Freeola Home Get Dotted Domains Win Free Games Freeola Blog Freeola Guides Freeola Customer Forum

Viewing Thread:

"Wordpress - redirection malware"

Wed 06/09/17 at 12:28
Moderator
"Are you sure?"
Posts: 4,965
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
[s]Hmmm...[/s]
Wed 20/09/17 at 09:38
Moderator
"Are you sure?"
Posts: 4,965
Hi Puniksem,
Thanks for the reply.
I'm not giving up on web development (need to eat!) but I'm avoiding CMS based stuff...

[s]Hmmm...[/s]
Wed 20/09/17 at 02:16
Regular
"We are not alone!"
Posts: 35
The latest wordpress is vastly more secure than earlier versions, however I'd always recommend using BulletProof Pro or free version to protect your site from file injection and similar brute forced attacks. Wordpress on it's own is a great platform with allot of free resources available, but as with any plugins and extensions, you should air on the side of caution with new especially free plugins on a live site.

Best tip is to use WAMP free server software on your PC and develop your site entirely offline, free from any risk of malicious code, then simply upload a pristine copy of your site to your server. If your live site becomes irreversibly corrupted, you can simply upload another instance.

If you make regular backups of your site and database (preferrably automated), damage from corruption and/or infections are easily remedied. MAKE FREQUENT BACKUPS!

I prefer Joomla, a robust and powerful CMS platform, with allot of commercial support for extensions. Free extensions are okay, some good even, but free always comes with hidden risks. Many free extensions fail to remain compliant with core platform updates and frequently cause code conflicts. Hence the sense and ease of building and test your site/s 'offline' first.

Remember recovering from conflict or attack while developing is vastly different when you have allot of active users expecting your site to be functioning flawlessly. backups and offline extension testing is critical for a site's serviceability and is far less stressful for you as a developer when updating and performing recoveries.

Don't give up on WordPress or web development, if you would like help with the commissioning of a stable and secure CMS installation, give me a shout sometime.

Regards
Puniksem
Wed 06/09/17 at 12:28
Moderator
"Are you sure?"
Posts: 4,965
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
[s]Hmmm...[/s]

Freeola & GetDotted are rated

Check out some of our customer testimonials below:

Thank you for making the whole thing work so well...
So easy to use and the features included in it are very user-friendly. I have recommended your service to a lot of my friends... I'm now getting good business from my site ...
Chris

View More Testimonials

I can't believe how easy it was
I can't believe how easy it was to set my website up with Freeola and the one-click install options. The MyFreeola tools are easy to use and comprehensive enough to allow ...
Paul

View More Testimonials

Need some help? Give us a call on 01376 55 60 60

Go to Support Centre
Tell us what you think!

Live Chat is offline

Live Chat is available:
9am to 6:30pm Monday to Friday (excluding bank holidays).

01376 55 60 60

Send us a ticket.

It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, or Opera will provide a better, safer browsing experience for you.