Solved

Why did malware hit my website?

Posted on 2015-02-16
3
95 Views
Last Modified: 2015-02-20
Last year I paid someone to re-create a website for me. The person used Word-Press to make the site and siteground to host the domain (not real sure on that terminology).

Recently there was malware that was somehow put onto the site. Google doesn't allow people to go to the site because it considers it a dangerous site.

Does a site made through WordPress more prone to malware such as this? The guy who made the site is now asking for a couple hundred bucks to take the malware off.

I am wondering if I should not use word press anymore due to security issues. Would another option be more secure? Is wordpress more susceptible to this?

Is there anything else I can do to protect this from happening in the future?

Thanks! Any advice would be great.
0
Comment
Question by:cansevin
3 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 167 total points
Comment Utility
WordPress Itself is secure as long as you keep it up to date.  What can be insecure are themes and plugins installed by yourself or your designer when their isn't a full understanding of what you are installing and from where.

It is also possible that WordPress is not to blame, and a different security flaw was exploited on the server and an attack script deployed that targets WordPress sites specifically because of its popularity.

While everyone will have an opinion on what is or isn't more secure, the fact is that security is only as good as the operator.  If you move to Joomla or Drupal and still don't know what you're doing, you are just as likely to be hacked.  Whereas a competent operator is less likely to be hacked because they take certain steps to make themselves less easy of a target.

I've written a more in-depth article here:

http://www.experts-exchange.com/Web_Development/Blogs/WordPress/A_10806-Recovering-From-and-Preventing-WordPress-Site-Hacks.html
0
 
LVL 16

Assisted Solution

by:Lucas Bishop
Lucas Bishop earned 167 total points
Comment Utility
Most likely culprit would be outdated Wordpress version or an outdated plugin installed inside of Wordpress. Lax folder/file permissions on the site could also be a potential weakness. You'll need to log into the WP admin panel on a regular basis (weekly) to see if there are new updates available that need to be installed.

Take a look at Jason's article as it provides in depth information on resolving the issue. I second the recommendation for installing Wordfence.

In order to get your site removed from the "spam-dex" in google, you'll need to fix the issue and then submit a request to review the fixed site. You can do this via a webmaster tools account. Under the "Security Issues" section, you'll be able to review the specific reasons why you are seeing an alert via Google and you'll be able to Request a Review to get your site accessible via Google again.
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 166 total points
Comment Utility
Wordpress is a great tool, but like every other thing that should be considered when trying to secure your data, it is not a "set it and forget" solution.  It's built out of many different parts, and each additional functionality you add opens up yet more parts and connections.

You must have someone retained that will monitor trends in the wild and keep your software updated. Wordpress regularly has updates that address security concerns.

You should consider having your site tested for vulnerabilities so you can know what your programmer may have left open, and you can then address those issues.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The purpose of this video is to demonstrate how to set up an RSS Feed on a WordPress Website. This will be demonstrated using a Windows 8 PC. Feedburner will be used for this demonstration. Go to your WordPress login page. This will look like the…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now