This article is incomplete. I started writing this while returning from Kolkata after WCKolkata WordCamp. Here is the Video Recording of the session.
In this open world, having hacking attempts on your website is extremely routine for every webmaster out there.
The main purpose behind those attacks/attempts is mostly to insert some code into your website which can then be monetized by inserting ads or redirecting your readers to some other website. The only logical reason is that attackers are working in medical or adult niches, where they have difficulty fetching traffic organically, hence resorting to underhanded methods. Such code is commonly referred to as malicious code, which often has the capability of replicating itself on the server.
Myth: WordPress is not secure.
For those who believe it — WordPress is as secure as your home. If you are keeping the door open for burglars, then God bless you.
Attacks often occur at various levels, and you can’t always react to them. The levels are:
– DNS
– DataCenter
– Application Layer: Apache / Nginx / PHP
– WordPress
– Themes / Plugins
Common ways malicious code gets into your WordPress website:
– Using a pirated / nulled version of themes or plugins: you never check what’s in the code of those resources.
– Using old versions of themes, plugins, or WordPress Core: new releases don’t always contain just feature updates; they also include security fixes. Make sure you use the latest version of plugins, themes, and WordPress Core.
– Unsanitised file uploads: it is often observed that some websites have forms for uploading files like resumes or photos. Try uploading a PHP file instead of jpg, png, docx, or PDF files. If it gets uploaded, God bless that website. Luckily, form plugins in WordPress are sanitised, so any form created by form plugins is safe — but some custom landing pages might be a risk.
– If you are on shared hosting, may God bless you. You have no access to what’s going on server-side. Once someone else’s account on the same server gets affected, all other accounts are at risk.
[Simpson Image here]
How do you know if your website is affected?
– Your website is being redirected to hacked sites
– Ads & pop-ups open when visiting your website
– Google Chrome (or another browser) shows a warning when visiting your website
– Google Search Console sends a message saying your website is hacked or has malware
– Your hosting company has disabled your website
– Your website becomes very slow and shows error messages
– Unknown code is found in your program files
– You find new admin users or FTP accounts that you haven’t created
What to do