Types of WordPress hacked website infections:
You probably already know the word “malware” from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came “spyware” (programs that spy on what you do and send the details to a remove computer), as well as “anti-spyware” computer software. You might also have hard about trojans, and key-logging software as types of computer virii. The term “malware” in conjunction with a computer means something installed on your PC in order to deliver a payload. Like installing a browser toolbar, and having it (on the backend) install a script, program, or trojan without your knowledge as the payload.
Google started tracking malware in websites a few years back as part of Google webmaster tools. Malware (at that time) was known mostly as something installed in your website designed to deliver a payload unknowingly to the website visitor (also like a virus, trojan, program, script, etc.). Now, the term is used to cover nearly any compromised website wither it delivers an actual payload, redirects the user to a rogue website, or may contain some spam.
If you think about the amount of WordPress websites online (more than 73 million and counting), when reports come out that say “10,000 websites hacked from ABC vulnerability” it’s a small percentage in comparison to the whole. Then again, that’s 10,000 broken websites that are either down, redirected, or infested with spam.
Often people have a perception that there are actual people (or hackers) trying to break into websites. That’s not really the case, it’s an automated process. Hackers, spammers, and criminals write scripts to seek out and search for websites with specific vulnerabilities they can use to break in. They watch the latest security holes patched in WordPress itself, as well as themes and plugins. They also look for other software with holes, such as Joomla, Mambo, Drupal, phpBulletin, Simple Machines forum, phpBB, and anything else they can find. Often scripts are written to break in through one hole, and then just infect all PHP files, all sites in a hosting account, or just all WordPress installations at once.
So think about the home you live in and it’s security. You have locks on the doors and windows, and if someone were trying to get in – you’d know about it right away. The bulk of websites online are in shared hosting accounts. Unless you have some alerting or monitoring installed for your website (and even if you do), the only place break-in and hack attempts are stored is the server logs. You don’t know it but your website is being “attacked” night and day 24/7 hundreds (if not thousands) of times. You have no idea that something is constantly trying to break into your website. If you did – you’d actually beef up the security a bit.
Back to how the websites get infected. These automated scripts look for security holes in WordPress itself, themes, and plugins. If your website (or themes or plugins) are out of date – you might be open to one of these attacks looking for a way in. But this isn’t the only way.
Another way websites can be compromised (any website, not just WordPress) is by using an insecure connection to either login to FTP, your wp-admin dashboard, or your web hosting account. Remember when we talked about computer viruses and malware? If your PC is compromised and you connect to your WordPress website, your connection information could be sent to a remove PC by a keylogger or trojan. Even is your PC is clean, if you connect to any of these by an insecure connection such as Starbucks connection, public wifi in a hotel or airport, the same thing could happen (same if your home wireless router isn’t secured).
Yet another way your WP website can be infected is through your webhost itself. Maybe your account is managed with cpanel or Plesk control panel and your webhost hasn’t applied the latest patches for that software. Hackers can get in through those security holes. What if an exiting employee from a webhost steals the password files (which has actually happened) – you could be compromised. What if someone external breaks into your webhost and steals your login information (which has also happened at multiple webhosts multiple times), you can also be broken into.
More often than not what we do see, are large webhosts with shared webservers where hackers break into as many sites as they can on one box at once (bad neighborhood or guilt by association break-ins). Hosts that do stupid things like leave directory indexing on by default – don’t help matters much.
Now that you know what malware is, and how websites get infected, it’s time to find out how to protect your own website from malware (infections). While we can’t give you complete step by step instructions, we can give you some great points to follow which will make your website more secure and hardened than it ever has been.