7 Steps To Recover Your WordPress Website After Malicious Script Or Virus Attack
“WordPress is one of the most popular content management systems (CMS) Used by more than 60 million websites, including 33.6% of the top 10 million websites as of April 2019.” ~ Wikipedia
As one of the most popular CMS solutions, WordPress is also one of the most targeted and attacked CMS solutions. There were many WordPress vulnerabilities in 2007, 2008, and 2015; however, with time the platform has become one of the most secure CMS solutions.
The Internet is becoming more vulnerable with each passing day, and if you are not leveraging the latest security measures for your website there is a high risk of experiencing a security breach! Website owners should ensure the security of their website by applying the latest security measures available for their platform to avoid security breaches, malicious scripts, or virus attack. There are many blog posts and articles published on the web on the subject, including an article we previously shared with the community, 15 HANDY TRICKS TO SECURE YOUR WORDPRESS WEBSITE.
There were many WordPress vulnerabilities reported in 2007, 2008, 2013, 2015, and 2017, some of the well-known issues were as follows:
In May 2007, 98% of the WordPress blogs were at risk because of outdated and unsupported versions of the software.
In June 2013, some of the 50 most downloaded plugins were vulnerable to common web attacks such as code injection and Cross-site scripting (XSS).
In March 2015, many security experts and SEOs reported vulnerabilities for Yoast (a renowned SEO plugin).
In January 2017, Sucuri found the vulnerability in the WordPress REST API.
7 Steps to keep your WordPress website secure from Malicious Scripts and Viruses:
Always Keep your WP Version Updated to the Latest Available Release: WordPress always keeps on improving its security with the latest security metrics. Always match the latest security parameters with thelatest version, avoid silly loopholes like this.
Plugins – Upgrade Active Ones, Remove Unnecessary and Outdated Ones: This is one of the most crucial steps to recover your WP website, outdated or malicious plugins can ruin your website in a minute. Outdated plugins can be a reason for the malicious script as we have already experienced it. Always check and read reviews before using any WP plugins. Additionally, keep them up to date to avoid any security breach in your website coding. Warning: Do not ever use the cracked plugin, they can just create a mess in a minute for your website through malicious attacks.
Add Sucuri Security Plugin to Your WP website: It is a free WP security plugin, developed by globally recognized authority Sucuri Inc. This plugin strengthens your existing security methods including security activity auditing, file integrity monitoring, remote malware scanning, blacklist monitoring, effective security hardening, post-hack security actions, security notifications, and website firewall (premium).
Restore the Uninfected Backup of Your Site: Always keep your website backups up-to-date so that you can remove any severe malicious scripts or viruses by restoring your site to a pre-attacked backup of the site. Having hosting provider’s strong support services is a major advantage, we recommend WPengine as a hosting provider as they offer superior backup restoring and support services. Additionally, Wpengine is also one of the most secure hosting providers available on the market. Restoring a backup will simply reinstate your site to a previous healthy version as in most cases it is impossible to identify the code with malicious script. All steps listed below are required to achieve a high-level of security, avoid malicious attacks, and viruses on your WordPress site.
Change the WordPress Admin Login URL and Login Credentials: The most basic versions of your WordPress admin login panel URLs which any hacker or attacker can guess are –
If you are using any of the above admin login URLs you have put your website at risk. Rather than using the default, create custom login URLs similar to the examples listed below –
Creating a personal URL or something not easily guessed will help to avoid any potential attacks. At the time of recovery, website owners must change the admin URL and change all active credentials with newly generated, strong passwords ASAP. The moment a WordPress site is created is the moment it hits the radar of potential hackers!
In order to change the WP login URL path, Rave Digital recommends using the Better WP Security plugin. It has over 30+ ways to secure and protect your WordPress site, and it also works for multisite environments. If a hacker is attempting to hit your website repeatedly, Better WP Security blocks them, avoiding the use of password cracking tools.
Change All FTP Login Credentials: You are not sure how hackers found a way in so you must change all the active FTP login credentials with strong passwords ASAP.
Use Wordfence Security Plugin: This is the most popular WordPress firewall and security scanner. It provides superior security measures including identifying and blocking malicious traffic, real-time firewall rules, real-time IP blacklist blocks, limiting login attempts protection, integrated malware scanner request blocking to just name a few! Note: There was a time when the Wordfence Security Plugin and WPengine were not compatible with each other, but now they are. They also work fine with a multisite setup. Learn more here: Wordfence Now Works on WP Engine, a blog posted by WPEngine on 11th Sep 2019.
If the above methods are not successful, we suggest taking a deep look at your code and Database for eval(), base64_decode() functions that execute or decode PHP code on runtime.
Whether you need to recover your website from a malicious script attack or simply would like to build a secure WP site from scratch, Rave Digital’s expert WordPress development team is the best choice! Stay tuned for more web development and website improvement articles!