[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Wordpress site with BlueHost

I have a customer that has a WordPress site hosted on BlueHost but everytime you bring it up, it says this file or that is infected with a virus.  How do I go about cleaning this up?  I do have admin rights to the site now.
0
Daren Anderson, MSIS
Asked:
Daren Anderson, MSIS
1 Solution
 
Jason C. LevineNo oneCommented:
There's a bunch of different things you need to do.

1) You need to determine what file or files are infected.  

Before any fix, you have to figure out how the virus is being spread.  Usually one or more wordpress core or theme files get modified via a shell exploit to serve up malware but an attacker can also insert code into the database if s/he figures out how to do that.  So step one is examining all theme files, core files, and content entries looking for the bad code.  http://sitecheck.sucuri.net/scanner/ can help with this

2) You need to harden WordPress

First, make sure all plugins and themes and WordPress itself are patched and at the latest versions.  Then, harden your installation by following suggestions laid out here:

http://codex.wordpress.org/Hardening_WordPress

3) You need to determine how you were compromised

There are three broad vectors of attack against a site:  

a) A poorly coded theme or plugin is exploited
b) Poor passwords on the hosting account get brute-forced
c) The ISP is not serious about security and gets hacked and users gain root control over servers

You figure out a) and b) via a little research but if the problem ends up being c) then move to new hosting.
0
 
gwkgCommented:
Older plugins using timthumb.php have been a big cause of recent exploits.

I had a problem with a site that kept injecting buy Viagra links and I couldn't figure it out no matter how hard I looked.  In the end it was just easier for me to export the posts, delete the database, re install WordPress and import the posts.

But marked as infected with a virus is a little more serious than my spam links.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now