1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware On All Of My Wordpress Sites

Discussion in 'Web Hosting' started by SnoopyDrew, Jan 5, 2017.

  1. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,146
    Likes Received:
    623
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    I am wondering if my hosting service is the reason for this. I have noticed that every single one of my sites under hostwinds hosting has gotten malware and other problems. Has anybody had any experiences with malware infecting your Wordpress sites? If so how did you fix them? I could really use some help right now.
     
  2. ThatSEO

    ThatSEO Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2016
    Messages:
    707
    Likes Received:
    300
    Gender:
    Male
    Occupation:
    Self employed marketing stuff
    Location:
    Sometimes UK
    Have you used wordfence? Pretty decent at spotting and clearing the crap

    If its all of your sites, its either the host or a plugin you've not updated etc?
     
    • Thanks Thanks x 1
  3. Hawkster

    Hawkster Jr. VIP Jr. VIP

    Joined:
    Jun 22, 2013
    Messages:
    3,430
    Likes Received:
    3,621
    Gender:
    Male
    Occupation:
    Listen to everyone - Follow no-one
    Location:
    UK
    Home Page:
    Other than the host is there anything else the sites have in common? Like using the same nulled themes/plug ins.
     
  4. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,146
    Likes Received:
    623
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    I have tried wordfence and it says this :

    File appears to be malicious: wp-content/themes/twentyfourteen/header.php

    I am not really very tech savvy honestly. I am not sure how to get into the sites code and delete the php script.

    Not really It seems as if it has something to do with the default themes not being updated. I updated them but no change. I must have to delete the scripts as well.
     
  5. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,081
    Likes Received:
    10,845
    Occupation:
    WHEREZ MA
    Location:
    BITCOINS AT?
    Home Page:
    Did you use different mysql passwords for each database?
     
  6. HudsonWebServices

    HudsonWebServices Jr. VIP Jr. VIP

    Joined:
    Nov 28, 2015
    Messages:
    744
    Likes Received:
    108
    Location:
    Texas, US
    Home Page:
    Using nulled scripts/plugins are notorious for this, other than that. Do you have any type of security on there? Its not the hosts fault, Its impossible to keep things like this on complete lockdown
     
    • Thanks Thanks x 1
  7. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,146
    Likes Received:
    623
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    No I actually don't I guess I was just too lazy to add any security. Going to do so from now on. I have the hostwinds team running scans on my sites right now. I understand I need to worry about security from now on. How do I go about getting rid of it? Do I need to go into the WP files and delete some scripts?
     
  8. ThatSEO

    ThatSEO Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2016
    Messages:
    707
    Likes Received:
    300
    Gender:
    Male
    Occupation:
    Self employed marketing stuff
    Location:
    Sometimes UK

    Wordfence will often just fix it for you.. Does it not give you the option?
     
  9. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,146
    Likes Received:
    623
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    You were right I was overlooking it. Looks like wordfence is doing the trick for the sites :)
     
    • Thanks Thanks x 2
  10. Hawkster

    Hawkster Jr. VIP Jr. VIP

    Joined:
    Jun 22, 2013
    Messages:
    3,430
    Likes Received:
    3,621
    Gender:
    Male
    Occupation:
    Listen to everyone - Follow no-one
    Location:
    UK
    Home Page:
    Once your sorted its time to make sure your sites are bullet proof.

     
    • Thanks Thanks x 1
  11. ThatSEO

    ThatSEO Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2016
    Messages:
    707
    Likes Received:
    300
    Gender:
    Male
    Occupation:
    Self employed marketing stuff
    Location:
    Sometimes UK
    Awesome - Defo look for any link between the sites like the same plugin etc

    If its not that then change all of the passwords for each cpanel. I presume you can flip between each one via your reselling account anyway. - Never use login names like Admin/SiteName/Webmaster etc

    What he said!!
     
  12. ThatSEO

    ThatSEO Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2016
    Messages:
    707
    Likes Received:
    300
    Gender:
    Male
    Occupation:
    Self employed marketing stuff
    Location:
    Sometimes UK
    p.s


    Make sure you tell your host - They will do a scan anyway but most tend to be a tiny bit more relaxed if it happens again, rather than just suspending you right away

    You'll be fine with Wordfence though
     
  13. konfusinomicon

    konfusinomicon Newbie

    Joined:
    Dec 10, 2016
    Messages:
    2
    Likes Received:
    1
    Gender:
    Male
    Occupation:
    Dev Extraordinaire
    Location:
    cold place, USA
    alot of people recommend wordfence, which is decent at its job for the most part, but i offer you a word of caution. make sure you turn off wordfence live traffic logging as it can cause huge server load.. and since your on shared hosting, its a good way to get a nastygram from your hosting company cause your site is using to many resources on the server.. once your hosting company gives you the geenlight that your site is clean, i recommend making a backup of your files so you have a clean version to fall back on incase it happens again. maybe look into using version control and creating a private repo at bibucket or something.

    if you really want to stop wordpress hacks from affecting you, you can stop 99% of them in their tracks by adding a few lines to your htaccess file to prevent php scripts from running in wp-content and wp-includes.. below is the snippet i use in my apache config file but since your on shared hosting and you dont have access to httpd.conf, this exact snippit may not work for you... look it up on google and you will find a wealth of resources detailing this method.

    <DirectoryMatch "/wp-content/.*\.php">
    Order deny,allow
    Deny from all
    </DirectoryMatch>
     
    • Thanks Thanks x 1
  14. RoiBox

    RoiBox Regular Member

    Joined:
    Apr 4, 2009
    Messages:
    237
    Likes Received:
    161
    Occupation:
    Internet Entrepreneur
    Location:
    Gothenburg | Sweden
    Home Page:
    Are you using the default themes? If not, delete them, always delete/uninstall unused themes and plugins. And others told you, use wordfence, BUT read up on the manual, so you know how to configure Wordfence the right way. Wordfence is one of the best ways to easy protect your website, and is even better in premium version, but that is to expensive, so just use the free version, I always install it on client websites and never had any problems since years back. I´ve surely installed like a couple of hundreds of Wordpress systems for SMB owners thru the years.

    Good luck with your sites, want to know anything, just ask in the thread, no PM please .. =)
     
  15. se900se

    se900se Jr. VIP Jr. VIP

    Joined:
    Oct 14, 2014
    Messages:
    1,227
    Likes Received:
    432
    Occupation:
    Traffic Arbitrage
    Location:
    New York
    Home Page:
    Being worried too much about my sites I even have different hostings for them and passwords that requires few minutes to type in :D

    Did you scan your sites?
    I can suggest Sucuri services ($) as they are pretty good to take care of your problems or get managed hosting ($$).