GetDotted Domains

Viewing Thread:
"Wordpress - redirection malware"

The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.

Wed 06/09/17 at 12:28
Moderator
"Are you sure?"
Posts: 5,000
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
[s]Hmmm...[/s]
Wed 20/09/17 at 09:38
Moderator
"Are you sure?"
Posts: 5,000
Hi Puniksem,
Thanks for the reply.
I'm not giving up on web development (need to eat!) but I'm avoiding CMS based stuff...

[s]Hmmm...[/s]
Wed 20/09/17 at 02:16
Regular
"We are not alone..."
Posts: 35
The latest wordpress is vastly more secure than earlier versions, however I'd always recommend using BulletProof Pro or free version to protect your site from file injection and similar brute forced attacks. Wordpress on it's own is a great platform with allot of free resources available, but as with any plugins and extensions, you should air on the side of caution with new especially free plugins on a live site.

Best tip is to use WAMP free server software on your PC and develop your site entirely offline, free from any risk of malicious code, then simply upload a pristine copy of your site to your server. If your live site becomes irreversibly corrupted, you can simply upload another instance.

If you make regular backups of your site and database (preferrably automated), damage from corruption and/or infections are easily remedied. MAKE FREQUENT BACKUPS!

I prefer Joomla, a robust and powerful CMS platform, with allot of commercial support for extensions. Free extensions are okay, some good even, but free always comes with hidden risks. Many free extensions fail to remain compliant with core platform updates and frequently cause code conflicts. Hence the sense and ease of building and test your site/s 'offline' first.

Remember recovering from conflict or attack while developing is vastly different when you have allot of active users expecting your site to be functioning flawlessly. backups and offline extension testing is critical for a site's serviceability and is far less stressful for you as a developer when updating and performing recoveries.

Don't give up on WordPress or web development, if you would like help with the commissioning of a stable and secure CMS installation, give me a shout sometime.

Regards
Puniksem
Wed 06/09/17 at 12:28
Moderator
"Are you sure?"
Posts: 5,000
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
[s]Hmmm...[/s]

Freeola & GetDotted are rated 5 Stars

Check out some of our customer reviews below:

Easy and free service!
I think it's fab that you provide an easy-to-follow service, and even better that it's free...!
Cerrie
Simple, yet effective...
This is perfect, so simple yet effective, couldnt believe that I could build a web site, have alrealdy recommended you to friends. Brilliant.
Con

View More Reviews

Need some help? Give us a call on 01376 55 60 60

Go to Support Centre
Feedback Close Feedback

It appears you are using an old browser, as such, some parts of the Freeola and Getdotted site will not work as intended. Using the latest version of your browser, or another browser such as Google Chrome, Mozilla Firefox, or Opera will provide a better, safer browsing experience for you.