Categorized | News, Website Design

Protecting Your WordPress from Malware

malware security 01

There’s a lot of appeal when it comes to WordPress blogs. After all, installing them is easy, and administering them is even simpler. A good chunk of popular websites run WordPress, and its uses are uncountable. They can be used for blogs, companies, education, media, and more.

Their usage, however, is a weakness as well. People can make malware that can infect many blogs, and it can cause a lot of destruction for owners. Owners must act upon this malware, and fast, or it can spread to your viewers’ computers as well. This means that your visitors now assume you’re some scumbag who wanted to infest their computers. Say goodbye to your site and your trustworthiness! After all, 11,000 WordPress domains have blacklisted by Google, and as many as 100,000 may be infected.

The Case of the SoakSoak Bug

Recently, people have been asking for support concerning an infection. This infection revealed to be coming from malware known as SoakSoak.ru, and it came through a premium plugin. As you should know, plugins are everywhere on WordPress. Admins use them to add many components to their site, from looking at statistics to sizing pictures. Free plugins are susceptible to malware, so it’s common.

But premium plugins are a different story. Take Slider Revolution. Costing $18, it was an investment many admins took if they wanted a great way to display images. While the program isn’t solely to blame when it comes to the SoakSoak attack, it’s a common factor, and it’s safe to say that it’s one of the major culprits.

Note that WordPress wasn’t the only site type that had an infection. This attack was centered around similar weaknesses in a lot of plugins and webhosts.

How Can Malware Affect a Visitor?

If you’re going to visit an infected website with no protection that stops you from doing so, you may see a website that doesn’t look suspicious. There’s no red flashing around, and it seems as though everything is all right. It must have been a false alarm, right?

While you’re doing that, malware is infecting your computer secretly. The page automatically installs the moment malware security 01you land on it. This is known by many as a drive-by download, where you don’t download something by just clicking on it. It’s automatic, and it hits you pretty hard. This malware takes you to SoakSoak.ru, where they put even more malware on your computer without your consent.
That sounds dangerous! How can you handle this?

How to Pinpoint if Your Site’s Infected and Eliminate it

Even if your site isn’t WordPress, you should definitely look at it and make sure that there’s no malware around. If your site is infected, this means that most likely, your readers got the virus too, and if they realize that your website caused them to get malware, they won’t come back.

So how do you remove malware from your site? It’s actually a bit different than removing it from your computer. What you should first do is go to www.sitecheck.sucuri.net. This is a site checker that will scan your website and look for signs of malware as it attempts to load on your browser. The scan is quick, so you won’t have to worry about it wasting your time if it doesn’t fine anything. In addition, you can remove the malware using this site, but you have to pay for that.

So what do we know about the SoakSoak malware?

What it does is that it changes the wp-includes/template-loader.php code.This file has a malware wink that automatically loads to your site. Because it’s infected the template loader, you can’t fix it by changing your theme. So how do you change it? One way is to always backup your site. Your host should do it for you at least once a week. Simply delete your site and reinstall using the older backup. This is the best way to do it for no cost.

If you want to manually hunt for it, go to the swfobject.js script and delete it, as well as the changed code in template-loader.php. Search through your database to make sure that there is no instance of this code. Look at all your files and see if the code is hiding in any of those. This is the best way if you want to manually delete your stuff.

If your site is blacklisted by Google, go to their advice page and see how you can get your website off their blacklist.

So no matter how you host your site, malware is going to be there waiting for a good time to strike. You should not think of malware as harmless. It can do a lot to your site, some of it irreversible. It can turn away visitors and even steal precious data from you. So the best way to make sure that your site is protected is to keep backing it up, keep scanning it, and make sure that everything you install to it is secured. This will help you to prevent most malware attacks. By keeping your site secured, you have a low chance of being attacked, and you’ll be happy that you added that extra security to your site.

Leave a Reply