What is a backdoor in WordPress!

/0 Comments/in

Backdoors are incredibly irritating!

Now, let’s get straight to the point 😉

But what is a backdoor exactly?

A backdoor is a piece of code that allows a hacker or script to gain access to your WordPress admin or server. This can be a file that sends your wp-config data via email or FTP credentials.

Information found in the wp-config file:

Your database information is stored here. If a hacker or script gains access to your database, it can create pages, posts, and even add a new administrator user!

What a hacker or script can do with FTP credentials on your website:

These credentials allow multiple files to be uploaded. These files can then forward login details via email or send spam.

Is there no Dutch equivalent for “backdoor”?

Yes, the Dutch term for it is “achterdeurtje” (backdoor). However, you can assume from statistics that there are more international programmers who develop backdoors than Dutch programmers.

How do you find a backdoor?

The most effective way to find a backdoor is to compare the WordPress core files and the server files. At a NERD level, I know by heart which files should be in WordPress (they often start with “wp-” in the core), so I can easily spot any new files. This is especially useful since hacks are international and tend to have strange filenames.

Why do you keep mentioning a hacker OR script?

When you have an important website, a hacker may make the effort to personally hack your WordPress website and insert a backdoor. However, 95% of attacks on websites and the placement of scripts/backdoors are automated by scripts.

If you have invested a lot of effort into developing a website, maybe even had a beautiful design made by a Photoshop designer and implemented it, you may believe that it’s professionally done and your website won’t be easily hacked. Especially not by some silly robot! But unfortunately, reality is different. Even if the developers and programmers understand WordPress well, security is a whole different world! And I can tell you this from experience. I’ve been developing websites for over 10 years, but every year as I delve deeper into the world of hackers and code, I learn more, and most importantly, I’m amazed by their coding creativity.

I’ve removed the backdoor. Problem solved?

No!! (sorry)

A backdoor is placed through a vulnerability in the plugins, server, or WordPress itself, so it will come back just as quickly as you removed it. Long live the automated digital world…

Can’t WordPress be better secured?

Yes, for that, you need to check which plugins you are using and which ones have vulnerabilities. And if your WordPress is significantly outdated, it needs to be updated.

What do you at WPbeveiligen do against backdoors?

  1. Investigate
  2. Inspect file by file
  3. Reinstall WordPress
  4. Remove plugins and upload them again (just updating won’t remove hack files and backdoors)
  5. Install and configure security and monitoring plugins
  6. Correct file permissions
  7. Check usernames and their permissions
  8. And more, but a hacker doesn’t need to know everything!

Wat is XSS? Alles over: Cross Site Scripting

/0 Comments/in ,

Cross Site Scripting (XSS) becomes possible when forms are not properly closed or do not filter the information you can enter.

The term “XSS” stands for Cross Site Scripting, and it was adapted because “CSS” (Cascading Style Sheets) already existed.

How does Cross Site Scripting work?

When a form does not use “htmlspecialchars,” and all characters entered in an input field can be fully processed, it gives the opportunity to execute PHP on the website/server.

Through XSS, you can issue commands to the server. Consider what you can do with that capability—modifying, saving, executing files, and other tasks that are typically limited to website administrators.

What are the disadvantages if someone successfully executes Cross Site Scripting on your website?

  1. Your website’s appearance can be modified.
  2. Pages that were meant to be private or for paid users only may become visible.
  3. Information from you and your visitors can be stolen (e.g., information in cookies).
  4. Phishing code can be added to your site, resulting in a quick Google ban.
  5. Trojans can be offered to visitors’ computers without your knowledge.
  6. Keystrokes on the keyboard can be logged (e.g., what you type when logging into your bank’s website).
  7. Your browser can crash due to a forced error overload.
  8. And more…

Beyond website modifications, XSS also impacts your browser/computer

– Through the browser, the webcam can be activated, and a recording started.
– Listening through the microphone is possible.
– Files can be saved.
And so on…

I’ve never encountered XSS as a visitor to websites… have I?

Have you seen the popup: “Do you want to leave this page?” In many cases, you can click [x] to close it. However, if you cannot close it and you find yourself on a website that isn’t very trustworthy, assume that there are pieces of code under the “leave page” and “go back” buttons that you’d rather not execute on your PC.

In such cases, it’s best to close the browser completely! (Use Task Manager in Windows to end the browser process)

How do I prevent XSS issues on my WordPress website?

You can check the WPscan database to see if any of your plugins have vulnerabilities.
Keeping WordPress up-to-date is essential, especially if it’s not properly secured. WordPress sometimes updates twice a month when Cross Site Scripting vulnerabilities are found!

The best practice is to ensure that your WordPress website is secured. When your website is secure and a hacker or script cannot easily place or modify files, you prevent a significant portion of potential issues.

A spam file in my site, fortunately no problem?

/0 Comments/in

Sometimes, as web programmers, we are unaware if a problem lies with our internet connection or the website itself, leading to a slow website loading time of 5-10 seconds.

How to Find the Cause

You can easily identify the cause using the website http://tools.pingdom.com/ (free at the time of writing). After entering your website address, you’ll see global information, the number of requests, page load time, and page size at the top of the website.

speed test

What Slows Down Your Website?

The website’s speed depends on the slowest file, causing delays.

Fortunately, the mentioned website also shows how long it takes to load a file and the file’s size. By comparing this information, you can identify whether the issue is due to a large file or slow code execution.

 

Errors in code and files not in the right location consume significant loading time on the server.

A fantastic tool to test your website and determine which files need optimization!

And for programmers…

Using Google Chrome’s Element Inspector

You can also see the website’s speed using Google Chrome’s element inspector, found under “Network.”

speed inspector chrome

Now that you know how to identify the cause of slow loading, you can optimize your website.

Tips to Speed Up Your Website

  1. Create appropriately sized images using Photoshop.
  2. Deactivate and remove unused plugins.
  3. Review errors with the element inspector and fix them.
  4. Ensure links to files are correct.
  5. Enable a caching plugin like WP Super Cache.
  6. Use a security plugin to ban bots (fake visitors).
  7. Load as much code as possible from your own domain instead of external sources.

Less is more!

Hacking the text editor in WordPress

/0 Comments/in

Hackers, click away. We’re not going to teach you how to hack WordPress!!

Now that the hackers are gone, let’s continue with this article.

The text editor hack

A common hack, you see nothing on the page and nothing in your editor.
Until you click on the Text editor tab! Suddenly, there’s ugly code.

Don’t be mistaken, this code is carefully chosen and does more to your website than you want to know.

  1. That piece of ugly text/code can make visitors see an iFrame.
    That’s an entirely different website that appears on top of your website.
  2. That piece of ugly code can redirect visitors to another website.
    For example, the hacker’s webshop.
  3. That piece of ugly code generates descriptions in Google.
    Think “Buy ….. at www…..nl”
  4. That piece of ugly code can turn any word into a link.
    Links to a criminal’s webshop.
  5. And much more!

With JavaScript on your website or on various pages, almost anything is possible!

You don’t want that code in your pages. Especially not secretly, as you may only notice it months later.

How can you find out if you have that ugly code in your website?

Simply check the text editor. (Or database table: wp_post)

How can you prevent that ugly code from getting into your website?

Unfortunately, that code is very easy to inject through a database query. Through an XSS, a vulnerability in a plugin, and 30 other ways.

So,

  1. Regularly update your website
  2. Don’t use too many plugins
  3. Use strong passwords
  4. Install an Antivirus plugin for WordPress that prevents injections, hacks, and hackers (Configure it properly!!)
  5. Keep only the theme you’re using on the server
  6. And lastly, but the first thing you should do now: back up your website!

If you’re having trouble, hire us. It will save you a lot of headache and time, and you’ll know that your website is in professional hands.

What is the CoinHive hack?

/0 Comments/in

CoinHive is a script written in Java. Nothing wrong with that.
This script makes it possible to “mine” Cryptocurrency which you can convert into real money.

Mining is done by having a computer’s CPU or GPU perform calculations.
In short, mining is not free and therefore costs power and computing power of a computer.

The CoinHive is illegally used by hackers

Where it goes wrong is if hackers can get the script into your website.
Then there are several options:

  1. The script prompts the server to calculate Cryptocurrencies
  2. The script puts the visitor’s computer to work for the calculation (Mining) of cryptocurrencies

And that is of course a crime. But very lucrative for the hacker.
Imagine being able to put 10, 20 or even 100 computers to work to calculate Cryptocurrencies.

How can a hacker insert a CoinHive into your website unnoticed?

There are several ways to do that. We will not discuss them in detail, but give some examples that have been known for years.

  1. Via a leak in your website, such as a leak in a plugin, a theme or in WordPress itself.
  2. By offering a pricey plugin “for free”, with the CoinHive code inside.

Don’t you notice that CoinHive is in your website?

No, a hacker changes the code every time so that the server and security do not recognize it. There are also various methods to make this unreadable.

When you notice.. you’re too late.

A block in Google

That’s when Google blocks your website because “your website is infected with Malware”. That is a collective name that Google uses to indicate that there are hacks in your website.

Antivirus Software Blacklisting

Antivirus software such as Northon, Kasperski, AVG, McAffee will detect the CoinHive on the visitor’s computer, which ensures that the website is blacklisted by the antivirus software after several reports.
Visitors with that antivirus software are then stopped from visiting your website or receive a notification when they visit your website.
This also shows the importance of good antivirus on your PC or laptop!!

Prevent CoinHive hack from entering your website

Make sure your plugins and theme + WordPress are up to date. If a leak is known, the developers often provide an appropriate security update. So you have to make those updates regularly.

Make sure that hackers’ common tricks and hack scripts don’t work on your website. You do this by installing and properly setting up a security plugin.

What if you already have a CoinHive hack in your website?

Then you can approach us, we have the experience and expertise to fully remove the hacks.
Not only removing the hacks is a necessity, but by fixing the leaks and the backdoors we ensure that the CoinHive hack cannot come back.

How we find and remove a WordPress hack

/0 Comments/in

If your WordPress has been hacked, you can assume that a file or piece of code has been placed in the website with which the hacker can send spam or show advertisements on your website.

There are currently 1000s of hacks developed by malicious people, the so-called hackers.
Every hack is written differently. This is to ensure that scanners do not recognize them.

How do we find that code or file among hundreds of WordPress files and all the code of plugins and WordPress?

We have various techniques with which we detect and remove hacks in WordPress

We will explain to you which methods we use to find hacks:

  1. Using the Wpsecure Detection (Plugin)
  2. We check the server in a structured way
  3. We use software that makes reading code easier
  4. We use the knowledge and experience we have built up over the past years
  5. The purpose of the hack betrays the placement
  6. We determine whether it is manual work or automation

1. Using the WPSecure Detection plugin

The WPsecure Detection plugin that we custom made scans the server and shows if there are Eval, Base64 or iFrames in the website.
Some plugins and themes also use this coding, but it’s mostly typical of hack scripts!

We check the line that follows a base64/eval line and recognize the illegal piece of code. (A matter of experience)

2. We check the server in a structured way

Folder by folder, file by file. We structurally check every folder for files that don’t belong there.
Since we have been working with WordPress for years (Since 2007) we know which folders should contain php files and which should not, we also recognize the names, junk folders and other tricks.

We check the website at file level with a checklist in which we tick which folder/files we have checked. This way we know for sure that every folder has been checked.

3. Additional software

With various programs (such as Notepad++) we can the code color reading, this makes it easier for us to read the Read important pieces of code carefully. Both file-by-file comparison and searches are among the methods to find hacks.

4. Knowledge and experience

By cleaning WordPress websites every week and working with WordPress since 2007, we know how hackers work.
We have set up, repaired and secured hundreds of WordPress websites. On various server environments.

5. The purpose of the hack betrays the placement

If there are links in the texts, you can assume that it has been placed in the content. If you can see outside the text, think of the header or footer, you can start the search in the theme.

6. We determine whether it is manual work or automation

We quickly see whether it is an automated hack script or whether someone has actually been involved in hacking the website.
With 999 out of 1000 websites, the work is automated, which means that a leak in the plugins, the theme or in an outdated WordPress version has given access to the server.

isn’t there a one-click fix?

You would expect that there are programs that detect and remove the hacks with 1 click.
Unfortunately this is not the case.

Hackers change their scripts, viruses continuously, so that a scanner will not recognize the hack.
Software simply cannot determine whether a line of code in a plugin, theme, or your WordPress core files is good or bad.

Did you know? 1 file can restore all hacks..

A hacker can use 1 line of code to ensure that backdoors, spam scripts are restored immediately after removal. That is why many web designers, server administrators and programmers cannot get rid of the hacks. They remove the consequence, but the virus remains in a different location on the server.

The hack spreads and is most likely to continue to function.

The challenge

As you may have read, there are several challenges in finding and removing hacks.
When you put us to work, we are working for a few hours, and we carry out various checks.
After that, we regularly check/monitor the website so that you are sure that you are rid of the hacks.

We guarantee that you will be rid of the hack within 10 to 48 hours, and stay that way!

Do you have a hacked WordPress website? Have your website hack-free now!

Help my WordPress has been hacked!

/0 Comments/in

You may have spent a lot of money to have a website built for your business in WordPress.
Or you have invested a lot of time yourself to set up a website with WordPress.

And then.. your WordPress website is suddenly hacked

How is that possible?

  1. Is the WordPress website not well made?
  2. Is someone targeting your website?
  3. Has the credentials been leaked?

99.9% of all WordPress websites are hacked by a virus, script or malware

These are programs that test and hack thousands of websites at the same time. Without even one person involved.

Is WordPress that leaky then?

No, WordPress is not the problem.

The problem is the plugins that are used.
The plugins are not always updated and the programmers do not always keep the plugins secure.

Plugins are often the cause of your hacked WordPress website

Hackers can download many plugins for free and test them for security vulnerabilities.

When hackers have found a security vulnerability in the plugin, they write a script that checks large numbers of WordPress websites every day for the presence of those plugins, after which an injection or command takes place through that plugin.

Viruses can perform injections and commands via plugins (Technical)

Injections? Assignments?
Those are the terms that describe how a virus, script or piece of malware works.

The injection
Via the leaky plugin, all unwanted data is injected into your database or on the server in one go.
It only takes a virus 1 second to put advertising in ALL your pages and posts – hence the injection.

The assignment
A virus can give commands to the server via a leaky plugin. In this way, various files containing malware can be placed.

Think of malware that encourages your server to spam other websites or email addresses of people.

My WordPress website has simply been hacked, what can I do?

You must reverse the consequences of a hack, then you must secure the WordPress website so that it cannot happen again.

We do this 7 days a week, we remove the hacks and secure WordPress websites for a fixed affordable rate.
With warranty. Click here if you want your website quickly repaired and secured by WordPress professionals.

wordpress zelf herstellen

repair wordpress yourself

Repair your hacked WordPress website yourself

The step-by-step plan to restore your hacked WordPress website:

  1. Determine the date your website was hacked
    When was the aforementioned injection or command executed?
    You can see this from the modification date of files on the server, if that is not clear you can use your own insight.
  2. Restore a backup of at least 1 week before the hack took place
    You may be able to restore a backup from when your website has not yet been hacked.
    Some web hosts store backups of your website, sometimes 1 week but sometimes 1-2 -3 months.
    Keep in mind that a backup is a step back in time, so news items, users, woocommerce purchases and the like are NOT up-to-date with the old backup. Therefore, make a backup of this moment before you restore 1.
  3. Check the website for suspicious files and activities & back doors
    – Check which files are on the server, whether they belong there.
    – Check which users have administrative rights and whether this is correct.
    – Remove back doors.
    Backdoors are regularly installed, even before a hack actually becomes visible. That backdoor is literally an open door for the malware to be able to execute the injection and commands again.
  4. Update your WordPress, plugins and theme
    Make sure everything is up to date.
    TIP: We often completely replace the plugins and WordPress completely on the server for new downloads, so you can be sure that there are no unwanted files or lines of code on the server.
  5. Submit your website to Google webmaster tools
    In Google’s webmaster tools, go to the security center and see if the website is not known as hacked there.
  6. Check your website for free at Sucuri
    Scan your website with the Sucuri Malware Scanner

Is your hacked WordPress website now hack-free?

If your hacked website is now hack-free and you are sure that hacking bots cannot access your website, the protection begins.

  1. Check your plugins for security vulnerabilities
    On wpvulndb.com is a search tool that can help you find out if your plugins are currently leaking. Or that they have often been hacked in the past. If a plugin is unsafe, choose an alternative.
  2. Install and configure a security plugin
    A security plugin stops many hacking bots. It is important to set it up properly, so take your time.
  3. Monitor your website weekly or at least once a month
    Check the security logs of the server regularly to see if everything is still going well.

Don’t have time to check your website?

To read the logs? To do Google webmaster tools or other scans?

Leave that to us! We take care of your WordPress website for an affordable monthly rate.
We work with WordPress 7 days a week, for more than 10 years.

Choose convenience and security: Let us secure your WordPress website.

Website malware, what is it? How do I get rid of malware?

/0 Comments/in

I have malware on my website. MALWARE.. what should I imagine when it comes to malware? Can you eat malware?

Short explanation: what is malware?

Malware is malicious software created by criminals. Malware should not be in your website.
Malware comes in all forms: viruses, trojan horses, rootkits, spyware, dialers, botnets, malicious websites, tracking cookies and more.

How malware gets into your website

Malware can easily enter your website via a leaky plugin, an outdated plugin or WordPress version.
Malware is not human-driven, so it grabs every website it can find on Google. Also your hobby site or your small business website.

What does malware do?

Malware “in your website” is actually incorrect. It sometimes shows itself visually in your website when it places links to other websites, but 9/10x the malware is secretly active on the server.

Your website has the access and rights to have the server execute commands. Once malware is “in your website” and therefore on the server, the malware can issue commands to the server.
Those commands from malware vary:

  1. Malware can: Send spam to email lists (Thousands of emails).
  2. Malware can: Search and infect other websites on the Internet.
  3. Malware can: forward your login details to a hacker.
  4. Malware can: Change payment information in your WooCommerce webshop to that of a hacker.
  5. Malware can: Offer viruses to your website visitors.
  6. Malware can: Create pages in your website that ask for customer passwords.
  7. And more..

You now know WHAT malware is, HOW malware gets into your website and what the malware DOES.

But now the most important thing,

How do I get rid of malware?

We are specifically talking about malware in your website here. And more specifically, malware in your WordPress website.

This is a step-by-step plan that you can follow to remove the malware from your WordPress website (and therefore from the server):

  1. Determine the date the malware first entered your website
    You can see this from the modification date of files on the server, if that is not clear you can use your own insight.
  2. Restore a backup of at least 1 week before the malware entered your website
    You may be able to restore a backup from when your website was malware-free.
    Some web hosts store backups of your website, sometimes 1 week but sometimes also 1-2-3 months.
    Keep in mind that a backup is a step back in time, so news items, users, woocommerce purchases and the like are NOT up-to-date with the old backup. Therefore, make a backup of this moment before you restore 1.
  3. Check the website for suspicious files and activities & back doors
    – Check which files are on the server, whether they belong there.
    – Check which users have administrative rights and whether this is correct.
    – Remove backdoors, a backdoor is also malware, but then 1 that specifically keeps the door open to your server to allow more malware in.
    Backdoors are regularly installed, even before a hack actually becomes visible. That backdoor is literally an open door for the malware to be able to execute the injection and commands again.
  4. Update your WordPress, plugins and theme
    Make sure everything is up to date.
    TIP: We often completely replace the plugins and WordPress completely on the server for new downloads, so you can be sure that there are no unwanted malware or lines of code on the server.
  5. Submit your website to Google webmaster tools
    In Google’s webmaster tools, go to the security center and see if the website is not known as hacked/infected with malware there.
  6. Check your website for free at Sucuri
    Scan your website with the Sucuri Malware Scanner

Okay your website is now free of malware (we assume).

How do you prevent malware from entering your website?

Secure your website with a security plugin. It is not completely foolproof, but it does stop 90% of all automated malware.

Do you not know how to set up a good security, or have you failed to get your get website malware-free?

Please contact us, we do this work 7 days a week. We offer affordable solutions with warranty!

Click here for contact, then you are sure of convenience and a secure WordPress website without malware.

The experiment: downloading a nulled security plugin

/0 Comments/in ,

If you’re new to Nulled plugins, they are “free” premium plugins that contain malware.
Nulled plugins are bought by criminals, loaded with malware and then offered for free.

The paradox

An antivirus plugin that should keep out hacks and hackers, who has been hacked?!

That’s like putting a security guard in your store from Thief & Co

A security guard who arrives on time every morning with an empty backpack, likes to work overtime and goes home with a full backpack.

False security!

The special thing is that there are enough people who illegally download premium plugins without paying properly and thus fall into the trap of the hackers.
Many do not realize that from the moment the plugin becomes active, the website sends spam or redirects visitors in the first session to a website where you can gamble or buy other strange items.

This is detrimental to your position in Google and to your turnover, since your visitors will not see your website in this way.

The experiment

We regularly deal with WordPress sites that have been hacked because the programmer did not properly buy the plugins, but simply downloaded them illegally.
We thought it would be interesting to see what we get when we download a Nulled plugin for WordPress security.

Experience
We deal with hacked websites a lot and know exactly what we are doing. We do NOT recommend downloading illegal or Nulled plugins or other software.

Measures
Of course we don’t want viruses and we don’t want any problems with the server.
For that reason, we download the Nulled plugin on a virtual computer and put the plugin on a closed server.

Finding a Nulled plugin
There is nothing easier than googling and downloading a Nulled plugin. You can’t think of it that crazy or they offer it. The latest releases and the most expensive plugins.

But.. don’t be fooled, no matter how reliable and professional the website looks: the plugins contain hacks!

It’s already hit the first download!

I scan the first Nulled plugin with VirusTotal. It hits immediately.

What you see on the screenshot below are the most rotten hacks: trojans & back doors.
Trojans work secretly in the background of your website without you realizing it.

The name is derived from the Trojan horse. (Those who don’t know that story, read the story here)

resultaat scan

Trojans, backdoors, malware..

When you activate the plugin, you set access to your server & WordPress fully open. The hackers or an automated script will receive a signal which website has now been hacked (available).
They can do absolutely anything they want:

  1. Modify payment details in WooCommerce to their own illegal bank account
  2. Store and forward usernames and passwords
  3. Show advertising
  4. Edit texts
  5. Forward visitors
  6. And much more..

But there’s server security, right?

You would say that the security of the server, of the web host, knows this!
But that’s not true. The server does scan files, but the trick is that the plugins fragment the code and execute it in certain orders. Only the plugin itself knows that order, so the server cannot or will not execute it to find out that it contains unwanted code.

In addition to the fragmentation, the code is also written in an unreadable language that can only be executed by the hack itself.
The result can also not be judged as being desirable or not, since PHP has many server rights.

Only the most obvious and common hacks are detected and written as “suspected”.

Hacks do have a habit of exploiting server power and running everything at full speed. When the hoster finds out, they will disable your hosting package until you solve the problem.

The hoster cannot be held responsible for hacks in your website. You rent the web space, and if you don’t manage it properly or get hacked for whatever reason, it’s up to you to fix it.

Since that is complicated, do you need help or have your website repaired by professionals.

We dig deeper into the plugin

We have wandered off for a while, but we dig deeper into the plugin to see where those trojans and backdoors are.
Can we find them?

Looking for fragmented and encrypted code
Often server commands are encoded in Base64 and then executed with Eval. That’s the first thing we look for.
We see some lines of code appear (notepad++ Find in files).
But those lines of code look innocent.

Notable files
One technique we use when recovering a hacked website is to simply look for salient files.
Strange file names or php files that don’t belong in certain folders (like the css folder) often betray the malware/hacks.

We exclude a folder with css, a folder with images and a folder with txts.
But not so fast, the images are sometimes made executable!! (We don’t see any php extensions in the images and so continue)

Exclude files
We have excluded several files, and decide to scan the remaining files again.

It is striking that 2 of the 12 antivirus services do not realize that it concerns the previously tested malware after changing the name.

In short, they determine that a plugin is fake and only remember the name without scanning the content more often.
That is also one of the reasons why hacks/viruses can go on for so long, when minor changes in code or order of execution are made, they are unrecognizable by various antivirus services.

A few folders deep
Many hacks are a few folders deep, so they are less likely to be found. Somewhere between the “images” the “uploads/2015/etc” or “includes/colors/etc”
Not in this case, the trojans put them directly in the “core” files of the security plugin.

Found!

In the end we found the hacks, the code was neatly written.
It has been well thought out, several alternative methods have been used to open your website to the rest of the world (and especially to the hackers themselves).

Of course we do not show the code.

Conclusion

Nulled plugins still contain trojans. In these types of hacks, the code is neatly concealed with formatting so that it is indistinguishable from the regular code.

We will be doing more tests soon, such as:

  1. Is the antivirus plugin aware that it itself contains a hack/virus?
  2. Can other antivirus plugins find the hack in this plugin?

Stay informed of the latest messages via Linked-in, or via our news page!

Side note 1: hackers

And it should be clear that hackers and their criminal activities are not appreciated.
A hacker’s romance as you see it in movies is not how it goes in reality.

A hacker is someone who harms others for their own profit.
It frustrates the website owners, it frustrates the web hosting, and ultimately it costs money and time.

Side note 2: Illegal downloads

Well, if you choose to download something illegally yourself… you are actually just like the hackers.
You’re trying to take advantage of a plugin or theme without giving its creator their hard earned money.
We’ve all downloaded something from the internet, right?

But at least now you know what NOT to download illegally from the Internet.

Ps: we buy software that we work with neatly. Even if it’s just to avoid problems 😉
Safety above all!

7 seconds in the life of a hack-bot

/0 Comments/in

Computers are fast, aren’t they?
They perform millions of calculations within seconds.

We take a look at 7 seconds in the life of a hack bot to see why and how quickly your website can be infected with Malware.

0 to 0.70 Seconds: The time it takes to show 204,000,000 results in Google with search term webshops

0.70 to 4.5 seconds: The time it takes for a website to load

4.5 to 5.8 seconds: The time it takes to compare all source code of the website against databases of leaky plugins, WordPress releases, webshop leaks

5.8 to 6.3 seconds: The time it takes to make a targeted injection on the server/website through the leaks found (Advertisement, links, etc.)

6.3 to 6.6 seconds: The time it takes to put a “backdoor” and send a message to the hacker’s log

Hack successful – $time – $URL – $sales

This is 1 script, which mainly waits for the loading time of your website. Meanwhile, the hack bot is running 1000 more processes with the exact same trick on 1000 other websites.

When the script has successfully copied itself, we speak of a virus

Then the whole story starts all over again with the 7 seconds, only through multiple servers.
300,000 injections/hacks in 24 hours via 1 script is therefore not uncommon.

WordPress plugins that stop hacking bots

What a hack bot does in 7 seconds, an antivirus plugin can stop, roll back or prevent just as quickly.
So make sure that your website has good security immediately after launch, haven’t you arranged that yet?
Then install a security plugin now!

You can read more about free and premium security plugins for WordPress here.