Remove malware from WordPress

/0 Comments/in

Malware is a true plague for WordPress websites.

Malware in WordPress can consist of:

  • A script that sends spam
  • Unwanted ads inserted between your texts
  • Redirecting visitors to unknown webshops
  • And more..

In short, malware is not something you’d be happy about!

And it’s not just you; thousands of other WordPress websites are also used by hackers to display their ads.

This is an automated process where the hacker writes a script that exploits a vulnerability in WordPress or one of its plugins.

How can you remove Malware?

To do this, you need to be able to recognize malware, which is not easy if you are a design agency or a beginner.
Malware is written in PHP but then passed through a program that turns it all into =(LFIIOHWGWWGHIHHHH)=.
This way, the server cannot recognize the malware since it is not readable (but still executable).

Malware can be just one line hidden among the thousands of code lines in WordPress.

Getting Malware removed

It’s easier to have WPbeveiligen remove the malware. We have years of experience in locating and removing malware!
And not only that.. we can also secure your website to prevent the malware from coming back within 2 days. We provide a guarantee for that!

Get malware removed

Or secure your WordPress website to prevent malware from entering!

Using Google webmaster tools

/0 Comments/in , ,

Google Webmaster Tools is a free service provided by Google that allows you to see how your website appears in search results. It offers various valuable information, including:

1. Search keywords and the number of clicks/visitors your website received for each keyword.
2. The number of inbound links to your website from other websites.
3. Indexing status with a graphical representation.
4. Blocked pages on your website.
5. Crawl statistics.
6. Potential security issues.

These are powerful tools typically used by experienced webmasters.

WPbeveiligen uses Google Webmaster Tools primarily to check whether clients’ sites have been approved by Google. Additionally, they ensure that the site appears in Google search results and that any red warning pages from Google are removed after recovery from malware.

Re-submitting your website for review through Webmaster Tools is crucial if your site has been infected with malware and its search results have been negatively impacted.

To get started with Google Webmaster Tools, you need a Google account. Once you are logged in, go to the Google Webmaster Tools page. Click on the “Add a property” button to add your website. You’ll need to verify that you are the owner of the website, and the easiest method is by downloading an HTML file and placing it in the root directory of your website using an FTP program.

Once the verification is successful, you can access various information about your website’s performance in Google’s search engine.

In the left-hand menu, you can choose the specific information you want to view. Google Webmaster Tools is a valuable resource for website owners and can provide insights to improve your site’s performance in search results.

WordPress has been hacked, now what?

/0 Comments/in

WordPress is often hacked through vulnerable scripts. We still call it hacking because there has always been someone who wrote an automated script, and their advertisements appear on your website due to the hack. In fact, it’s more automation than hacking, as the script works 24/7 without the hacker being involved anymore.

But once you have an advertisement or your website is sending spam due to the hack, it’s important to get rid of it.

Restoring the hacked website

You can follow this step-by-step guide to restore your hacked website:

  1. First, make a backup of all data and the database
    The data includes the entire www/httpdocs folder.
    You can often export the database through phpMyAdmin or using a backup plugin.
  2. Try to update as much as possible
    Download WordPress and manually upload it to the server (using an FTP program). Also, replace the plugins with new ones and, if possible, the theme.
    Note: Updating the theme may sometimes cause style changes. Only consider this if you have the necessary knowledge to adjust the settings/style.
  3. Check your server for backdoors and unwanted files
    A hack never comes alone. Besides the modifications to your website through advertising injection, there are usually files and codes (see WPbeveiligen detection tool) on the server that allow the hacker and their script to regain access to your website.
  4. Check all plugins and themes for vulnerabilities
    You can do this using this website.
    If your plugins contain vulnerabilities, it’s recommended to use alternatives.
  5. Secure your WordPress website
    The hack has entered your website, and without security, it will happen again.
    Install a good security plugin on your website and configure it.
  6. Afterwards, verify that your website is fully restored
    You can do this through webmaster tools or using the Sucuri malware scan.

Good luck!

It’s a significant task that requires knowledge and patience. If you’re unable to do it, you can contact us. We restore WordPress websites on a weekly basis and provide a guarantee for our services!

WordPress hacked yet again?

/0 Comments/in

Your website is offline, and you contact your hosting provider only to find out that your WordPress website has been hacked.

And it’s sending spam…

For security reasons, the hosting provider has taken your website offline.

Why your website is offline

Many websites are hosted on a single server, which is a powerful computer with a single IP address. When too much spam is sent from that IP address, major mail servers put it on their blacklist.

In other words, if your website continues to send spam, other customers won’t be able to send emails, and their emails won’t reach their recipients.

To cut a long story short, your website is now offline and inaccessible until you remove the file responsible for sending spam.

Where can you find a spam script?

searching filesThe spam script can be a single file located among the files in your WordPress site on the server.
Sometimes, the file is found in your uploads directory because it can be written to by third parties.
However, with a vulnerability in your plugins, the main directory is also accessible to hackers and hacking scripts.

The file can be located anywhere.

We often find the spam script in the uploads directory, among plugins, within themes, and in subdirectories.

You might think, “I’ll remove the spam script from my website, and then the website will go back online.”

Sounds logical, right?

Piece of cake!

A spam script means a hacked website

A spam script in your WordPress site indicates that hackers or automated scripts have found a way to access your server. That’s how the spam script ended up on your website and server.

That vulnerability needs to be patched!

A vulnerability can be present in an outdated plugin, in WordPress itself, in the passwords you use, or in the server’s security.

Closing that vulnerability requires expertise and experience!

Hackers are cunning and use special codes and proven tricks.
For example, Base64 code is written in PHP but encoded so that the server and search programs cannot detect it!

Fortunately, you’ve found WPbeveiligen!

We identify vulnerabilities and hack scripts, carefully remove them, and ensure that your WordPress site is not easily hacked again!

Click here! Get your hacked WordPress website cleaned and secured now!

All my WordPress websites have been hacked, now what?

/0 Comments/in ,

What’s in this article

Plugins or themes regularly leak and malware ends up in multiple WordPress websites at the same time.
Wwhat should you do if you are responsible for 5 or 10 websites? Or when you manage 80 to 100?

Multiple websites hacked at the same time, how is that possible?

When 1 plugin is used on multiple websites or when 1 fixed theme is used, there is a greater chance that several websites will be infected at once.
Hackbots perform searches for certain plugins with a leak and use the leak to fill the website with advertising, spam, malware, backdoors and more trouble.

1 hack – 1 solution?

You would think that you can find the hack in the same files or folders on every website. Or in 1 fixed place in the database.
Unfortunately, hack scripts use the technique of dropping malware in random places.

Randomly posting hacks are done by the hack scripts to prevent the server from intercepting

In short, you have to solve and remove 1 hack in different ways.

Help to find hacks in your websites

Malcare
Malcare is a service that allows you to check multiple websites for hacks.
You have to register them 1-by-1, but once registered, Malcare shows exactly which files contain the malware.
It is then up to you to determine whether you want to manually remove the hacks/malware, or whether the files need to be completely removed.

The sucuri malware scan
The malware scanner from Sucuri shows you what hacks you have. This will help you find and remove hacks.

Google webmaster tools
The security page of the Google webmaster tools tells you which pages contain malware, phishing or unwanted advertising. find is.

Is there a One Click Fix to make all hacked websites hack-free in 1x?

We all prefer to see a “one click fix”. Where the computer/software detects and removes or corrects the hacks.
Unfortunately, there is no one-click fix as the difference between a hacker’s code and desired code cannot be calculated by software.

The tools we described above make it a lot easier to find the hacks among the hundreds of files and the thousands of lines of code, but you will still have to remove or modify the hacks yourself.

How do you know your websites have been hacked?

If WordPress has been hacked you will not immediately see it, the hacks themselves are usually well hidden by a hacker and his script/virus.

Usually you can see the effect of the hack.

  1. Your website is being redirected to another website.
  2. Your website shows advertisements or links from another website in your website. (You can read why hackers do that here.)
  3. You can no longer access your administration panel.
  4. Your website has completely changed its style or even shows a page from the hacker.
  5. Your website is slow.
  6. The security of your computer reports Phishing, a Trojan or other attacks on the PC.

You can do a scan if you are not sure if your websites have been hacked:
Rescan.pro – Good at detecting malware, hacks.
Sucuri malware scanner – Shows you if the site contains malware and often shows what type of malware
IsItHacked – Sees iframes and other hacker tricks before previous scanners

Remove the hack, what are you looking for?

Hackers use various methods to hide malware from the server’s virus scanner and from you so you can’t get it out easily.
Think of it as a thief, who also prefers not to be seen and has various tricks and disguises for that.

Base64
This is code that is executed through specific requests on files. The virus scanner does not make those requests, so the code remains hidden.
Base64 is an ugly plain line of code, usually containing the base64 declaration and/or an eval.
Note that some plugins also use base64. With base64 you can convert entire images into code!

Neat code intertwined with current coding
In some situations, hackers write clean code with professional formatting so that you can hardly tell the difference between code that belongs in the website and that of the hacker.

Java scripts
They load external files by means of 1 small piece of code. Those files contain all the hacks. Because the code is loaded externally, it cannot be found in your website. Fortunately, the aforementioned Sucuri & rescan scanner that does handle javascripts.

Code in disguised files
Code in “images”. A png file is an image type that the server will not execute as code. But with proper encryption, hackers can open the png and run it as a script. The server and other antivirus programs and especially people look over those “innocent” images in the uploads folders!

How to prevent all your WordPress sites from being hacked

  1. Install an antivirus plugin on every website
    Every website needs protection against automated hacks, viruses and/or malware.
  2. Make regular backups
    Preferably make daily backups, at least once a week. Retains at least 4-8 weeks as it sometimes takes about 3 weeks before you find out that malware has entered your website through a hack.
  3. Check the websites regularly
    Check the security plugins logs for suspicious file changes, login attempts, etc
  4. Keep plugins and themes up to date
    The programmers of plugins regularly release updates that fix security vulnerabilities
  5. Do not use more than 8-15 plugins per website
    Every plugin is a security risk
  6. Keep premium plugins and themes up to date as well
    Make sure the licenses are valid, premium plugins may be better maintained by the programmers but they are also targeted by hackers.
    Hackers download Nulled versions of the premium plugins and can test them for possible security risks for free
  7. Put each website on a unique hosting package or user account
    We regularly see multiple websites in 1 hosting package. The risk of this is that all sites are hacked if the ftp/database data leaks.
    And what is most common is that the malware can be placed in all folders.
    Prevent this with separate hosting packages or users under a VPS. This way you limit the write permissions and sites cannot exchange malware with each other.

 

WordPress has been hacked, how come my WordPress website has been hacked?

/0 Comments/in ,

You have a website that suddenly displays advertisements or forwards visitors to another website. Or worse, your website sends spam  (E-mails with unwanted advertising).

You haven’t changed anything on your website and yet your website was “suddenly” hacked.

Then the question arises: how come my WordPress website has suddenly been hacked?

  1. Would it be the programmer’s fault?
  2. Have I done something wrong in the website?
  3. Has someone deliberately hacked your website? The competition perhaps?

You have a lot of questions, but the answer is very simple on 99.9% of the websites:

A virus, script has modified your website. Completely automated and will affect thousands of other websites.

Is that so easy? Is there nothing to do about that? Who is behind those hacks?
Read on if you want those questions answered! (Brace yourself because it gets technical.)

The cause of most hacks: via outdated plugins and themes

Plugins and themes are responsible for 45% of hacked websites.
Hackers download the plugins and themes and test them for security vulnerabilities.
At wpvulndb.com you can see which plugins and themes are leaking.

A leak, what does that mean… it’s not a swimming pool!
A leak is a collective name for the possibility to give commands (hacking) to the server.
This can be done via input fields that are not closed, via files with wrong permissions, via incorrectly saved data and more.

Okay, now that you know that plugins and themes are 45% of the causes of a hacked WordPress website, you think: simply use few plugins and it’s solved!

But unfortunately, there are more security risks with a WordPress website. And that starts with the programmer who creates your website.

The security risks of your website in percentages:

de piramide van WordPress beveiling

As you can see, there are several factors that can make your WordPress website hackable.
The programmer, the web host, you as a user, the CMS itself and, as mentioned earlier, the themes and plugins.

Who goes to all that trouble to find and exploit security risks?

Hackers, cybercriminals, thieves.

And very occasionally ordinary citizens who live in countries where not enough money can be earned with the regular job. IT professionals who have been laid off but still have to support their families.
This can sometimes even involve intelligent ICT people with 20-30 years of experience. Or even entire IT departments…

Many hacks and attacks come from poor countries, since you only need internet and an old computer to write a virus/hack.

How does a hacker earn money from my website?

If you have a website that is about your family or about your hobby, you can’t imagine that a hacker can make money from your website.

Yet you can!

Link building
By placing links in your website, a hacker can increase his website considerably in Google.

Selling products through a wide range
The hacker uses your good name/website and that of thousands of others to sell his product.
Imagine you have a website with beauty products, and it contains a link to a product that prevents aging or other problems.
There are still a surprising number of people who buy such a product.

The product often costs 100-200 euros, has to be paid via the internet and ends up in an anonymous account. The product is not delivered.. and that gives the hacker a lot of money without incurring major costs.

And so there are many ways to make money when a website is in the power of a hacker.

WordPress seems very insecure, should I switch to another CMS?

It’s not WordPress that’s insecure, it’s the plugins, themes, and the aforementioned external factors that give hackers the ability to hack into your website.

WordPress is well maintained and secured, you just need to know how to handle it.

I’m just starting a new website, should I choose another CMS?

Every CMS has to deal with hacks.

The programmers of WordPress (Automattic) work daily to keep the CMS as secure as possible. New updates are regularly released to keep the system safe.

40-60% of all websites in the world run on WordPress, and for good reason.

WhyWordPress is a good basis for company websites, webshops and blogs

  1. WordPress is open source and can be downloaded for free at WordPress.org.
  2. You can expand your website with more than 55,000 plugins.
  3. For questions you can contact many WordPress programmers, designers and forums.
  4. WordPress is continuously being developed.
    (Think of the REST API, Gutenberg editor, Privacy options, SSL support)

What can I do to secure WordPress?

Install and configure a security plugin:
First of all, it is important that you a good security plugin a> installs. A security plugin works like Antivirus & Firewall for your website.

It is important to set up the security properly.
The security plugin needs to be tuned to best protect your website against hackers and hack scripts, but your WordPress website and plugins must have permissions to function.

Using plugins:
Limit the number of plugins, as each plugin contains a series of code that can be used by hackers to get into your website.

The hosting:
How do you know if a hosting party is good?
Make sure they have 1 of the most recent php versions.
Do not go for a budget package of 1 euro per month, but pay a little more to a hoster who also provides support by e-mail or preferably even by telephone.
Choose a hosting party that has been around for a number of years and that has many customers.
This way you have a reasonable chance of finding a good hoster, where your website is on a secure server under the supervision of specialists.
Note: They are responsible for the functioning and keeping the server online, they are not responsible for what you or a hacker does with your website. They can therefore not fully protect your website against hackers, that is simply not their job.

What does it cost if I have my WordPress secured?

We offer a monthly maintenance subscription where we secure WordPress and keep it up-to-date. We also check the website for break-in attempts and we actively prevent hackers.

You can easily request that subscription, click here for the current rate.

Yes, but my WordPress has already been hacked!

We can remove the hacks and ensure that the hackers no longer have a grip on your website.
We will not calculate the costs for this in 1x, but through an affordable subscription.

After removing the hacks, backdoors and blocking the hackers, we keep your website up-to-date and keep an eye on it.
This way you can be sure that you are rid of those miserable hacks and hackers, and that they will not come back!

Have your WordPress website now hack-free and secured by us.

10+ years of WordPress experience

We have been working with WordPress since 2007. We have developed hundreds of websites, all with WordPress. We have been doing the management and maintenance for our customers for years.
With us you can assume that your WordPress website, large and small, is in good hands.

But… everyone calls themselves a WordPress specialist, even people who can only read the manual of a theme or plugin…

And that is why we recommend that you contact us before you let someone work on your website.
Ask some questions, test the knowledge of the programmers, server administrators, designers.

And feel free to contact us, so that you can be sure that professionals are working on your website.

Click here for our contact options.

Guarantee, convenience and security for WordPress websites

/0 Comments/in ,

Deception is part of the hacker’s game

The tricks of hackers go beyond the knowledge, perseverance, and experience of programmers. It’s not due to a lack of expertise but simply because there are thousands of tricks to infiltrate and maintain malware in a WordPress website.

The ongoing battle of a major IT company

This reminds me of the struggle faced by Microsoft, where billions of dollars were invested in protecting Windows against hackers, trojans, and viruses.

And has it been successful? Is Windows impenetrable, 100% secure?

No, criminals come up with new tricks every week, even fooling companies like Norton Antivirus, Kaspersky, and other companies dedicated to intercepting malware, viruses, and the latest tactics used by online criminals.

Now you can understand the importance of having guaranteed security for your WordPress website, as anything can happen!

Whether it’s a small website, a large corporate website, or an online store, NO ONE wants to deal with the detrimental effects of hacks or the costs associated with removing them from the website.

WPbeveiligen = Standard Guarantee & NO additional costs

With our subscriptions, we provide standard guarantee: if a hacker manages to infiltrate your website despite all the security measures we have implemented, we will undo the hacker’s malware/hacks, locate any backdoors, and intensively monitor the site.
We will catch the hacker in their virtual tracks!

This guarantee is provided without any additional costs!

Frequently asked questions about the WordPress database

/0 Comments/in ,

Frequently Asked Questions about the WordPress Database

  1. Does the WordPress database have a limit?
    No, there is no limit. You can store as many posts and pages as you want, just like any other database.
  2. Where are my posts stored in the database?
    All posts and pages are stored in the `_post` table.
  3. What is a prefix?
    A prefix is a prefix for a table. It is often set as `wp_`, but for security reasons, it is recommended to change it to a unique prefix.
  4. Are user accounts in the WordPress database secure?
    User passwords are stored using MD5 encryption, but note that other data is stored unencrypted in the database.
  5. Where can I find my database?
    Your web host stores the database in a separate location. To manage the database, you can access the “phpMyAdmin” tool through your hosting panel, cPanel, or DirectAdmin.
  6. What is my database username and password?
    You can find this information in the email you received from your web host when registering and/or purchasing the hosting package. If you no longer have that email, you can also look for a wp-config.php file on your website’s server, which contains the database name, username, and password.
  7. What is localhost?
    In 70% of web hosting packages, you can enter “localhost” as the address for the MySQL database. In some cases, it may be different or not defined, requiring you to use an actual address.
  8. How big is a database?
    Rough estimates for average database sizes are as follows:
    An informative WordPress website: 5-19 MB
    A website with 50 pages/posts: 30-45 MB
    An average WordPress WooCommerce shop: 50-60 MB
    A large WordPress WooCommerce shop: 95-150 MB
    A busy news site with daily articles: Grows by 70-125 MB per year
  9. Why does WordPress suddenly prompt for a new installation on my existing website?
    If WordPress doesn’t find any tables, it defaults to the installation page. This can also happen if the wp_ prefix (mentioned in point 3) is not set correctly, causing WordPress to be unable to locate the database tables.

We hope these questions have been answered. If you have a question that is not listed here, please let us know in the comments section at the bottom of this page. We will do our best to answer the questions posted in the comments, and who knows, we might even include the solution directly in our article!

How does WPbeveiligen find a hack or backdoor?

/0 Comments/in

Finding a hack file or backdoor among the 1500 to 3500 files that typically power a WordPress website may seem impossible.

Searching for a needle in a haystack

When your website contains vulnerabilities that allow bots to upload files to your server, they prefer to spread those files as inconspicuously as possible. They may target upload directories that are several levels deep from the root.

Hack files are often placed in PHP format among your other files, using different filenames and tricks each time. This requires knowledge and experience to locate these files.

I can give you some tips on how I do it, but my other tips will remain “trade secrets.”

Method 1 – Finding hack files by modification & creation date

Files added via a bot often have a different timestamp than the rest of your files. In 99% of cases, they are added after the start of your website. As your website becomes more popular, the chances of it being found by bots that deploy harmful files increase. Pay attention to the modification or creation date.

Method 2 – What doesn’t belong in WordPress?

Spot the differences. I can recall about 80% of all the files that should be in WordPress. So, when I see an options.php, model.php, or 312.php where it shouldn’t be, I know there’s an issue, and I check the code before pressing delete.

Method 3 – Scanning the code in the files

I have various scanning methods that can automatically or manually inspect multiple files simultaneously. With these scans, I search for:

  • frames
  • base64
  • eval
  • cookie
  • inject
  • p.a.c.k.e.d
  • display: none / visibility: hidden
  • And more

Method 4 – Searching in the database

Using a program and the usual server tools, I search the MySQL database for backdoors, unauthorized users, hidden content, and more.

Method 5 – Google Webmaster Tools

Google Webmaster Tools often alerts you first when a website contains malware and phishing files. Valuable information can be obtained from there to help tackle the hack.

These are some of the methods I use. There are many more, and each website requires its unique approach to find a hack. Websites with more than 10 plugins may require checks in unexpected places. Old server software or open servers may require different approaches.

In general, websites are thoroughly examined and evaluated first, followed by increasingly refined searches to identify and remove all threats, ultimately securing the website.

Note: Removing a spam script, malware syntax, or frame is just the beginning. The ultimate goal is to patch the vulnerability and secure the website.

Using the DEBUG MODE of WordPress

/0 Comments/in ,

What is the debug mode?
The debug mode is a feature that is included in WordPress by default and is turned off by default.
You can turn on the debug mode if you want to display errors on the front end of your website.

The debug mode is mainly used by developers.

Enabling the debug mode

You can enable the debug mode by using a text editor to open the wp-config.php file.

Open the wp-config file and find the following line of code:
define( 'WP_DEBUG', false );

To enable the debug mode, change FALSE to TRUE.
(Casing doesn’t matter.)

example wordpress debug mode

By default, the debug mode is set to FALSE. This is done for security reasons. Remember to set the debug mode back to FALSE after resolving the errors!
Errors can reveal information about your website that not everyone should see. Hackers and malicious scripts, in particular, should not have access to error messages.

Saving errors

You can also save the errors so that you can review them later. WordPress has a built-in feature called the Debug Log, which is already present in WordPress but needs to be activated.

To activate it, add the following line of code below the previously mentioned debug mode line in your wp-config.php file:

define( 'WP_DEBUG_LOG', true );

WordPress will now save ALL errors that occur on visited pages in a file called debug.log, which can be found in the wp-content directory.

If you want to view the errors in the log file, you need to visit the pages where the errors occur.

And if you suddenly see hundreds of errors, don’t panic. If you have many website visitors, all those errors will also be logged every time a page with errors is loaded. So it could be just “one simple error” that you need to address, but it appears multiple times in the log file.

example debug log wordpress

Whether you want to view the errors directly on the respective page or through a log file, it’s possible! Now, you just need to resolve the error.