6 Lessons Learned After Fixing Two Server-Wide WordPress Injection Hacks Twice

I am not a WordPress specialist by any means but having worked on this platform ever since it appeared allowed me to know a lot about it. There are millions and millions of sites using WordPress out there so it is only normal that problems would appear. Hackers love attacking WordPress sites because of various reasons so it should be no surprise to see that from time to time you need to do some cleaning.

The Story

A business partner of mine has a VPS and hosts around 15 sites on it. He does not know anything about managing a server so I give him a hand from time to time. There were 2 hacks that took place on the server in the past few months. Both were injections. A PHP injection is when there is a vulnerability in the site and some code is added. That code can do various different things from adding new pages to your site to giving access to the SQL database.

  • Hack 1

In this case the code created thousands of pages that included spun content and various bad links. It was used for black hat SEO. As a result all the sites on the server got a Thin Content Google penalty. This did take a long time to fix because Google is not that fast in going through the requests. Most likely, they get a lot of these.

  • Hack 2

With this one we had hundreds of new .php files that appeared all around the sites. I have no idea what the files did but the hosting company stopped access for visitors on the server since those files launched services that put a lot of strain on the system. The solution for this was rebuilding all 15 sites from scratch. It took around 3 full days of work.

After All Was Solved

A lot of time was spent fixing problems so I visited hundreds of sites. In the process I learned some very important lessons about this process. I believe all people that have WordPress sites or servers should know about the following.

1. WordPress Security Is Taken For Granted

The most common problems with WordPress sites appear because of a simple reason: people do not update their themes and plugins. Whenever a new version is released, it is vital that you update. Many of the updates are actually really small and just deal with security problems that were discovered. You always want to update everything as soon as the new versions appear. This drastically reduces the possibility that your sites will be hacked.

2. Backups Are Absolutely Necessary

Most sites that I had access to in the past had absolutely no backup system in place. It is quite important that you do not do this mistake since:

“No matter what you do, your sites will eventually have security problems. “

A backup can so easily help you out as you get everything back to normal in just a few minutes as opposed to hours or even days. The simplest option available is Vaultpress by Jetpack but you can use whatever you feel is appropriate. Make sure you always have at least monthly backups for:

  • Your SQL database
  • Your uploads folder

3. Paying For Managed Hosting Is A Good Idea

Most people believe that WordPress is simple. Because of this they just use hosting services that are not managed. Paying a little more for the managed version is usually a really good idea. This is because there are specialists that are going to make sure that your sites are as secure as possible.

When the hosting package you opt for is not managed and you are the one responsible for the entire server, you have to know much more than how to add a new post to a blog. At the very least you have to install a good firewall.

4. Deal With Problems As Soon As You Notice Them

With the second problem that appeared I did notice that the hosting was a little slow. Also, one of the writers did report that it took a lot of time to upload new images. These problems were just ignored. Eventually, the strain put on the server was so hard that the hosting company had to take serious actions. All that should have been done was to investigate files on the server. It was quite obvious that some of them should not have been there.

Never ignore any problem. Most of the WordPress problems that appear show some signs. When you see them, investigate!

5. Check Your SQL Databases From Time To Time

You surely have access to PHP Admin or similar so you can have access to the MySQL databases. Even if you do not know that much about it, you can easily just look at the tables with user accounts and others. As I was investigating  why the second hack happened I noticed there were around 1500 fake user accounts created with one of the sites.

As you are checking the SQL databases, do save them every month. This can help you solve many problems and you can easily move the WordPress site to another hosting provider whenever you want to, as long as you also save the uploads folder, as already mentioned.

6. Old WordPress Themes Are Vulnerable

The second hack most likely happened because of an old WordPress theme that had many security vulnerabilities. You want to be sure that you replace all the old themes that no longer have developers working on them. The problem is especially seen with free themes. When you use themes that are offered for free and you do not change it after around one year, there is a very good possibility the theme is no longer secure.

It is always better to go for a paid theme. In the event you use a free theme, like I do on this blog, check the date when it was last updated. Also check to see if the theme is compatible with the latest WordPress version. If support is no longer offered, it is a clear sign that security vulnerabilities will most likely not be solved and vulnerabilities always appear.

Conclusions

Your sites are very important for you and you lose nothing if you learn as much as you can about WordPress and hosting. Always be sure that you are up-to-date with everything. When you see the Updates part of WordPress installation showing that an update is available, do it. Check the plugins and the themes to see when they were last updated. If a lot of time passed, move on to something else.

Leave a Reply