How to Protect WordPress from malware?

 Protect WordPress

Malware

WordPress is installed on so many websites now, the global reach is comparable to a company like Microsoft. You probably already know the word malware from PC’s and computers. Computer viruses have been around a long time, as well as virus scanning software. With the Internet age came spyware (programs that spy on what you do and send the details to a remove computer), as well as anti-spyware computer software. 

Best way to protect your WordPress from malware

1) Reset your password:

Regularly reset your WordPress admin, FTP, and web hosting control panel passwords every 30-60 days. Be sure to use a 12+ character strong password. Never use the same password at multiple websites or for multiple accounts.

2) Update Everything:

To keep WordPress itself updated, and all plugins and your theme as well at all times. Check to see if your theme has an update available if you purchased it from a developer or a theme house. Have it reviewed by a competent WordPress developer once per year for vulnerabilities if it was custom coded.

3) Limit Access:

Limit and give admin access to only those with a “need to know” basis within your WordPress website.

4) Remove unused items:

Always remove all themes and plugins that are unused and inactive. In addition be sure to remove any plugins that haven’t had an update in 12-18+ months or more.

5) Setup alerting and monitoring:

web hosting companies are all kinds of free services that will alert or monitor you if your website is down.

6) Register with Google Web-master Tools: 

If you register with Google Web-master Tools and they find malware in your website, they will notify you via email. Keep in mind by the time they notify you, your website could have been infected for days or weeks.

7) Update wp-config security salts:

Since before version 3.0 the wp-config.php file of every WP installation has contained security salts and a URL to get random ones to update the file with. Be sure to update your wp-config file.

8) Install and configure a security plugin:

Setup and configure an all-inclusive security plugin, something like Better WP Security or Secure WordPress.

9) Setup and test a backup solution:

You can use a free plugin, premium solution, or web based service to backup your website to an offsite location for recovery in case you are hacked, or something at your web host goes down. This is even protection against issues if you upgrade WordPress or plugins and a conflict takes your website down. At least with an option like this, if you are taking regular versioned backups, you can easily revert to the last known good version.

Malware Infection Breaking WordPress Websites

Malware Infection Breaking WordPress Websites

There is a known malware infection caused by a serious vulnerability in the MailPoet WordPress plugin. This malicious attack attempts to slyly inject Spam into the hacked site, which is causing websites to break, and focuses predominantly on WordPress sites with outdated plugins or weak admin passwords.

 

Malware Infection

 

 

  • The infected PHP code is very buggy and is corrupting legitimate website files, as well as themes and plugin files, which causes PHP errors to be displayed instead of website content:

Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91

 

  • After removing the infecting malware, the only way to remedy the issues is to restore the corrupted files from a backup. This is what the malware code looks like:

< ?php $pblquldqei = ’5c%x7824-%x5c%x7824*!|!%x5c%x7824-%x5c%x7824%x5c%x785c%x5c%x7825j^%xq%x5c%x7825%x5?c%x7827Y%x5c%x78256<.msv%x5c%x7860ftsbqA7>q7825)3?of:opjudovg< ~%x5c%x7824!%x5c%x782421787825!|!*!***b%x5c%x7825)…

 

  • If you are running MailPoet, we recommend upgrading it to the latest version.

Note : If you do not have a firewall on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.

How to Installation Linux Malware Detect (Maldet) On Linux

Linux Malware Detect (Maldet) :

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

Follow the steps below to install maldet on your server.

A) Install maldet on your server

1) SSH to your server
2) Download the tar file and install it.

cd /usr/local/src/ && wget http://www.rfxn.com/downloads/maldetect-current.tar.gz && tar -xzvf maldetect-current.tar.gz && cd maldetect-* && sh install.sh

This will automatically install a cronjob inside /etc/cron.daily/maldet so a daily scan will be run for local cPanel or Plesk accounts.

B) Update to the latest version and virus signatures:

maldet -d && maldet -u

C) Run the first scan manually

Launch a background scan for all user’s public_html and public_ftp in all home directories, run the following command:

maldet -b –scan-all /home?/?/public_?

D) Verify the scan report

1) List all scan reports time and SCANID:

maldet –report list

2) Show a specific report details :

maldet –report SCANID

3) Show all scan details from log file:

grep “{scan}” /usr/local/maldetect/event_log

E) Clean the malicious files

The quarantine is disabled. You will have to launch it manually.

maldet -q SCANID