My WordPress website contains malware?!

/0 Comments/in

It’s indeed crucial to avoid seeing such a warning on your website. Here’s how you can deal with the situation:

How can the website contain malware?

If your WordPress website has outdated plugins, themes, or WordPress itself, it becomes vulnerable to attacks, and bots may infect your site with malware. Even newly installed plugins can sometimes contain vulnerabilities.

How can I get rid of this warning?

To remove the warning, your website must be thoroughly cleaned, and all malware (hacker’s code) needs to be removed. Once you are confident that your website is clean, you can request a reevaluation from Google.

How do I prevent it from happening again?

To prevent such incidents from happening again, you need to ensure that your website is not only cleaned from malware but also secured properly. There are various ways bots can find entry points to your website, and those vulnerabilities need to be addressed and closed.

You can accomplish this by securing your website through the help of WPbeveiligen!

 

WordPress security plugins – The introduction

/0 Comments/in ,

Selecting a good security plugin for your WordPress website is essential, but using multiple security plugins simultaneously is not recommended. They may interfere with each other’s functionality, causing conflicts and reducing the overall security of your site. Here are some popular security plugins you can consider:

iThemes Security

ithemes wpbeveiligen

iThemes Security is a powerful and comprehensive security plugin with several strengths, including:

  • A file monitor that displays modifications, additions, and deletions of files on your server, making it easy to detect new files added by hackers.
  • An organized checklist of security issues ranked by importance that you can work through to secure your website.
  • Blocks PHP file execution from the uploads folder, an essential feature to prevent malicious code upload.
  • Collaborates with Sucuri experts to provide website scanning functionality.

However, be cautious while using iThemes Security, as some options cannot be easily reversed on an existing WordPress website. Over-securing your website can lead to unintended consequences.

WordFence Security

WordFence is widely known and includes a scanner that compares your files with the core files of WordPress. The free version may not scan all files, as premium plugins are not included in its database. WordFence also offers a Falcon engine, which claims to speed up your WordPress site significantly, but its effects may vary.

Securi Security

Securi is a reputable company that offers a powerful plugin with features like plugin removal and reinstallation, which can be useful for cleaning up hacks. Keep in mind that updating plugins might not remove all hack files, which is why removal and reinstallation are essential in some cases.

Bulletproof Security

bulletproof wpbeveiligen

Bulletproof Security is a more technical and less user-friendly plugin. While it has some unique features, other plugins mentioned earlier offer similar functionalities, such as caching, login security, and Htaccess management.

Ultimately, the choice of the security plugin depends on your specific needs and preferences. Whichever plugin you choose, ensure you configure it properly. No plugin can guarantee 100% security, and it also depends on how well you use your website as an administrator. Avoid clicking on suspicious links in comments, as they may execute malicious codes and potentially lead to a MySQL injection if you are logged in as an administrator.

Remember, as a website administrator, you have more control than a security plugin can provide. Your decisions and actions play a crucial role in keeping your website secure.

 

How do I read base 64 code?

/0 Comments/in

Indeed, hackers often encode their PHP scripts to make it harder for the server to quickly recognize them as viruses. The server won’t decode each file multiple times to read it.

example

However, such a file can still be executed upon request, and that’s what a hack script does.

Decoding a piece of base64 code

When you see that whole mess of code, you may not know where to start. But there is some logic to it. The code often starts with an `eval(“”)` statement, where it wants to execute the code within the “”. You can put that code into a decoder.

They often put the code in a variable that must be executed via a decoded variable, making it difficult for someone to unravel it. And that’s precisely the intention of the scriptwriters.

What is usually hidden behind “that hidden code”?

In many cases, it’s a link to a product page of the hacker or their client. Or a script that sends emails (spam) to email addresses.

But sometimes you’re dealing with a more advanced hack script that not only performs those simple actions but also transfers your database information or creates a new user in the database so that the hack script can regain access later, even if you have repaired it.

Or a script copies itself to every directory on your server.

These are things you probably don’t want to know, and it’s best not to put yourself in the shoes of a scriptwriter but rather remove it and partially renew your WordPress to ensure that all of its code and files are gone from your server.

The base64 code is encoded 3-10 times.. what now?

The files are often encoded 1-5 times. This means you could spend quite some time decoding them.

Fortunately, there is a website that can do this process for you. UnPHP creates a virtual space and extracts the encoded PHP from it.

It can handle up to 81 iterations in a loop if needed!!

decode

 

What is a hack bot? Here’s how to protect WordPress from hackbots

/0 Comments/in

What is a Bot?
A Bot is simply the abbreviation of a “roBot.”

Bots are 1000x faster than humans.

If we make a simple calculation, assuming that a human can manually attack one website per hour by conducting various security tests on WordPress, and then we see that a bot can attack a new website every 30 seconds with hundreds of requests, we can understand how quickly it can happen.

A computer can execute several million requests (tests) per minute.

In short, your website is hacked by a Bot?!

What the bot does in slow motion:
translated from computer language to human terms

Requests for the WordPress version

  1. Html generator?
  2. Readme.html?
  3. Version.php?
  4. Plugin output?

Requests for active plugins

  1. Directory listing wp-content: plugins
  2. Output in HTML
  3. Function request

And so on… Millions of requests per minute!

And this database of requests is kept up-to-date via, yes… another Bot.

What does the bot do after making the requests?

Once the Bot knows the WordPress version running on your server and the active plugins and theme, it compares this information with the database containing vulnerabilities for each plugin and theme.

This process takes people half an hour, but for the bot, it’s a matter of milliseconds. (Thank you, technology!)

Knowledge is power

When the Bot knows which plugins and themes are running on the WordPress version, it will use that information to exploit known vulnerabilities and inject code into the database and server.

Oh no! Code injections into the database and server? That sounds nasty!

Indeed, it is. The injections add data, including files that become active and send spam, or gather more information about users, or gain access to the server.

How do you protect against bots?

The bots know the standard plugins, the default WordPress version, and compare them.
So, if they no longer know which plugins you are using, which theme, and which WordPress version, the bots are left powerless!

Combine this with the right measures against bots:

  1. Proper file permissions
  2. Directories in unknown locations
  3. Hidden directories
  4. Corrections for injections via the browser
  5. Corrections for files on the server
  6. Blocking users and IP addresses (bots)

Then you can stop the Bots. They are just scripts that follow protocols! Break the habit, and a Bot won’t know what to do.

You don’t have to make these adjustments to your website manually; you have a bot for that 😉
A script, or more specifically, iThemes Security!

10-20 plugins leak every month

/0 Comments/in

Every month, 10-20 plugins are found to have vulnerabilities. By “vulnerabilities,” we mean that hackers and hack scripts can exploit the plugins to gain access to your server or WordPress site.

Even this month, Akismet, Jetpack, and Ninja Forms have been added to the official list of vulnerabilities on WPScan.

Interestingly, Akismet was developed to combat comment spam!

However, this doesn’t mean that these plugins should be immediately removed; they are undoubtedly being updated by the developers.
Make sure you have a newer version of the plugin.

What can you do about it?

It’s not practical to check the plugin list every day to see if the plugins you use might have vulnerabilities.

Here are some steps you can take:

  1. Minimize the number of plugins you use.
  2. Keep your plugins updated.
  3. Install a security plugin.

You should take these steps before your website gets hacked.

Updating a plugin via the WordPress updater doesn’t guarantee that previously vulnerable plugins are immediately virus-free.

If your website is already sending spam due to a vulnerable plugin

You’ll need to check the entire WordPress website on the server for spam files. These files are often placed in various locations as a virus.

Get your WordPress website restored and secured if you suspect it has been hacked or is sending spam!

FTP through the admin, it can be done!

/0 Comments/in

Every now and then, you come across those exceptional plugins that make your life a little bit easier.

One such plugin is CYSTEME Finder Download the plugin (zip file).

The plugin is called “CYSTEME Finder, a file explorer,” and it’s a neat plugin that allows you to take a peek at the server without needing an FTP program like Filezilla.

View Files on the Server
file editor

Copy, Move, and Delete Files

You can not only view the files but also, just like in a regular FTP program, modify, copy, and delete them.

file-server-wordpress

Modify Files

In WordPress, you can typically only access the theme and plugins to modify them, but with this plugin, you can even edit your WordPress core files.

This is useful if you want to remove backdoors!

modify files via admin

 

Safety

Be cautious! The plugin can do a lot, but it is NOT recommended to keep it on the server by default.

Install and use the plugin when you need it, but do not give hackers and hack scripts the opportunity to use it or an outdated version to fill your server with files!

This applies to any plugin you use infrequently or once—remove it after use. Even if the plugin is not activated, it is still accessible on the server and thus vulnerable to hackers!

Can your WordPress site go to the junkyard?

/0 Comments/in

Sometimes, people wonder if it’s worth securing their website, but the technical explanations about themes, plugins, databases, and content can be difficult to understand. So, let’s take a new approach:

What if your website were a car?

wordpress car

The Frame – WordPress

WordPress can last for years, but if you never update it, it may develop issues.

The Solution

  1. Update your WordPress from your admin panel
  2. Remove and re-upload WordPress to the server

update wordpress

The Paint (Theme)

The paint represents the appearance of your website. A new theme or restyling can make your website look brand new and up-to-date.

How?

  1. Make your website mobile and tablet-friendly
  2. Add some new images to the content
  3. A CSS coder can work wonders with color adjustments
  4. Add a slider with beautiful images

new theme

The Components – Plugins

Plugins can become outdated and may cause issues.

What can you do?

  1. You can update plugins from your admin panel
  2. Remove the plugin and re-upload it to the server

update plugin

The Wiring – Database

The database is hidden away and requires little maintenance, but it’s worth checking.

How to optimize the database?

  1. Go to phpMyAdmin and select the tables to repair/optimize
  2. Remove old plugins, themes, pages, and posts that are no longer in use

 

Thankfully, WordPress is not a car!

While some knowledge and experience are required (or a WordPress expert), it’s a matter of replacing the right information, and your WordPress website will be as good as new!

What can WPbeveiligen do for you?

When we restore and secure your WordPress website, we thoroughly examine all files (like rust on a car) and ensure everything is polished and in place.

We also update or replace plugins, remove old unused information (in consultation), and ensure you have the latest WordPress update.

In short, a restoration and security service is not only an option when you’ve been hacked, but it’s also a great way to get your WordPress website in top shape, just like a good car maintenance check!

De admin bar van WordPress aanpassen

/1 Comment/in

De WordPress admin balk, toolbar, admin bar, hoe je hem ook noemt – de zwarte balk bovenaan je WordPress website – wordt vrij weinig gebruikt, Toch? Dat terwijl de admin bar standaard in iedere WordPress website zit.

Daarom gaan we met die balk aan de slag! We gaan hem verbeteren of verbergen.

Hoe dan? Nou, gewoon met plugins. Inklappen, uitvouwen, weg laten glijden, knoppen aanpassen en toevoegen, we gaan alles doen om die beheerbalk naar onze wens aan te passen!

de admin bar van wordpress

We beginnen even heel eenvoudig, wat kunnen we standaard met de balk doen zonder plugins?

De admin bar volledig verbergen

Ga in je admin naar gebruikers > profiel > Toolbar tonen tijdens bekijken van de site.
Vink die uit, klik op de opslaan knop en weg is de zwarte admin bar!

de admin bar van wordpress verbergen

De admin bar inklappen

Soms wil je de website bekijken zoals je bezoekers dat doen, of er schuift net een cookie melding achter je admin bar, of je vindt de donkere balk gewoon even niet mooi in je website.

Dan installeer je de plugin: Hide WP Toolbar

Met WP Hide Toolbar kun je de admin balk inklappen, de admin balk wordt zo klein als een hoekje links in je scherm! Wanneer je hem nodig hebt, om in je admin te komen, om een pagina aan te maken of de cache te legen kun je hem gewoon weer uitklappen.

De admin bar naar onderaan verplaatsen

Als je kijkt naar Windows en Mac dan zit de startbalk of de appsbalk vaak onderaan. Dat kan ook met de admin bar van WordPress.

Installeer de plugin: Bottom Admin Toolbar

WordPress admin bar naar beneden

De admin bar automatisch verbergen en tonen

Je wilt het nog gemakkelijker hebben? Niet moeten klikken om de admin balk te laten verschijnen en verbergen? Dan is “Auto hide admin bar” iets voor je. Als je met je muis over – mag ik het de nodge van Apple noemen – schuift zal de admin bar verschijnen.

En nog mooier, je kunt ook toetsenbord combinaties instellen. Luxe hè! Dan schuift de admin bar in en uit beeld met bijvoorbeeld Shift + z of welke toetsencombinatie je ook insteld.

Installeer de plugin: Auto hide admin bar

admin toolbar van WordPress laten sliden
Een MAC OSX style voor je admin bar

Met de iBar plugin zorg je ervoor dat de standaard toolbar ineens heel hip is. Apple style!
Het verschil zie je zowel aan de voorkant als in het admin.

Download de plugin: iBar Mac OSX style

apple style toolbar voor wordpress

Toegang tot alle admin pagina’s via de admin bar

Toegang tot alle pagina’s via de admin bar is nog best handig! Je kunt het linker menu daardoor ingeklapt laten in je admin (back-end), en ook via de voorkant van je website direct naar alle admin pagina’s en instellingen.

Dat kan handig zijn tijdens het opzetten of configureren van de website. Dan zie je iets aan de voorkant wat je “even” wilt aanpassen (denk aan permalinks), maar tegen de tijd dat je van de front-end naar het admin gegaan bent om dan naar de bewuste instellpagina te gaan.. ben je alweer vergeten wat je ook alweer wilde doen. Wat mij betreft is dit een handige snelkoppeling!

Download de plugin: Toolbar Links

een admin menu in je toolbar

Tot slot – Waarschuwing

Oké nu weet hoe je de admin bar kunt weghalen, opvouwen, en stylen. Met jouw opgevouwde toolbar die netjes uit de weg geruimd is tijdens het previewen van de website zie je eruit als een WordPress pro 😉

Maaaar, let op: aanpassingen aan je admin bar via plugins kunnen ook voor problemen zorgen. Je voegt met de plugins niet alleen functionaliteiten toe aan je website, maar aan de front-end EN back-end extra scripts. Nieuwe functies en code die kan botsen met huidige functies en plugins van je WordPress website. Ga daarom spaarzaam om met het toevoegen van nieuwe functies!

De toolbar next-level: we gaan in een ander artikel iets doen aan de knoppen, want van de begroeting aan de rechterkant tot de standaardknoppen aan de linkerkant.. dat is niet best! Je kunt de toolbar namelijk voorzien van je eigen snelkoppelingen, editor knoppen en meer!

 

Securing WordPress: from A to Z

/0 Comments/in

Admin was the default username for new WordPress installations for years. Many users didn’t change it, resulting in thousands of hacked WordPress websites.
And even now, that username is still used too often!

Backdoors allow hackers to regain access to your WordPress website through a single line of code.

Code is often written in PHP and then encoded to base64 so that the server doesn’t recognize it.

Daily spamming will get your website listed on the spam list.

Errors on your site without any modifications? It might have been a hacker, but it could also occur due to conflicts between WordPress, plugins, and themes during automatic updates.

Filezilla is the most commonly used program to manage your server files. You can check the modification date to see which files have been altered by a hacker.

Encoded data like your password is stored in the database, making it unreadable. (But it can be changed.)

Hackers write scripts and spread them on the internet, attacking thousands of websites. They rarely target specific sites.

Illegal plugins are often equipped with backdoors and spam scripts.

Javascript is commonly used to overwrite information on your website. For example, all links might be replaced with links to websites that the hacker profits from. This code can be very short and doesn’t need to be in your theme or templates, making it hard to find.

Lost customers seeing ads or an error on your website will usually not revisit it. They will instantly search for other sites offering similar services or products.

Learning to remove hacks and secure WordPress takes months. Hackers attempt to infiltrate your WordPress website weekly using smart scripts, and there are thousands of active scripts with more added every day.

Matt Mullenweg is the founder of WordPress. He developed WordPress at the age of 19.

Notepad++ and even the standard Notepad in Windows are tools with which a hacker can write a hack script. The ease of use contributes to the abundance of scripts in circulation.

Open source is the reason why there are so many WordPress websites online. The CMS is free to use, and anyone can develop plugins and themes for it.

Plugins can be downloaded for free from WordPress.org, but there are also premium plugins available for purchase.

Queries are server requests. With hundreds of queries from various IP addresses, a DDoS attack is launched. iThemes Security blocks various queries and limits the number of queries an IP address can make.

Comments on your website may contain links with an injection. Clicking on such links while logged in as an administrator can execute commands against your own website.

80% of the spam you receive in your email inbox comes from websites that have been hacked.

Templates like the page template and the header template are often injected with advertisement links, making those links visible on every page of your website.

Uploads folders are often filled with spam files. Every website has a default upload folder that the server and WordPress can write to. This is essential for updating the website, adding images, etc. Hackers like to exploit these folders. The year and month are usually part of the default structure. Check there if you want to get rid of hacked website files!

Remove plugins you don’t use. Even when deactivated, they are still available on the server, causing security issues.

WordPress is a very secure and up-to-date system. The use of poor plugins and themes is what causes the problems.

XSS stands for Cross-Site Scripting, one of the major vulnerabilities in websites. It is abbreviated as XSS to avoid confusion with CSS (Cascading Style Sheets).

Yoast SEO is a WordPress plugin created by Joost van der Valk, a Dutchman. His plugin is well-known worldwide and used by thousands of businesses. Plugins like Yoast SEO are regularly updated, ensuring their security.

You can secure your WordPress website if you have knowledge of servers, plugins, and updates. All this information is available for free on WPbeveiligen!

 

Hopefully, you have learned more about securing WordPress, or you’ve discovered some interesting facts.

Securing WordPress goes much deeper, but we’ll spare you the details in this article. If you want to read more, regularly visit our WordPress security articles page.

Did you enjoy or find this article informative? Share it with others so they can also learn more about WordPress security!

Help!!! My hosting provider has taken my WordPress offline

/0 Comments/in

From one day to another, your web host informs you that your WordPress website was sending spam and has been taken offline until the issue is resolved.

This happens weekly with WordPress websites, and it is the only way for the web host to protect the server and all other customers from the problems caused by a website that sends spam.

Why the Web Host Took Your Website Offline

When your website sends spam, the IP address from which the spam emails originate gets reported and blacklisted by companies that filter emails.

Once the IP address is reported, emails from that IP address will no longer be delivered.

This means that all customers on the server with that IP address can be affected.

Therefore, a web host acts swiftly and takes a website offline until you have removed all spam files.

The Steps You Need to Take

Of course, you want your website back online as soon as possible. This means you need to remove the spam files from the server.

However, simply removing the files solves the immediate issue. You haven’t addressed the root cause yet.

Thus, you need to update all possible plugins, your theme, and your WordPress core to close any potential vulnerabilities and prevent the spam files from appearing on your server again.

In many cases, unfortunately, it’s a bit more complicated to thoroughly clean the server as the vulnerabilities have been exploited to insert backdoors into your uploads folders, which you also need to remove. You can do this by deleting all PHP files from the uploads folders since they should only contain media files such as images, videos, and PDFs.

The Database

Some vulnerabilities grant access to the database, where backdoors can be created. This could include new administrator accounts or javascript injected into the content.

Therefore, you also need to carefully inspect the database.

WPbeveiligen, the Solution to All Your Worries

As you can see, there are many things to address before your web host can put your website back online.

For many, the easiest solution has been to contact us and let us handle all of these matters.

We also ensure that your website is removed from the blacklist and communicate with your web host to get your website back online as quickly as possible.

Let us recover and secure your WordPress website!