Find & remove malicious content from Wordpress site and install new security measures
- or -
Post a project like this1981
£70(approx. $88)
- Posted:
- Proposals: 18
- Remote
- #2197844
- Awarded
Description
Experience Level: Intermediate
Hi freelancers,
I have received a messege from my web host saying malicious activity has been detected on our wordpress website. Please see email received below:
"Unfortunately, malicious activity has been detected on your account. Such activity can harm the site's visitors, as well as its reputation on search engines and the reputation of the server with email providers. As such, this is seen a breach of our acceptable usage policy and has left us with no choice but to temporarily disable part or all of the account.
Although it is an undesirable outcome, disabling the account is the best way for us to limit the harm malicious content or activity can cause to the website, its visitors and other customers until the cause of the issue has been identified and resolved
How has this happened?
Often this is caused by a vulnerability somewhere in your website's code which has allowed an attacker to inject malicious scripts into your website. Normally this is possible via exploitable vulnerabilities in out-of-date software in your site's application such as plugins or themes which you have installed. It is also possible due to poor security practices in custom-written website code, or insecure passwords for your email, ftp or hosting accounts or the website's admin areas.
Preventative measures
There are various steps you can take to increase the security of your website and help prevent this from happening again in the future. Some of these include:
Keep up-to-date with the latest software versions on your website
This includes content management systems and applications such as Wordpress, Joomla! and Prestashop; pro-actively update both the core software, and all plugins & themes that are installed. Depending on your application, there may be additional security plugins you can install to help you keep on top of updates. It is also good practice to delete any themes or plugins which are not being used, as even an inactive plugin could act as an entry point to the rest of your website.
Use secure administrative passwords
Your website could be compromised if an attacker knows or can guess a password to any one of your hosting account, email, FTP accounts, or the site's admin areas. It's a good idea for these to be at least 8 characters long and contain a mixture of lower and upper case letters, numbers and unusual characters.
Regularly scan your PC and other devices for malware
No matter how secure your website is, malware on any device you use to access administrative accounts for your website or email, could lead to an attacker gaining a critical password for your site and lead to it being compromised.
What to do next
When a website is compromised in this way, additional 'backdoors' could be injected and hidden amongst the site's normal code to allow an attacker to compromise it again in the future. It is therefore important that every trace of malicious code is identified and removed before the site can be brought back online.
Cleaning up compromised websites is unfortunately not a service we are able to provide, so if you are unsure of how to proceed with doing so we would recommend you contact a specialist web developer for advice and assistance.
We are able to allow restricted access to the site for you or your developers if this is something that you require. When you are certain the website is rid of any malicious code or content, please contact us and ask for the site to be reviewed. It would help for you to demonstrate steps which have been taken to secure the website and your account.
If we believe the site is clean and no longer poses a risk, we will make it publicly accessible again"
I have installed a couple off plugins "Wordfence" & "Quttera" and the scan reports show a change in the DNS IP and the new IP is located in Russia, this may be 1 of the problems but to be honest this is beyond my knowledge so I need an expert to find and remove any malicious code, content etc... Wordfence scan gave 8 warnings, 2 of which where malicious & 6 where suspicious.
It must be completely fixed so my Web Host is happy and removes the lock on our account. The site must then be checked that everything is working as it should i.e the contact forms etc... Any new security measures to prevent this from happening in the future would be welcomed also. We get spam through our contact forms also so finding a fix for this would be great too.
Thanks
I have received a messege from my web host saying malicious activity has been detected on our wordpress website. Please see email received below:
"Unfortunately, malicious activity has been detected on your account. Such activity can harm the site's visitors, as well as its reputation on search engines and the reputation of the server with email providers. As such, this is seen a breach of our acceptable usage policy and has left us with no choice but to temporarily disable part or all of the account.
Although it is an undesirable outcome, disabling the account is the best way for us to limit the harm malicious content or activity can cause to the website, its visitors and other customers until the cause of the issue has been identified and resolved
How has this happened?
Often this is caused by a vulnerability somewhere in your website's code which has allowed an attacker to inject malicious scripts into your website. Normally this is possible via exploitable vulnerabilities in out-of-date software in your site's application such as plugins or themes which you have installed. It is also possible due to poor security practices in custom-written website code, or insecure passwords for your email, ftp or hosting accounts or the website's admin areas.
Preventative measures
There are various steps you can take to increase the security of your website and help prevent this from happening again in the future. Some of these include:
Keep up-to-date with the latest software versions on your website
This includes content management systems and applications such as Wordpress, Joomla! and Prestashop; pro-actively update both the core software, and all plugins & themes that are installed. Depending on your application, there may be additional security plugins you can install to help you keep on top of updates. It is also good practice to delete any themes or plugins which are not being used, as even an inactive plugin could act as an entry point to the rest of your website.
Use secure administrative passwords
Your website could be compromised if an attacker knows or can guess a password to any one of your hosting account, email, FTP accounts, or the site's admin areas. It's a good idea for these to be at least 8 characters long and contain a mixture of lower and upper case letters, numbers and unusual characters.
Regularly scan your PC and other devices for malware
No matter how secure your website is, malware on any device you use to access administrative accounts for your website or email, could lead to an attacker gaining a critical password for your site and lead to it being compromised.
What to do next
When a website is compromised in this way, additional 'backdoors' could be injected and hidden amongst the site's normal code to allow an attacker to compromise it again in the future. It is therefore important that every trace of malicious code is identified and removed before the site can be brought back online.
Cleaning up compromised websites is unfortunately not a service we are able to provide, so if you are unsure of how to proceed with doing so we would recommend you contact a specialist web developer for advice and assistance.
We are able to allow restricted access to the site for you or your developers if this is something that you require. When you are certain the website is rid of any malicious code or content, please contact us and ask for the site to be reviewed. It would help for you to demonstrate steps which have been taken to secure the website and your account.
If we believe the site is clean and no longer poses a risk, we will make it publicly accessible again"
I have installed a couple off plugins "Wordfence" & "Quttera" and the scan reports show a change in the DNS IP and the new IP is located in Russia, this may be 1 of the problems but to be honest this is beyond my knowledge so I need an expert to find and remove any malicious code, content etc... Wordfence scan gave 8 warnings, 2 of which where malicious & 6 where suspicious.
It must be completely fixed so my Web Host is happy and removes the lock on our account. The site must then be checked that everything is working as it should i.e the contact forms etc... Any new security measures to prevent this from happening in the future would be welcomed also. We get spam through our contact forms also so finding a fix for this would be great too.
Thanks
Steve D.
100% (8)Projects Completed
5
Freelancers worked with
5
Projects awarded
100%
Last project
7 Jun 2019
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies