Symptoms of Malware
Over the past few weeks I’ve noticed a few WordPress sites that I host (on Dreamhost) and manage were magically infected with some malware. In my case there were a few signs that this happened.
- Random redirects while watching the files load in the browser.
- The WP dashboard lost all of its styling
- Google Chrome would not load the site because it contained malware
- Changed the FTP owner for all files. You could take this one step further and create an FTP user for each one of your domains.
- Changed the WP database password. This has to be changed on my host and wp-config file.
- Created new Authentication Unique Keys and Salts.
- Changed the permissions of certain directories and files. The .htaccess is a must change!
- Enabled SFTP for editing and transfering files. You could always get an SSL certificate for an additional layer of security.
Activated the Following Plugins
Exploit Scanner – Scans your WordPress site for possible exploits. Password Reset Removed – […] want to remove the password reset/change option from WordPress, then this is what you have to do. WordPress Firewall 2 – This plugin intelligently whitelists and blacklists pathological-looking phrases, based on which field they appear within, in a page request (unknown/numeric parameters vs. known post bodies, comment bodies, etc.). Limit Login Attempts – Does what it says.
After writing the draft of this post I found another blog post from wplift recommending Better WP Security and coincidentally, it does everything that the above plugins do (with the exception of Password Reset Removed) and more!
Better WP Security – My Favorite Features
- Scheduled database backups. Backups can also be emailed!
- Email notifications for file changes.
- System status dashboard.
- Easily activate new features with a simple check of a check box.
- Intrusion detection and email notification.
Better WP Security – My Least Favorite Features
- Tons of options – this can be overwhelming at first.
- A lot of red text warning you that activating a certain feature could impact your theme or other plugins.
- I wasn’t able to get the “Hide Backend” feature to work, oh well.
Additional References and Resources
- Dreamhost Discussion Thread – “Sites Hacked“
- WordPress Security: Best Practices, Free & Premium Plugins
- Sucuri Security – I used this to scan my website and narrow down my search for malware