Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 117
  • Last Modified:

Why did malware hit my website?

Last year I paid someone to re-create a website for me. The person used Word-Press to make the site and siteground to host the domain (not real sure on that terminology).

Recently there was malware that was somehow put onto the site. Google doesn't allow people to go to the site because it considers it a dangerous site.

Does a site made through WordPress more prone to malware such as this? The guy who made the site is now asking for a couple hundred bucks to take the malware off.

I am wondering if I should not use word press anymore due to security issues. Would another option be more secure? Is wordpress more susceptible to this?

Is there anything else I can do to protect this from happening in the future?

Thanks! Any advice would be great.
0
cansevin
Asked:
cansevin
3 Solutions
 
Jason C. LevineNo oneCommented:
WordPress Itself is secure as long as you keep it up to date.  What can be insecure are themes and plugins installed by yourself or your designer when their isn't a full understanding of what you are installing and from where.

It is also possible that WordPress is not to blame, and a different security flaw was exploited on the server and an attack script deployed that targets WordPress sites specifically because of its popularity.

While everyone will have an opinion on what is or isn't more secure, the fact is that security is only as good as the operator.  If you move to Joomla or Drupal and still don't know what you're doing, you are just as likely to be hacked.  Whereas a competent operator is less likely to be hacked because they take certain steps to make themselves less easy of a target.

I've written a more in-depth article here:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html
0
 
Lucas BishopClick TrackerCommented:
Most likely culprit would be outdated Wordpress version or an outdated plugin installed inside of Wordpress. Lax folder/file permissions on the site could also be a potential weakness. You'll need to log into the WP admin panel on a regular basis (weekly) to see if there are new updates available that need to be installed.

Take a look at Jason's article as it provides in depth information on resolving the issue. I second the recommendation for installing Wordfence.

In order to get your site removed from the "spam-dex" in google, you'll need to fix the issue and then submit a request to review the fixed site. You can do this via a webmaster tools account. Under the "Security Issues" section, you'll be able to review the specific reasons why you are seeing an alert via Google and you'll be able to Request a Review to get your site accessible via Google again.
0
 
Sean JacksonInformation Security AnalystCommented:
Wordpress is a great tool, but like every other thing that should be considered when trying to secure your data, it is not a "set it and forget" solution.  It's built out of many different parts, and each additional functionality you add opens up yet more parts and connections.

You must have someone retained that will monitor trends in the wild and keep your software updated. Wordpress regularly has updates that address security concerns.

You should consider having your site tested for vulnerabilities so you can know what your programmer may have left open, and you can then address those issues.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now