Earlier this year one of our client WordPress sites became infected with malware. What was particularly alarming about this was that visibly it was not apparent to someone visiting the site. However crawling the site made it apparent that something was amiss with various pages on the site. Google began delisting pages on the site because of the malware. Looking to our backups as a fix was not feasible because it was evident the malware had been on the site for at least several weeks. Input from the PANMA community was invaluable in helping us craft a Linux script to scan the site and identify and remedy infected code. What was the lesson? Not keeping WordPress core and plugins up to date was the source of the vulnerability that led to the malware. We now have our clients host their sites with managed WordPress providers that handle these critical updates.

Recently, our colleague Ezra Alexander of lucidCircus shared a checklist of security measures his company uses for their WordPress sites, as well as corrective measures they use for infected sites. Clearly the most important action one can take to prevent infection is to keep WordPress core and plugins up to date. Below I share Ezra’s recommendations:

  1. Install the Wordfence plugin and running a security scan, if you have not done so already.
  2. Use strong passwords. Any password that is in the dictionary is useless.
  3. If there are issues with your site then you need to harden your WordPress.
  4. If your site has been infected, here are steps to follow to remedy the infection:
    1. Delete all infected files via Wordfence
    2. Change User logins (change admin to something else)
    3. Change DB pass
    4. Change FTP pass
    5. Change salts in WP Config (https://api.wordpress.org/secret-key/1.1/salt/)
    6. Delete unused plugins
    7. Delete unused themes
    8. Delete spam comments
    9. iThemes Security (https://wordpress.org/plugins/better-wp-security/)
    10. Run an Exploit Scanner

The proliferation of WordPress sites has made them a prime target for hacking and malware. An infected site likely has consequences with your listings in Google. Cleaning the site is time consuming. If you haven’t updated your core files and plugins, take the time now.