Freeola Internet Get Dotted Domains Blog Guides Forums
Menu

Viewing Thread:
'Wordpress - redirection malware'

Wed 06/09/17 at 12:28:
Moderator
"Are you sure?"
Posts: 4,904
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
Hmmm...
Wed 20/09/17 at 09:38:
Moderator
"Are you sure?"
Posts: 4,904
Hi Puniksem,
Thanks for the reply.
I'm not giving up on web development (need to eat!) but I'm avoiding CMS based stuff...

Hmmm...
Wed 20/09/17 at 02:16:
Regular
"We are not alone!"
Posts: 35
The latest wordpress is vastly more secure than earlier versions, however I'd always recommend using BulletProof Pro or free version to protect your site from file injection and similar brute forced attacks. Wordpress on it's own is a great platform with allot of free resources available, but as with any plugins and extensions, you should air on the side of caution with new especially free plugins on a live site.

Best tip is to use WAMP free server software on your PC and develop your site entirely offline, free from any risk of malicious code, then simply upload a pristine copy of your site to your server. If your live site becomes irreversibly corrupted, you can simply upload another instance.

If you make regular backups of your site and database (preferrably automated), damage from corruption and/or infections are easily remedied. MAKE FREQUENT BACKUPS!

I prefer Joomla, a robust and powerful CMS platform, with allot of commercial support for extensions. Free extensions are okay, some good even, but free always comes with hidden risks. Many free extensions fail to remain compliant with core platform updates and frequently cause code conflicts. Hence the sense and ease of building and test your site/s 'offline' first.

Remember recovering from conflict or attack while developing is vastly different when you have allot of active users expecting your site to be functioning flawlessly. backups and offline extension testing is critical for a site's serviceability and is far less stressful for you as a developer when updating and performing recoveries.

Don't give up on WordPress or web development, if you would like help with the commissioning of a stable and secure CMS installation, give me a shout sometime.

Regards
Puniksem
Wed 06/09/17 at 12:28:
Moderator
"Are you sure?"
Posts: 4,904
*heads up*

A few years ago I installed Wordpress as a test - just to see how things work as it's so popular.

I had a very basic site - a few photos to play with.
I used a theme available via Wordpress, nothing else clever going on.
The WP install was set to upgrade automatically to try to stay secure...

Yesterday I visited my WP login page (haven't been there for many months) via a browser bookmark - quite surprised as my site seems to have picked up a dodgy malware redirect!!!

I ended up deleting my WP installation as it was only there for playing.

I downloaded the files via FTP on a spare PC first. Sniffing around it looks like some WP files were updated in June this year but couldn't see where the malware was.

The Wordpress forum contains lots of similar tales of woe. My redirect was going to a random .tk domain.

I seem to have escaped from any permanent damage (it looked like a spoof - "phone for Microsoft support" page).

I won't be going near Wordpress for a while!
Hmmm...

Freeola is a UK internet service provider offering the best value and extensive free services. Please compare our domain name registration prices or check out our UK high speed internet access. If you are in business please see examples of our free hosting at Freeola.com/customer-sites.

Safe and Secure Payment

Tell us what you think!

Live Chat is offline

Live Chat is available:
9am to 6:30pm Monday to Friday (excluding bank holidays).

01376 55 60 60

Send us a ticket.