WordPress Malware Problem help! [duplicate]

Basic Security Steps

Since WordPress is so popular there are a lot of drive by hacks knocking around taking advantage of flaws in basic security. All WordPress users should take the following basic and easy steps to protect themselves:-

  • Do not use wp_ as the database table prefix, use any string of random characters that appeals.
  • Turn off WordPress DB errors.
  • Make sure your directory’s are set to chmod 755 and files 644.
  • Use a secure password generator (use at least 15 characters).
  • Do not use admin as a username.
  • Place a blank .htaccess file in the wp-admin directory.
  • Read WordPress hardening
  • Check the Google Cache of your site for hidden malware, some cunning malware only displays its payload to the google bot.
  • Remove <meta name="generator" content="WordPress X.X.X" /> from your site’s header by placing remove_action('wp_head', 'wp_generator'); in your functions.php file (drive by attackers will not have an easy way to find which version they are targeting if you do this).

TimThumb Hack

There is also a very popular drive by hack associated with an old version of the popular tim thumb script, which causes a lot of problems for webmasters. Check your uploads directory for php files and ensure you’ve upgraded to the latest version of the script to avoid this.

Advice

I run about 10 different WordPresses and have found the WP-Security plugin and account from website defender invaluable, it scans your site regularly and reports on security errors, malware, and even page errors via email so you can be assured that you know when something goes wrong.

WP-Firewall is also very useful for defense against 0-Day exploits and VirusTotal is handy if you suspect an infection.

Akismet and Disqus.com are useful tools for defending against comment spam, and you should read the webmaster pros community wiki on this subject.

Webmaster Tools

You should also sign up to Google Webmaster Tools, but if you suspect an infection, take all steps to find and clean it up first or you may end up with Google warning your users that yours is a reported attack site.

If it detects an infection Google will send an email to all of the following addresses abuse@, admin@, administrator@, contact@, info@, postmaster@, support@, webmaster@ so you should ensure that you have at least one of these in place and monitored.

Paid Removal Services / Where To Get Help

There are also a number of sites which offer paid malware removal services, I would be very suspicious of these – many appear to be scams of one sort or another.

There is plenty of high quality help and support available for free in the wordpress forums, on webmaster pro’s, the wordpress stackexchange site and on stackoverflow. Don’t pay for things you can fix on your own.

Related Posts:

  1. Is moving wp-config outside the web root really beneficial?
  2. Hide the fact a site is using WordPress?
  3. Best way to eliminate xmlrpc.php?
  4. Prevent setup-config.php page from appearing when host blocks database
  5. neccessary?
  6. Best practices to assert current_user_can() with guests
  7. WordPress Security tools
  8. SSL Error: unable to get local issuer certificate
  9. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site? [closed]
  10. Why does the URL http://a/%%30%30 crash Google Chrome?
  11. When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
  12. Can an attacker use inspect element harmfully?
  13. Where does Internet Explorer store saved passwords?
  14. Infected Files – what to do [closed]
  15. WordPress 4.7.1 REST API still exposing users
  16. Should I escape wordpress functions like the_title, the_excerpt, the_content
  17. Why does WordPress need my private ssh key to update?
  18. When to use esc_html and when to use sanitize_text_field?
  19. Why does WordPress have more than one salt?
  20. What is the ideal setup to address security concerns?
  21. Will there be security updates for 3.1 once 3.2 is released?
  22. WordPress it’s cleaning a custom query_var to avoid sql injections?
  23. Can someone explain the use cases of esc_html?
  24. Tips for finding SPAM links injected into the_content
  25. Close a wordpress blog – keep site as it is but prevent hacks
  26. Is WordPress vulnerable to the httpoxy?
  27. wp.getUsersBlogs XMLRPC Brute Force Attack/Vulnerability
  28. WordPress and Security
  29. Is there a security risk giving someone temporary access to my blog’s code?
  30. How to properly sanitize/secure a WP Query coming from the front end
  31. brute force attack even though it is limited by IP
  32. What should I do about hacked server?
  33. How do I authenticate WP users from a chrome extension?
  34. Website is being flooded [closed]
  35. Handling email piping attachments and detecting unsupported file types
  36. Should I Worry About SQL Injection When Using wp_insert_post?
  37. Auth cookie value security risk?
  38. Is there a way for a user to have an alias?
  39. Security – Shortcode injection attack
  40. Registration Plugin – Recaptcha integration
  41. Security threat with `home_url`?
  42. How to combat flooding admin-ajax.php?
  43. Moving away from MD5: Where to declare the custom global $wp_hasher?
  44. Would it be dangerous to send all the wp_options to javascript file?
  45. Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
  46. Should I disable directory listing for wp-includes?
  47. Safety side of storing emoji into database
  48. Verifying that I have fully removed a WordPress hack?
  49. Large Session Tokens
  50. How can I safely hide the fact that my website runs on WordPress? [closed]
  51. How to change permissions of WordPress and/or apache on macOS securely?
  52. How can I display nickname instead username in links
  53. My WordPress Websites are always under attack
  54. Is there value in using a wp_nonce for POST requests?
  55. Using an Encryption class in a WordPress Plugin
  56. How to hide easy access to my website temporarily?
  57. Can I Remove xmlrpc.php completely?
  58. Config file with no Keys..?
  59. How much should I worry about these messages?
  60. Uploading .webm format on WordPress results in security guidline breach and fail
  61. Any any insecure http:// URLs left in wordpress?
  62. White screen of death on admin pages after moving wp-config up two levels for security
  63. Session Cookie security questions
  64. Storing FTP details in wp-config.php
  65. Can a WordPress administrator see other users’ passwords?
  66. Why my plugins are updating automatically?
  67. Spam injected in w3 total cache page cache [closed]
  68. Privilege escalation bugs in 2.9?
  69. Content-Security-Policy blocks WordPress check boxes from being activated
  70. Custom API plugin to execute 3rd party API to retrieve data
  71. How to distinguish between a hack and an encoding error?
  72. Prevent editor from adding script or form
  73. How to change location of wp-config.php to folder or 2 folders up?
  74. Finding where a snippet of code is coming from
  75. wordpress admin security
  76. Remove hacked code – out of ideas! [closed]
  77. Why do people use “admin” username by default? [closed]
  78. WordPress Database Re-installed (Hacked)
  79. Robots.txt file not updating
  80. Security: Critical backend outside of wordpress
  81. Advice On How to Backup WordPress
  82. How can I stop other plugins from using my class’ sensitive methods?
  83. How to Password Protect whole site except for some subdirectories
  84. What are WordPress Current Security Issues in 2017?
  85. wp-config.php moved above root results in no plugin updates
  86. Password-protect feed and make it usable in major aggregators
  87. Should I change the default file and folder permissions?
  88. WordPress exploited theme is causing high io load on server
  89. How to rewrite rules for WP-security in Nginx?
  90. how to find the way they hacked my WP site
  91. How to set custom validation for WordPress Passwords?
  92. Is it a bad idea to CHMOD 777 all the files on your site?
  93. How to stop repeated hack on header.php of custom theme? [closed]
  94. is this code properly secured
  95. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
  96. How to get real password (before encrypt) when register a user?
  97. Move data from wp-config to another file
  98. Heartbleed: What is it and what are options to mitigate it?
  99. OpenVPN vs. IPsec – Pros and cons, what to use?
  100. How to test if my server is vulnerable to the ShellShock bug?