A useful feature of Sucuri

/0 Comments/in

Sucuri Security offers a WordPress plugin that you can find in the WordPress plugin library under the name Sucuri Security. While it may not be an all-in-one solution against hacks and has some limitations, it does have one very useful feature that can save you a lot of time, especially if you have many plugins installed.

The Plugin Reinstaller

If your website uses 20-30 plugins (which is, of course, too many and poses a significant security risk), it can become a cumbersome task to remove each plugin, download a clean installation, and then upload it back to the plugins directory, especially when there are hacker files present.

Sucuri has a feature for this scenario where you can select all plugins at once and have them removed and reinstalled with a clean version in one go! This saves you a lot of time and effort.

You can find this feature under “Post Hack > Reset plugins.”

securi plugins installeren

You might be wondering if you can simply update a plugin instead. While updating a plugin does modify some files, it won’t remove any hack files that may be present.

In summary, download the Sucuri plugin and use the reset plugins function!

And then?

After using the Sucuri plugin to reset your plugins, it’s a good idea to install a robust security plugin like Ithemes Security PRO to enhance the security of your WordPress website.

My WordPress website is showing an error?

/0 Comments/in

If there is something wrong with the code, the database, or the hosting, you may encounter an error.

For many, these errors are not understandable, but as WordPress security experts, we often encounter them on hacked websites.

Not every error is caused by a hack, so to find the right solution, it’s important to understand what the error means.

The 404 error

The 404 error is the most common and occurs when a page cannot be found.

Your website may still be accessible since a 404 page is usually displayed within your website’s layout, but the page either no longer exists or the URL was mistyped.

The 500 error

The 500 error usually indicates an issue with the server. It could mean that the server is temporarily offline or needs to be restarted. In such cases, your website will not be accessible until the hosting provider resolves the problem.

Error establishing a database connection

You’ll see this error when the database is unreachable. It can occur due to incorrect database credentials, but it may also be caused by hosting issues preventing the database from loading.

A white screen without an error message

In some cases, you may encounter a blank white screen. WordPress sometimes suppresses errors for security reasons since displaying errors could provide information to hackers.

To debug this, you can set the debug_mode to “true” in the wp-config file of your WordPress website.

WPbeveiligen can help you solve the problem

We have the knowledge and experience to resolve most errors. You can contact us on a no-cure-no-pay basis for error resolution.

The cost of fixing an error usually ranges between €40-€60 excluding VAT, as it typically takes no longer than an hour to resolve the issue.

10 ways to open up WordPress to hackers

/0 Comments/in

These are the 10 things you absolutely should not do if you want to keep your WordPress secure:

  1. Keeping the username “admin.” Most scripts are designed to perform a brute force attack in combination with the username “admin,” where thousands of passwords are attempted on your admin page.
  2. Leaving “admin” in the wp-admin link without setting a maximum number of login attempts. Setting a limit to 3-5 login attempts will deter brute force attacks.
  3. Displaying your username above each post. Choose a different name for publishing posts!
  4. Leaving the comment area open without an anti-spam plugin. If you don’t use comments or rarely receive them, consider disabling the comment section.
  5. Using the website name as your login username or password. This is one of the first combinations attempted by hacking scripts!
  6. Using dozens of plugins. The more plugins you have, the higher the chances of one having a vulnerability. Exploiting a vulnerability in one of your plugins can lead to a MySQL injection or the creation of files on the server.
  7. Leaving the WordPress version number in the source code. Hack scripts can easily find the exploits (vulnerabilities) associated with that specific version.
  8. Not updating WordPress for 3 years. This might have been acceptable when WordPress was relatively new, but due to its popularity, there are now numerous scripts scanning the internet for WordPress sites.
  9. Illegally downloading and using plugins and premium themes. Sites offering illegal themes often insert their ads or backdoors into the theme. A simple line of code can collect and transmit information to the hacker.
  10. Using the cheapest hosting. The server is also a target for hackers. They attempt to access the server through vulnerable WordPress websites to launch attacks on other sites. Cheap web hosts, unfamiliar with WordPress and not focused on security, often have slow servers, leading to slow website loading times.

These are the 10 points you can change to make it more difficult for hackers to compromise your WordPress website.

Alternatively, you can let WPbeveiligen proactively secure your WordPress, addressing these 10 points and more than 30 other security measures!

Preventing a Brute Force Attack

/0 Comments/in

How do you block a Brute Force attack?

You can block a Brute Force attack by using a security plugin that imposes a temporary or permanent block on the computer from which the attack originates after 5-10 failed login attempts. This block is based on the IP address. Initially, the block is temporary, but if the Brute Force attack continues, it may become a permanent ban.

Hiding the username

The security plugin we use immediately ensures that your username is not visible everywhere. This is a critical point as the username is the first key to a Brute Force attack.

Usernames are easier to determine than you might expect. For example, many users still use “Admin” as the username or have a username that is the same as the website’s name.

Hopefully, you don’t recognize yourself in these common mistakes. But even if you have a username that is as long as the dictionary, the usernames can be easily retrieved from the database, the author page, or the name above blog posts. There is even hacker software that can reveal usernames.

Think of it like the nameplate on your house – easy to read, but make sure they don’t get their hands on the password (the key)!

Hiding the login page

It’s important to prevent a Brute Force script from easily accessing your login page.

By default, every WordPress login page can be reached at:

  • www.yourdomain.com/wp-admin
  • www.yourdomain.com/wp-login.php

This is well-known information.

The Ithemes Security PRO NL plugin allows you to choose a new unique address. For example:
www.yourdomain.com/log-in-here

vulnerability in WordPress

What does WordPress do against Brute Force attacks?

As Brute Force attacks are common, WordPress decided in 2015 that passwords should meet certain requirements:

  1. They must be at least 8-10 characters long
  2. They should include numbers, uppercase letters, and special characters
  3. They cannot be the username or website name

In a Brute Force attack, each character or digit that makes the password longer exponentially increases the difficulty of cracking the password.

When are you most likely to face a Brute Force attack?

The only good news so far is that the better your website performs in search engines like Google, the more bots will find your website.

It means that your website is well-visible and being visited by users!

Prevention is better than waiting..

Brute Force attacks will always exist, so prevention is better than cure. If you act too late, your website may be filled with backdoors, leading to potential damage. Google doesn’t appreciate spammy websites and can even inform visitors with a red warning that your website is unsafe!

What if I want to use a plugin or theme that is leaky?

/0 Comments/in ,

You have just created a beautiful website with a nice theme and various plugins, and then your website gets hacked!

That’s incredibly frustrating! It has happened to us dozens of times too, even with all the knowledge we have.

What if it turns out that your plugin or theme has a vulnerability, and the developers are not taking any action, even after being informed about it? Even when you’ve paid for the plugin or theme, the developers might not respond to your requests for fixing the vulnerability.

Why don’t developers take action?

Theme developers are not hackers or security experts; their main focus is often on making as much money as possible. This might sound harsh, but unfortunately, it’s the reality.

What can you do now?

You have two options:

  1. Replace the vulnerable theme or plugin with a new one.
  2. Ensure that the vulnerable plugin cannot cause any harm.

Executing Step 1

You remove the vulnerable plugin or theme from the server using an FTP program to ensure that the vulnerability is completely removed. Then, you look for a new theme or plugin and hope that it does not contain any of the 4000+ known vulnerabilities.

4000+ vulnerabilities? That doesn’t sound good!

Let’s put it into perspective:

There are 42,565 free plugins and approximately 30,000 paid plugins. Since 2003, there have been around 150+ WordPress releases, many of which were for security reasons.

The security within WordPress is well maintained, unlike some third-party plugins or themes.

There are countless free WordPress themes, and the number of premium themes is also extensive. WordPress itself is still free!

This wide availability of themes and plugins attracts both users and hackers from all around the world.

Executing Step 2

Unfortunately, this cannot be easily fixed with just one security plugin, as such plugins may not restrict file permissions on the server level to function correctly. In this case, you need to ensure that a vulnerability cannot make server-level changes.

You can do this by removing write permissions from certain folders so that the vulnerability cannot modify them.

What does a vulnerability in a plugin or theme do, actually?

Often, it does nothing until the person who knows the vulnerability starts giving it commands. This can be achieved through browser injections or input fields (XSS).

Conclusion

It’s ultimately your choice whether you completely replace the vulnerable plugin or theme, hoping that these extra efforts and costs will increase security, or if you “freeze” the website temporarily so that it continues to work as it does now.

Do I need to keep up with WordPress update?

/0 Comments/in

The developers of WordPress are very active and sometimes release updates as frequently as monthly.

And that’s just for the updates addressing “potential” security issues discovered by the community. If you look at the release log, you’ll see that there have been numerous updates for WordPress.

WordPress takes prompt action when they discover a new vulnerability that could be exploited. This is a good practice!

However, it’s not always the case for plugins and themes. Some premium plugins and themes are not updated regularly, even when vulnerabilities have been known for months. These vulnerabilities are sometimes reported on forums, accessible to any hacker.

Should you update WordPress with every release?

It is advisable to keep WordPress updated regularly, but immediately updating right after every release comes with its own risks. Sometimes, new releases may introduce errors or issues in your WordPress. It’s not unwise to wait a few days before updating to ensure it is a security update or just includes “fancy” features for bloggers.

Help! I encountered an error after updating!

It’s not uncommon to encounter errors after updating. It could be due to insufficient server space or incomplete updates caused by a server outage. If you face this situation, you can manually upload WordPress via FTP.

My website is at risk!

You might receive alarming emails from your hosting provider stating that something is wrong with your WordPress site and that there are files posing a risk. These emails are sometimes generated by hosting software that detects not only hack files but also potential vulnerabilities.

However, a “potential vulnerability” doesn’t necessarily mean that your WordPress is compromised if it’s well secured. Since these notifications do not consider the security measures you have in place, they can be unsettling.

Ways to stay worry-free:

1. Regularly back up your website: Backups can help you restore your website in case of any issues caused by vulnerabilities.

2. Update WordPress regularly: Especially when there is a security release.

3. Use a limited number of plugins: Every plugin increases the potential for vulnerabilities, injection points, or XSS attacks.

4. Secure your website with a professional security plugin: A good security plugin like iThemes Security can enhance the protection of your WordPress site.

Remove hack files from WordPress

/0 Comments/in

You can recognize from the names of the hack files that they are related to programming; about 50% of the hack files have a logical structure that a programmer would develop.

Some of the most common hack files:

  • test.php
  • cache.php
  • files.php
  • options.php
  • view.php
  • diff.php
  • start.php
  • plugin.php

Note: These files can also exist in WordPress, so don’t remove them solely based on their names.

How do you identify if it’s a hack file?

In about 90% of the cases, the file contains a messy jumble of code—a base64-encoded code without any logic or formatting.

code example

Where can you find these hack files on your site?

They can be found in any directory. Although the “uploads” directory is a favorite target because it’s often writable, a hacker/hackbot can place files throughout your entire website.

If you want to systematically remove the files:

First, make a backup!

You can divide your WordPress website into 5 parts:

  1. WordPress core (try to refresh it completely)
  2. The plugins directory
  3. The themes directory
  4. The uploads directory
  5. The container directories

The plugins directory

This directory should only have an index.php file and the plugins. Refresh the plugins wherever possible, or check the modification dates to find the hack files.

The themes directory

This directory should also have an index.php file and one theme. Remove the themes that you don’t use!

The uploads directory

There should be NO PHP files in this directory. You can remove any PHP file.

The container directories

The “wp-content” directory usually contains only an index.php file and the directories mentioned above (2, 3, 4).

The “languages” directory should only contain language files and no PHP files.

The “upgrade” directory is used only for temporary upgrade files and is usually empty.

In conclusion

Removing all the hack files is a significant task and requires considerable knowledge.

And that’s not even considering the lines of hack code that are injected into your existing files. You can find these by checking the modification dates, and this code is often placed above or below the original code.

The more you know, the easier it is to remove hack files.

Good luck!

The invisible iFrame hack

/0 Comments/in

The “Invisible iFrame Hack” is one of the most effective hacks known.

Why is the iFrame hack so effective?

The iFrame spans across the entire browser width and height. So, wherever a visitor clicks, they will be redirected to the hacker’s advertising campaign.

But wait, there’s more…

The iFrame is controlled with a cookie and is displayed only once. Scanners, including you or security personnel, will see the site only once, creating the illusion that the problem was temporary or has been resolved.

Most people will simply think they might have clicked incorrectly and will hopefully return to your website.

The impact of the hack

Some visitors, maybe 1 out of 1000, might mistakenly believe they are in the right place and end up purchasing a service or product from the website where they weren’t supposed to be. This is exactly what the hacker, the creator of the script, aims for.

A small piece of code in a JS file

A JavaScript file (JS file) is supplemented with a piece of code that places an iFrame over your entire website. Despite your efforts, you might not find it easily as it’s just a small piece of code added to an existing file that belongs to the site.

When decoded by Sucuri, it looks like this:

click code

An effective method to remove the hack

You could search through your JS files, but the best approach is to replace all JS files with new clean ones that you download from the official WordPress website or your theme provider.

Preventing an iFrame hack

Of course, you don’t want the hack to reappear in your WordPress website a week later. To prevent this, update all your plugins, theme, and WordPress to their latest versions.

Additionally, use a reliable WordPress security plugin to enhance your website’s protection.

A spam file in my site, fortunately no problem?

/0 Comments/in

Sometimes, as web programmers, we are unaware if a problem lies with our internet connection or the website itself, leading to a slow website loading time of 5-10 seconds.

How to Find the Cause

You can easily identify the cause using the website http://tools.pingdom.com/ (free at the time of writing). After entering your website address, you’ll see global information, the number of requests, page load time, and page size at the top of the website.

speed test

What Slows Down Your Website?

The website’s speed depends on the slowest file, causing delays.

Fortunately, the mentioned website also shows how long it takes to load a file and the file’s size. By comparing this information, you can identify whether the issue is due to a large file or slow code execution.

 

Errors in code and files not in the right location consume significant loading time on the server.

A fantastic tool to test your website and determine which files need optimization!

And for programmers…

Using Google Chrome’s Element Inspector

You can also see the website’s speed using Google Chrome’s element inspector, found under “Network.”

speed inspector chrome

Now that you know how to identify the cause of slow loading, you can optimize your website.

Tips to Speed Up Your Website

  1. Create appropriately sized images using Photoshop.
  2. Deactivate and remove unused plugins.
  3. Review errors with the element inspector and fix them.
  4. Ensure links to files are correct.
  5. Enable a caching plugin like WP Super Cache.
  6. Use a security plugin to ban bots (fake visitors).
  7. Load as much code as possible from your own domain instead of external sources.

Less is more!

10 ways to keep WordPress secure

/0 Comments/in

Keeping WordPress secure is crucial for web designers and website owners. WordPress, as a base, is relatively secure, and regular updates are released to address security vulnerabilities in collaboration with the WordPress community. However, additional steps are necessary to prevent hackers from exploiting any weaknesses. Here are 10 ways to keep WordPress secure:

1. Update regularly: Ensure that you update WordPress regularly, especially for security releases. Check the changelog to see what security issues are addressed in each update.

2. Use strong passwords: Avoid using weak passwords like domain names or simple numbers. Brute-force attacks often target these weak passwords.

3. One website per hosting package: Avoid hosting multiple WordPress installations on a single package, as a compromised website can easily affect others.

4. Customize your CMS: Hackers know the standard WordPress installation, so customize the admin URL and hide sensitive information.

5. Be cautious with plugins: Only install reputable plugins with positive reviews and a good number of downloads. Limit the number of plugins to minimize potential vulnerabilities.

6. Perform backups: Regularly back up your website to have a clean version in case of any issues.

7. Set file permissions correctly: Ensure that the wp-config.php and .htaccess files have the proper permissions to prevent unauthorized access.

8. Restrict server access: Configure the server to deny access to certain folders to prevent hackers from exploring potential vulnerabilities.

9. Purchase premium plugins and themes: Avoid illegal downloads, as they may contain backdoors or malicious scripts.

10. Use a security plugin: A reliable security plugin can handle many of the above tasks, such as securing server directories, logging activities, blacklisting suspicious users, checking files for hacks, and blocking suspicious requests.

Remember that preventive measures are essential in securing WordPress. Following these steps can significantly reduce the risk of a security breach. As the Dutch saying goes, “voorkomen is beter dan genezen” (prevention is better than cure).