brute force attack WordPress, procect XMLRPC

Does Your Website Have a Silent Partner?

A Not-So-Nice Silent Partner!

Earlier this month I restored a hacked website; Not an uncommon task as of late. What made this one unique was that there was no obvious sign that the website was hacked. Usually when a site’s been hacked it will be painfully obvious: Your website is no longer online, or the hacker replaced your site with their “You’ve been hacked!” page. 

With this particular hack, from the viewers perspective, the site looked and worked as per usual. Just by looking at the site, you would never know anything was wrong with it. So then, how was it discovered that the site had been hacked and malicious code placed in every file on the server? The client received a notice that the website’s IP address had been blacklisted.

Since this was not a site I regularly update and maintain, it took the blacklist notice to discover the site had an evil silent partner working behind the scenes destroying the client’s online reputation! The only solution in this particular case was to:

  • remove all files from the server,
  • run a security scan,
  • do a fresh WordPress install,
  • restore the site, and
  • run another security scan.

Once that was completed, I then contacted the hosting company to have them assist with removing the site IP address from the blacklist; which they did in a relatively short period of time. It usually takes an act of congress to get your IP address of a blacklist.  

Thankfully, this site owner had a backup copy of the site that was NOT stored on the server. Too many site owners have NO backups of their entire site (including the database and plugins; if being used). In such a case, the only remedy is to build a whole new website from the ground up.

Which leads me to these very important points: 

  1. ALWAYS have a FULL backup of your site — If it’s a WordPress site, the backup needs to include the databases. 
  2. Do your site backups on a regular basis and retain more than your last backup. Your last backup could be a hacked copy. How often you do them depends on how often you add/change content on your site.
  3. NEVER count on your Web Hosting company to have a backup copy. While most hosting companies do keep backups for their own use, such as when they’re moving sites to a new server, it’s not their job or responsibility to keep a backup of your site.
  4. It is best practice to NOT store your backups on your web server. If, for example, they’re stored in a ZIP archive on your server and your site gets hacked or is taken over by ransomware, the backups will also be encrypted and will be useless. Your backups should be stored offline, either with a backup service provider (such as VaultPress) or using a cloud storage service like Dropbox.

Keep an eye on your site and run security checks. You can use your cPanel to run a check in addition to using a security plugin (for WordPress sites) on your site to run security scans. 

Yes; babysitting your website does take time and patience. Even so, there is no guarantee that your site will NEVER be hacked. Sometimes it’s an easy fix and other times a professional malware removal service is required. Major corporations and government agencies with megabucks to spend on web maintenance and security get hacked, and hackers become more clever by the day.

As a kindly reminder; it’s FAR less costly to maintain a site than it is to restore a hacked site. 

If you don’t have the time or energy to take the above mentioned steps on a regular basis to help protect your online business, then seriously consider subscribing to – at the very least – the Fundamental Maintenance Plan.

The ONLY “Silent Partner” you want for your online business is the person taking care of your website!