Blogging is supposed to be fun but it isn't always like that. If you are hosting your own blog there is a great chance that one day a hacker may decide to target your site.
I recently wrote how my WordPress blog was hacked and seriously compromised. This is a very important topic, so I am giving it extra attention.
As good as it is, WordPress still has security issues. Upgrading to the latest version is a must if you want to lower the risk of getting your site hacked. Version 2.6 WordPress came out few days ago and if you haven't yet - upgrade. Upgrading is not hard today with excellent plugins like Instant upgrade.
I also found today a useful plugin for WordPress that I am going to recommend. It helps find potential viruses, javascript and iframe injections. The plugin is called WordPress Exploit Scanner.
It's output is fairly advanced. It scans through all files in your WordPress installation and searches for malicious looking code. Basically you want to check if any of the warnings contain links to sites you are not familiar with. If they do you might want to ask an expert about it.
If you are the only registered user of you WordPress blog, turning off "Anyone can register" option in your General settings of the Admin panel is a nice precaution as this was the source of biggest troubles in the past.
Should he trouble still happen, be sure you have at least weekly backups of your blog. WordPress Database Backup plugin will automate this work for you, so no reason not to use it.
Suggested reading:
- How to remove the pesky JS injection virus from your WordPress blog
- Why you need to upgrade to WordPress 2.8.4 immediately (if you haven’t already done so)
- ManageWP gets more powerful
Posted in: WordPress
TAGS:finding wordpress malware, function malware wordpress, howto check wordpress security, malware checker wordpress, malware wordpress, malware wordpress blog, warrior forum, wordpress malware, wordpress malware plugin, wordpress malware scan, wordpress plugins malware, wordpress security, wordpress security malware hack, wordpress theme virus, wordpress themes malware, wordpress virus, wordpress viruses, wordrpress malware
18 Comments
Backing Up is highly important ... because viruses go into your web file in server ... this is big danger.
This is a good plugin to my site. I hope aside from scanning and detecting viruses and malicious script from the site, it would instantly delete them..Yesterday my site was attacked by hackers and left some script which hard for me to identify. I would try this plugin..
Thanks for the info. I have a similar problem on a wordpress site.
i never thougth wordpress viruses were possible, thanks for the heads up.
My wordpress blog is now infected with iframe exploit code... I found some online scanners to track the code.
Just now fixed those infected .php codes ;)
Seem Word press would address this problem more directly .I download a theme from their site virus in it !!
how i can check it? i don't really understand about it
We just released a plugin called WP-MalWatch who's goal is not to be overly scientific but rather to look for the obvious signs. The first version v1.0.2 looks for PHP files in your uploads directory. We've also found an incredible hack blocking technology that we are using.
Help us test and evolve this with your feedback. Yes, we got hacked too and this plugin was inspired by that experience. http://how-to-blog.tv/security/wp-malwatch . Only known issue right now is that it eroneoulsy reports on subdomain installations of WordPress. we'll get this fixed. PHP5 is required.
Great post! Although I strongly believe the word "hacked" is an over statement.
Really... I think it's understatement...
I think people really need to start considering that not all hacks will reveal themselves to the website owner... some of them just destroy your search engine rankings and harvest user data all day long...
Nice post........ my blog is efftected with malware...it seems like i have to work from scrach.. i hope the plugins will help me
Nice Write-up. Thanks.
I always have a problem with my wordpress blog for having malicious content... and sometimes it has a problem connecting to the database!!!
i installed exploit scanner today. hope i can resolve this problem.
thankx for the post... i searched thru google and found this post...
I ran into a problem similar to this one the other day. Firefox asked me to install Adobe Flash Player, even though I already had it installed. I did it and ended up with this XP Antivirus all over my computer. Someone needs to fix this junk.
The bottom of my web pages has links to webhost answers and cash load alongside the wordpress link. Can i eliminate the first 2 and are they a danger to my site?
Wonderful post, just what i was looking for.
And remember: Backup, backup, backup - your site and database.
Excellent find - I forgot to upgrade one of my old blogs and when I checked it yesterday it had been hacked :(