Lesson Learned – Malware Attack On My WordPress Site

It’s been 3 weeks since my last post because there’s been a lot going on!WordPress locked computer

Three weeks ago, I went to log in and wasn’t able to. I got an error message. Going to my site brought the dreaded white screen of death along with some odd characters in the upper left of the screen.

Initially, I thought it was because I was looking around (but not touching/clicking) within my WordPress database in preparation for a talk I was going to give for our local WordPress meetup in OKC. I host my friend’s really great blog, called Let’s Eat and she had the same issues.

When I contacted Hostgator, they ran a check and said they found malware in my account – ouch! That was a blow because I think I do a pretty good job keeping all the themes and plugins updated on my site and the sites I host (for free), on my account. But all of them were affected (4 websites). They couldn’t point to anything specific when I asked them, but told me how important it was to keep everything updated.

Fortunately, Hostgator was able to clean all the malware off my site and restored the 4 sites for only $15 each. I thought that was more than reasonable.

That week, I spent quite a bit of time inside my control panel going through all the subfolders and sub-domains I’ve created. It was then I realized that I had really old and unattended WordPress sites in my account that had not been updated in quite some time – I don’t know for sure, but having those sites, complete with outdated themes and plugins were an open invitation for hackers to get in and ruin all the sites in my account.

I took time then and there to delete the old sites and making sure the folders with themes and plugins were gone. I also took the time to download complete backups of all the sites and then check my schedules using BackupBuddy from iThemes. I use Stash to send some of my sites for storage and safekeeping.

WordPress Has Become Popular and Prolific on the Web

With over 28% of the web powered by WordPress, the bad guy hackers are out there looking at ways to destroy, deface or hold our sites ransom. There’s not a week that goes by where there’s some announcement from a well-known plugin, theme or even a hosting company that has problems with hackers or malware. It seems like I’m always updating my sites. I’ve updated my clients and my site twice this week because of announcements I’ve heard about new patches that needed to be applied.

I’ve always considered myself very security conscious, so I was really surprised to hear there was malware in my account. Now I will remember to clean off sites I’ve used for a practice presentation or whatever. That said, if a hacker really wants to get in your site, they will. That’s why it’s so important to have a backup of your site stored off your server.

3 thoughts on “Lesson Learned – Malware Attack On My WordPress Site”

  1. Thanks for the mention of my blog in this post!

    Also, would you want to address Backup Buddy errors that I’m being made aware of through email? Something about size limit and skipping deleting of backups. Others may be having this issue as well.

    1. OK – I looked at the logs in your backups and found out what the problem was – you shouldn’t receive any more errors. Let me know if you do. I put a size limit on the backup, which I really didn’t need to do.

Comments are closed.

Scroll to Top