So you thought your WordPress website was fixed, but it’s still getting hacked? If I had a nickel for every time a client…well, you get the picture.
We hear this all the time for new clients and people that inquire. I had malware (or a virus), my site went down, I (or someone else) fixed it, but it keeps coming back. It 1, 2, 3, xxx times – and it just won’t stop.
We’ve said this one, and we’ll say it again, if your WP website was hacked, and you fixed it, and it keeps getting hacked – you are not fixing the root cause. If you don’t find the security hole (and plug it), don’t expect the hacking to stop.
Process of Elimination:
To be able to figure out where your website is getting compromised, you should probably first know “how” a website can get compromised. You may be thinking the only point of entry is through WordPress itself.
There are essentially 3 ways a hacker can gain entry to your WP website:
A. Through your computer or connection
So let’s say you have a laptop, and an hour or so a day your kids use it. They visit a game website, click an errant banner ad for something -voila, spyware gets installed with a keylogger trojan. Next time you connect to your wp-admin or FTP the keylogger copies your login details and sends them to Russia, a couple weeks later your website gets hacked.
Consider the fact that your computer could be the hole, and scan it with “Malware Bytes” or something of similar strength.
Let’s say your at a hotel, an airport, or at Starbucks and you connect to your wp-admin or FTP via an insecure public connection. Little did you know the guy sitting across from you was running a password sniffer and he hijacked your login information. Guess what, website hacked again!
Only connect to your website using secure FTP (SFTP), or secure wifi connections.
B. You Have a Bad Webhost
Your entire website could be completely up to date, but if the server or webhost your hosted on has a security hole – none of that matters. Over the years nearly every webhost has some type of incident. We’ve seen whole hard drive arrays crash (without backup), and employees stealing thousands of passwords. Even the biggest hosts have had issues like this a time or two. The question is, is it repetitive, and is security a recurring problem.
We fix 3-5 hacked websites per week, and most often we get them from:
We may get a lot of them from these places because they have very large slices of the hosting market. We have, however, had hacked client sites on these hosts (even though they were up to date, and using secure connections on clean computers). We see these 3 hosts as a “recurring theme” with hacked websites, and we wouldn’t recommend them. Do your own research and see what you come up with.
Always consider, if you don’t find any other likely security hold – your webhost could be the problem. Many times we’re asked who we recommend, and it’s nearly always Hostgator.
C. Something isn’t up to date
Most of the time, websites are hacked through something that isn’t up to date. WordPress itself, plugins, or the theme are likely culprits if they are left unmaintained.
Keeping up with the latest versions is always key, but there are 2 often overlooked items as well:
1. Just because there are no updates, doesn’t make something (theme or plugin) “up to date”. If there has been no update in 18-24 months, often it’s “out of date”, and could definitely have a security hole of some kind.
2. Your WP website can be easily hacked through another piece of unmaintained software. Something you installed but never used (and left on the public Internet), or something you use but never updated – like a forum, another CMS, or another WordPress instance you had for testing. We’ve seen a lot of WordPress websites get hacked through phpBB, Drupal, Joomla, and all kinds of other things.
If you want a definitive guide on what to look for, read our previous post How to fix a hacked WordPress blog.
If your website is for business and all of this is just more than you have time to deal with, feel free to inquire about our malware removal services for WordPress.