WordPress is currently the most popular website management software and currently supports more than 70 million websites worldwide. With the introduction of new updates and patches, the software itself needs to be maintained. WordPress has been available for free since 2004, creating a website with versions from 1.x to the latest (3.3.2).
From the original WordPress version to the latest version, there are hundreds of updates available - some of them update very large security holes. Over the past few years, the term "malware" has been used in conjunction with WordPress websites that have been attacked (hacked) through one of these security holes. Although malware is often a term describing a virus that uses a payload on a PC, the term is now more commonly used to describe a (WordPress) website that has been infected with SEO spam or malicious scripts or code.
The best precautions for WordPress malware are to stay current. With the release of the new version, upgrade as soon as possible. Also, make sure that the theme and plugins you have installed are up-to-date.
Malware prevention tips
Updates WordPress is a great preventive drug, you can take a variety of other measures to further protect your site:
Remove old plugins: Be sure to remove any of yours Unused plug-in (disabled). Even unused plugins can be a security risk. Also, make sure to only install plug-ins that have been updated in the past 12-18 months. If you use plugins that are older than ever, they may not be compatible with the latest version of WordPress (or your theme) - and they may also have security holes.
Recall your topic: How big is your WordPress theme? If you purchased from a developer, check and confirm that you have the latest updates available for your installation. If you have a custom theme (or even a self-written theme), make sure that it is reviewed annually by experienced developers or security experts to ensure it has no security holes.
Security and Hardening: You should install and configure one or more popular WordPress plugins to protect and harden your website (outside of "out of the box" settings). Although WordPress is a very mature and secure platform, you can easily add multiple additional layers of basic security by changing the administrator username, the default WordPress table name, and security for 404 attacks and long-term malicious URL attempts.
Malware Removal Tips
If you think your WordPress site has been hacked or infected with malware, malicious scripts, spam links or code, you should first obtain a backup copy of your site (if you haven't already). Get copies of all files and database copies in the virtual host account downloaded to the local computer.
Next install one of the many free malware scanner plugins in the official WordPress official free plugin repository. Activate it and see if the infection source can be found. If you are a technician, you can delete the code or script yourself. Be sure to check all your theme files, and you may also need to reinstall WordPress.
If your WordPress core file is infected, one of the best ways to remove the infection source is to delete the entire wp-admin and wp-includes folders (and content) and all files in the site root directory. Delete topics and plug-in folders in the wp-content folder (keep uploads, including uploaded attachments and images). Since you have a copy of the local website, you can reinstall the theme and know which plugins are installed.
The best thing to do now is to download a new copy of WordPress and install it. Connect to your existing database using a local copy of the wp-config.php file. Before reinstalling themes and plugins, you may need to log in to the wp-admin dashboard one at a time and go to "Tools -> Export" and export and copy labels, categories, and authors. Now (if you want) At this point, you can delete the entire database, create a new database, and import all the content, so you have a brand new WordPress and a new database copy. Finally, reinstall the theme and new copy of all plug-ins in the official WordPress repository (do not use your downloaded local copy).
If these steps are too technical for you, or if it does not eliminate the source of infection, you may need to get help from a WordPress security expert.
Preventive Maintenance Advance
If your site is very important to you, or if you use it for commercial purposes, then protect it as if it were your actual business. If your site stops running tomorrow or there is no commission, will it happen? Will hurt your business? A small preventive drug has a long way to go:
Backup and disaster recovery plan: Make sure you have a tested backup solution (this is why most companies call it a disaster recovery plan). There are many free and paid plugins and solutions that can achieve this goal for WordPress websites.
Installing Basic Security: If you do not have the WordPress Security Plugin installed, please immediately get a top rated and most recently updated official free plugin library to protect your website. If you do not like people who do this or do not have a technical website, then hire a WordPress consultant or security expert to do it for you.
Orignal From: How to Prevent and Remove Malware in WordPress
No comments:
Post a Comment