Just last week a report came out that said that 25% of all websites on the internet are now powered by WordPress making WordPress the most used website platform on the market.
But with that has come some problems, with most any popular software, it has become the target of hacking.
Last year, around February, one of the site we manage became compromised. The weakness, as in most cases, was one of the plugins. A Trojan horse was introduced within the site that slowly started creating malicious code one file at a time. It wasn’t until May that the site started to have issues. At first, we didn’t know what was the problem, so we used an older back-up that seemed to fix the problem. The problem was, the Trojan horse had just infected the site with that back-up, so the cycle repeated.
In August the site went down this time. I was able to get it restarted with an older back-up, but we started to look deeper when we spotted the malicious coding. We installed a plugin called “Wordfence”.
Wordfence is an incredible plugin. When we first installed it, it located all the files with maleicious code and we were able to prompt it to update that page with a clean file that was not infected from the most recent WordPress, or if it was a plugin or theme file, we could use an older back up that had not been infected. With a little work, we were able to fix all the files without loosing any data!!
Wordfence will also inform you when someone logs into your admin area or makes several failed login attempts. You can also then block those ip addresses so they no longer have access to your website. With the paid version, you can also block you site by country.
At the beginning of 2015, we were pretty lax about what kind of security we placed on our websites, but now we use 3 primary plugins to target unwanted visitors to our sites.
- Wordfence – Which we have talked at length about.
- Bulletproof, which does a great job of locking down your htaccess files and much more.
- Lastly, either Anti-Spam by CleanTalk which a paid plugin and very effective to eliminating spam or any variety of free spam protection plugins