With everyone’s blogs being hacked these past few weeks I’ve been busy cleaning up viruses…
One of my clients’ Godaddy hosted sites was hacked three times in one week.
I spent at least 10 hours this week just cleaning up files and restoring this site. It wasn’t the client’s fault at all. She didn’t break her site. I felt awful having to charge for my time to fix it, especially when I felt Godaddy should have been reimbursing me the second and third time around…
You see, I didn’t set up the site. Someone else did. A long time ago. This means there were no security keys in the wp-config.php file, the database wasn’t unique, and even though WordPress was up to date, as were all the plugins, the actual settings weren’t secure.
So, in the first clean-up I took measures to secure the site. I installed a plugin for WordPress that was supposed to alert me of inconsistencies and possible hack attempts. I added the security keys, changed passwords for Godaddy, FTP, and the database itself. And still, the site was hacked a second time. I scratched that anti-virus plugin and opted for another that actually shows me where the security hole exist. While this didn’t protect the site from the 3rd hack it did, and still does, show me where I could make the site safer.
My thoughts are that the virus still excited on the database, even after I’d removed it from all the site’s files. So, a day or two after clean-up it just crept back in and re-infected the site. 3 times.
Yesterday this client switched hosting.
One-Click vs. Manual WordPress Install
This whole experience has increased my faith in and love for cloud hosting. Rackspace ROCKS! We have over 70 sites hosted on our Rackspace account and not a single hacked site incident to date. I believe that part of this is due to the manual database creation and WordPress install, versus the push-button WordPress installs easily implemented on shared hosting with cpanel access. Yes, it’s possible to manually install WordPress on shared hosting, but you have to know how, and even if you do, the on-click installs offered are very tempting. With our cloud hosting at Rackspace, easy isn’t an option. Everything is done manually, or not at all.
So, my advice to those on shared hosting…
Manually set up a database; create your own database name, user and password. Manually install WordPress via FTP and make sure to use security keys in your wp-config.php file. (the directions are included in the file) Next, install WP Security Scan and follow it’s instructions for setting file and directory permissions.
If you’ve already been hacked contact your hosting provider and ask them to clean up the site and the database. Simply cleaning the site’s files doesn’t protect you from becoming infected again. And again.
Here are a few useful resources for those looking for information on the viruses and how to clean them up:
WordPress Hacked | Case study – Cechriecom.com
Hackers Crack Into Shared Hosting WordPress Blogs – Here Are Some Fixes – Web 2.0 And More
What has your experience been?
Has your site ever been hacked? Have you been effected by the recent mass-attack on shared hosting WordPress installs?
Great information, Erica.
Too bad we even need it, but that's just how it is. I manually installed WordPress when I began blogging because I did not know about the Cpanel installations at the time. Perhaps that was a good thing, knock on wood (hitting head now).
For the technically challenged, the Cpanel is the way to go. What's your feeling on that method followed up by the installation of the WP Security Scan plugin? Would you recommend skipping the Cpanel installs altogether?
That must have been a real pain for you recovering those sites.
I really wish it was as easy as doing a manual install to not get hacked. GoDaddy, Network Solutions and others had systems compromised by poor security policies – cloud has the same issues. Not trying to scare you but want to make sure you don't get too comfy thinking you're protected. Contact @nathansmith and ask what happened to him…
I'm available if you have any security questions regarding WP, Drupal, etc.
Thanks.
Hi Erica,
Very nice post, this makes me unsure about using wordpress as i have seen or read lots and lots people are being hacked. Indeed i am trying everything i can to harden my wordpress blog and i do hope i will never be hacked!
Check out this blog post from one our hosting customer, Page.ly:
http://blog.page.ly/2010/04/how-secure-is-your-…
Jimi,
I'm no pro on security measures, but I do think that installing the plugin will benefit those who have a Cpanel install already running. I also recommend editing your wp-config.php file to include some security keys.
You're right about Cpanel installs being simple. I actually love them.
But, in light of all the recent hacks and after my experiences, I will be manually installing for all of my clients who don't already have WP installed.
A pain? More than that! A red in the face, make you physically ill, mad is more like it. By the third infection/10th hour of clean-up (which put me terribly behind on my other projects) I was furious. lol
Chris,
Thanks so much for weighing in. I'm certainly no pro when it comes to WordPress security, just sharing my experiences here.
You have scared me a little.
Perhaps you would like to share a guest post on WordPress security or on hosting in general?
Mrs Moody,
This WordPress hacking is scary stuff isn't it? What I found really unsettling was the fact that the hacks occurred across multiple hosts AND platforms. It's not just a WordPress hack. Someone is accessing databases and infecting the contents. Tsk tsk.
If you're wanting to secure your site, do a couple Google searches for WordPress Security and you'll find plugins and tutorials for keeping your site up to date and safe!
True Erica, i have been doing some google research since the day one i read in lots of forums about how much people are already hacked. The scary sentence i have ever read was “sooner or later your wordpress blog will be hacked” ugh..that keeps bugging me. So any articles about securing wordpress are valuable.
Hey Chris,
Thanks so much for the link, just read it. So many stuff to do indeed. I am nervous
Erica,
Didn't mean to scare you.
I'd love to do a guest post for your site.
I totally agree the standpoint of upstairs, and I believe this will be a trend. I often come this forum , rom here I learn much and know the newest tide! the content here constantly update shoe and I love it! Another I know some websites which often update their contents, you guys should browse if you are free. htttp://www.scarf8.net
Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good information we can learn in this forum!
http://www.mbt-outlet-store.com/mbt-women-shoes.html
Well , the view of the passage is totally correct ,your details is really reasonable and you guy give us valuable informative post, I totally agree the standpoint of upstairs. I often surfing on this forum when I m free and I find there are so much good information we can learn in this forum!
http://www.mbt-outlet-store.com/mbt-women-shoes.html
I’ve been thinking about starting a blog or two for the very first time ever. I’ve been considering this for months and months, but have been delayed by the security issues experienced by Blogger and WordPress users and all the others. I was really excited about my ideas for blogs, but it doesn’t seem worth it. I don’t need to have my name attached to a site with infected links, etc. It’s very discouraging.
Steve
Erica, this is scary stuff especially since you mention Go Daddy which by the way I know you’re not blaming them but the Cpanel installs. Is there a way to tell which way it was set up? I had mine done with a package deal.
I tried to open Chris Drake’s link below and the reply shows results. Hey Chris where’s that guest post? Just kidding, I know we’re all busy. Just starting in the Word Press arena so I’ll have to get these protections in place.
Thanks much,
Scott
No, I don’t think there’s really a way to tell which way it was installed. My biggest suggestion would be to make sure you don’t have an ‘admin’ username. If that’s what you’re using, set up a new one with something unique, delete the ‘admin’ one, and transfer the attribution of all posts to the new user.