may remain undetected for a long time.

One thing is certain: Remedial action must be taken urgently so that valuable traffic is not lost and your customers are not attacked.

Update: August 3, 2024. Balada Injector Hackers are increasingly active again, and many websites are currently being attacked. Litespeed Cache is often to blame; this needs to be deactivated and then all backdoors removed.

Update: 18/08/2023: There are still a lot of redirect attacks going on – mainly because of the same problems due to insecure plugins and missing updates!

If you don’t want to waste any time, and want to protect your website visitors please contact me for immediate professional help & cleanup.

Common Domain names actively used in WordPress redirects

egocoattell.live

redfiretobind.com

bluefiretobind.com

rdntocdns.com

taskscompletedlists.com

recordsbluemountain.com

roselinetoday.com

bluelitetoday.com

redselectorpage.com

blueselectorpage.com

greenstepcherry.com

bluestepcherry.com

decentralappps.com

linestoget.com

stratosbody.com

quartzquester.top

viqtorywins.com

clickandanalytics.com

predictivdisplay.com

firstblackphase.com

sortyellowapples.com

descriptionscripts.com

scriptsplatform.com

cdn.statisticline.com

desirebluestock.com

actraffic.com

importraffic.com

trackersline.com

violetlovelines.com

specialblueitems.com

weatherpillatform.com

admarketlocation.com

travelfornamewalking.ga

transandfiestas.ga

helpmart.ga

jQueryNS.com

legendarytable.com

greengoplatform.com

transportgoline.com

drakefollow.com

confirmacionsb.com

classicpartnerships.com

specialadves.com

lovegreenpencils.ga

linetoadsactive.com

secondaryinformtrand.com

donatelloflowfirstly.ga

hostingcloud.racing

lowerthenskyactive.ga

lowerbeforwarden.ml

polimer.xyz

deliverygoodstrategies.com

gabriellalovecats.com

watch-video.net

bnmjjwinf292.com

name0fbestway.com

declarebusinessgroup.ga

sinistermousemove.art

url-partners.g2afse.com

buyittraffic.com

cuttraffic.com

puttraffic.com

importtraffic.com

decimalprovehour5.live

trendopportunityfollow.ga

examhome.net

saskmade.net

stat.trackstatisticsss.com

sferverification.com

poponclick.info

train.developfirstline.com

letsmakeparty3.ga

beforwardplay.com

belaterbewasthere.com

waterflowpick24.live

2.8mono.biz

dontstopthismusics.com

lobbydesires.com

blackentertainments.com

fox.trackstatisticsss.com

graizoah.com

asoulrox.com

ofgogoatan.com

stivenfernando.com

fast.destinyfernandi.com

trackstatisticsss.com

check.resolutiondestin.com

dest.collectfasttracks.com

digestcolect.com

verybeatifulantony.com

gotosecond2.com

forwardmytraffic.com

crazytds.club

WordPress spam redirects – hiding places for the malware

In principle, automatic redirects can be placed in any file loaded by the WordPress system.
In addition, there are also frequent script injections directly into the database.
There are various hiding places for spam redirects that I’ve seen in the last months:

• Javascript injections in PHP files (especially in theme and plugin files)
• Javascript files, injected at the beginning of all JS files on server
• Script injections in pages and articles (wp-posts database table)
• URL of website (as set in wp-options database table) changed to hackers domain
• Modified .htaccess files (often in many folders)
• Via advertising networks (hacked ad servers)

In addition to the spam redirects there are always multiple backdoors added, and often several admin users are added to WordPress to allow the hackers full access even once the vulnerable plugins have been patched.

A partial list of vulnerable plugins being used

The vast majority of these attacks are targeted at vulnerabilities that were patched months or even years ago.  If you have any of these plugins installed in your website make sure you are using the latest secure updated !

• Duplicator
• Page Builder by SiteOrigin
• ThemeGrill Demo Importer
• Profile Builder
• WP GDPR Compliance
• Coming Soon and Maintenance Mode

How do I avoid these problems?

As with most WordPress attacks, the solution is to update all your plugins and WordPress core regularly.  Also make sure to remove (and not just deactivate) any plugins that are not required.

How to restore your website if you are infected

There are two ways to restore an infected website: by restoring a recent, clean backup or by removing all malware and backdoors that otherwise allow hackers to keep coming back.

1. Restore a backup

Since these attacks generally infect 100 or even 1000 files as well as the database, the best recovery method is to delete the entire WordPress directory (make sure your backup is OK before doing this !!) and reinstall from a clean backup. Then also restore your database from a clean backup.

2. Manually remove all malware and backdoors

If this is not possible you should contact a professional for help – with the right tools and knowledge the cleanup can be completed in 2-3 hours and your website can be put back online.

I can have your website clean, safe and online within hours for just US$149 (€129) – contact me now for immediate help!

The contribution WordPress Redirect Hack appeared first Web Security Malware Removal.