Solved

Why did malware hit my website?

Posted on 2015-02-16
3
109 Views
Last Modified: 2015-02-20
Last year I paid someone to re-create a website for me. The person used Word-Press to make the site and siteground to host the domain (not real sure on that terminology).

Recently there was malware that was somehow put onto the site. Google doesn't allow people to go to the site because it considers it a dangerous site.

Does a site made through WordPress more prone to malware such as this? The guy who made the site is now asking for a couple hundred bucks to take the malware off.

I am wondering if I should not use word press anymore due to security issues. Would another option be more secure? Is wordpress more susceptible to this?

Is there anything else I can do to protect this from happening in the future?

Thanks! Any advice would be great.
0
Comment
Question by:cansevin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 167 total points
ID: 40613399
WordPress Itself is secure as long as you keep it up to date.  What can be insecure are themes and plugins installed by yourself or your designer when their isn't a full understanding of what you are installing and from where.

It is also possible that WordPress is not to blame, and a different security flaw was exploited on the server and an attack script deployed that targets WordPress sites specifically because of its popularity.

While everyone will have an opinion on what is or isn't more secure, the fact is that security is only as good as the operator.  If you move to Joomla or Drupal and still don't know what you're doing, you are just as likely to be hacked.  Whereas a competent operator is less likely to be hacked because they take certain steps to make themselves less easy of a target.

I've written a more in-depth article here:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html
0
 
LVL 17

Assisted Solution

by:Lucas Bishop
Lucas Bishop earned 167 total points
ID: 40613505
Most likely culprit would be outdated Wordpress version or an outdated plugin installed inside of Wordpress. Lax folder/file permissions on the site could also be a potential weakness. You'll need to log into the WP admin panel on a regular basis (weekly) to see if there are new updates available that need to be installed.

Take a look at Jason's article as it provides in depth information on resolving the issue. I second the recommendation for installing Wordfence.

In order to get your site removed from the "spam-dex" in google, you'll need to fix the issue and then submit a request to review the fixed site. You can do this via a webmaster tools account. Under the "Security Issues" section, you'll be able to review the specific reasons why you are seeing an alert via Google and you'll be able to Request a Review to get your site accessible via Google again.
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 166 total points
ID: 40614365
Wordpress is a great tool, but like every other thing that should be considered when trying to secure your data, it is not a "set it and forget" solution.  It's built out of many different parts, and each additional functionality you add opens up yet more parts and connections.

You must have someone retained that will monitor trends in the wild and keep your software updated. Wordpress regularly has updates that address security concerns.

You should consider having your site tested for vulnerabilities so you can know what your programmer may have left open, and you can then address those issues.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question