Why did malware hit my website?

Last year I paid someone to re-create a website for me. The person used Word-Press to make the site and siteground to host the domain (not real sure on that terminology).

Recently there was malware that was somehow put onto the site. Google doesn't allow people to go to the site because it considers it a dangerous site.

Does a site made through WordPress more prone to malware such as this? The guy who made the site is now asking for a couple hundred bucks to take the malware off.

I am wondering if I should not use word press anymore due to security issues. Would another option be more secure? Is wordpress more susceptible to this?

Is there anything else I can do to protect this from happening in the future?

Thanks! Any advice would be great.
cansevinAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Jason C. LevineConnect With a Mentor No oneCommented:
WordPress Itself is secure as long as you keep it up to date.  What can be insecure are themes and plugins installed by yourself or your designer when their isn't a full understanding of what you are installing and from where.

It is also possible that WordPress is not to blame, and a different security flaw was exploited on the server and an attack script deployed that targets WordPress sites specifically because of its popularity.

While everyone will have an opinion on what is or isn't more secure, the fact is that security is only as good as the operator.  If you move to Joomla or Drupal and still don't know what you're doing, you are just as likely to be hacked.  Whereas a competent operator is less likely to be hacked because they take certain steps to make themselves less easy of a target.

I've written a more in-depth article here:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html
0
 
Lucas BishopConnect With a Mentor Click TrackerCommented:
Most likely culprit would be outdated Wordpress version or an outdated plugin installed inside of Wordpress. Lax folder/file permissions on the site could also be a potential weakness. You'll need to log into the WP admin panel on a regular basis (weekly) to see if there are new updates available that need to be installed.

Take a look at Jason's article as it provides in depth information on resolving the issue. I second the recommendation for installing Wordfence.

In order to get your site removed from the "spam-dex" in google, you'll need to fix the issue and then submit a request to review the fixed site. You can do this via a webmaster tools account. Under the "Security Issues" section, you'll be able to review the specific reasons why you are seeing an alert via Google and you'll be able to Request a Review to get your site accessible via Google again.
0
 
Sean JacksonConnect With a Mentor Information Security AnalystCommented:
Wordpress is a great tool, but like every other thing that should be considered when trying to secure your data, it is not a "set it and forget" solution.  It's built out of many different parts, and each additional functionality you add opens up yet more parts and connections.

You must have someone retained that will monitor trends in the wild and keep your software updated. Wordpress regularly has updates that address security concerns.

You should consider having your site tested for vulnerabilities so you can know what your programmer may have left open, and you can then address those issues.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.