OK, you may probably be thinking that this is yet another “article” about WordPress security. That’s about right actually as I do have quite a few of them here already. Nonetheless, this post will provide more alternatives on how to protect your WordPress site and go a step further, that being how to “clean up” your site in case it gets hacked (true case study).
To avoid being repetitive about what you need to do and not to do, I suggest you read the following articles when you get the chance. From these articles you will learn the essentials of securing your WordPress sites, such as making backups, using strong passwords, making use of free CDN services, and never using “admin” as your username, among other things.
- WordPress Security For Blogs and Small Business, Why care?
- Best Security Plugins For WordPress, Protect Your Online Business
- About malware and hacked sites – Google’s Official Hack Help Site
Now for the case study..
My Blog is “Tiny” and They Don’t Care?
Wrong. Just to give you an example, recently a mom-blogger emailed me asking for help. Anyway, her blog has been injected with the MW:SPAM:SEO hack. The result was that Google marked her site as being compromised. Her source code had links pointing to other sites about that “blue pill that starts with a V.., among others”. This was made possible by an installation of a lesser known plugin that had the malicious code in it. The malicious code altered some WordPress core files and finding them was no easy task, until…
WordFence Plugin to the Rescue
This plugin literally helped me fix the issue. After running a scan with WordFence, minutes later it detected the malicious code on one plugin and the core file that was altered. From there, it asked me if it was an authorized modification or not. In this case, they were not authorized modifications, so I opted to restore the original WordPress core file and the plugin responsible for injecting the code. Seconds later, voilá, WordPress core file restored and malicious code gone. Some days later, the message from Google saying “site may be compromised” was no longer there. Cool!
So about WordFence…
Wordfence Security is a free enterprise (premium version available) class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
Wordfence is now Multi-Site compatible and includes Cellphone Sign-in which permanently secures your website from brute force hacks.
Wordfence is part of Feedjit Inc. which is based in Seattle, Washington. Wordfence was founded by Mark Maunder and Kerry Boyte who have over 40 years combined experience in Software Engineering and CyberSecurity
OK. Did you notice that part that is bold? Does it really work? Well, I’m telling you right now that it does. That is how I fixed the mom-blogger’s issue.
Here’s a quick demo. I’m not going to mention every feature here as there are simply too many of them. Just head over to their site and WordPress repository and from there you will find all the documentation info you need about WordFence.
Just a side note. Please don not neglect your WordPress sites security. You may think that no attempts are being made on your site, but truth to be told, I am convinced that it is in one way or another. WordFence helps you protect your site, but as with anything else, is not a full proof 100% guaranteed protection. It makes the job of hackers more difficult, and that is what you are aiming for. If for some reason WordFence can not help you get rid of problems, you may want to seek for professional help.
That’s it, and be safe! Have you tried WordFence before? What security measures are you using?