One of my WordPress sites got hacked. When I try to access the site now, it is showing the infamous “The site ahead contains malware” red screen (from Chrome browser).
Force access to cPanel’s File Manager reveals that the file structure is in mayhem.
Also tried to remove those malicious files but to no avail. It was infected with thousands of those weird looking files all over the places. And they are so many of them that the web accessing speed is crawling.
Before I go to the “solutions”, let me (attempt to) explain why my WordPress site got hacked. My big mistake – I didn’t update my WordPress site (for months/years). Yes, it’s unlike me for not updating my WordPress site. But this one that got hacked was one of many of my domains that was not on auto-update.
So the major lesson #1 learnt : Always update your WordPress site(s) and all the themes and plugins to the latest version.
Alright, let’s jump back to see how to rescue my infected site.
First thing I do – contact the hosting provider; Hostgator. My reply from Hostgator :
At this time, we are no longer performing cleaning of accounts for our clients. This includes any malware removal or securing of accounts which have been compromised. We sincerely apologize for any inconvenience this may cause. If you are looking for a proactive approach to detecting and addressing security issues with your site, consider SiteLock, a site monitoring tool for small and medium-sized businesses. Their service can also work to remove malicious content from your account. You can reach them directly at 877-563-2849. Per our Terms of Service, it is your responsibility to ensure the security of your account. However, we will be happy to perform root cause analysis within specific limits such as log availability and server evidence, for a fee.
Fine. I check out at SiteLock. No pricing stated, just “Request A Quote” – experience tell me that if they don’t put pricing on their site, it will not be cheap. Anyway, I go ahead to request a quote but ain’t got no reply yet (after 2 days).
I go ahead to Google for similar sites like SiteLock that offers malware removal and site restore. I found (i) sucuri.net ($199/yr per site), (ii) SiteGuarding.com (49.95EUR++) and (iii) Scurit.com ($89).
Sucuri seems to be the better one amongst them. But the price is high. Chatted with them (Sucuri) and the chat support was prompt. My site that got infected is not my “critical” one so I’m not willing to spend $199.
Site Guarding seems lower. But the lower 49.95EUR is only for malware removal and does not include file analyze and bugs fix. With so many weird files I saw in my FTP, I know the price will skyrocket.
Scurit site malware removal seems to be the cheaper one but also the least “authority”. Nevertheless, I’ve gone ahead to try this one. Will report back.
But more importantly, how do I prevent such incident from happening.
Further online research point to a WordPress plugin called WordFence.
Is it good? Well, easy. A check at WordPress.org site shows that there are more than a million installs with thousands of ratings averaging 4.9/5. Now that seems to be a must-have plugin. The decision is easy, from now on, all my WordPress site will include this WordFence plugin.
One worthy note on WordFence though. It is not an easy plugin for configuration. Truckload of configs and settings. I will like come back with a detailed post on WordFence once I’ve learnt and used more about it.