Malware was injected into my site this week, it’s fine I’ve removed it and everything is fine, I just thought I would write a cautionary blog post to explain what happened and to show getting hacked can happen to anyone, even a so called WordPress developer.
You need to have tools in place to monitor for and react to malware injections. I offer this as part of my maintenance plan.
I was planning to write my weekly post and I was getting a lot of weird errors, I started working on the usual trouble shooting issues to find out what was wrong, and I noticed a weird directory called .thumb scattered throughout my site. Then I realised my index.php has malware injected into it.
Shite, I’ve been hacked!
A Deactivated Plugin Was At The Root Of The Problem
At the root of the problem is a plugin that was on my site called Memberpress. I’m not using this plugin, it’s deactivated and it does not have a license so no updates are being applied. That’s why it was vulnerable.
Even a plugin that is not active can still be called and code injected.
Thanks My Hacking Friend From Mauritius
I checked my logs and it looks like someone from Mauritius did the deed on me and injected the malware, I went to Cloudflare and added a firewall rule to block all people visiting my site from Mauritius.
This may seem like a nuclear option, blocking all people from a country, but I’ve never had a client from Mauritius so it was the easiest route to keep the hacker at bay. I’ve done the same for China and Russia before due to problems like this.
Was I Personally Targeted?
No, they scanned my site and probably hundreds of others for the know weakness, stumbled across my site and opened the door I left unlocked. Install Wordfence the security plugin and see how many blocked attempts your site gets. It’s quiet alarming how often your site gets tested, see this screen dump, that’s just a couple of hours.
They didn’t do anything malicious, they just injected code for fun I think. They did that because they could, that’s motivation enough for some people.
I added My Own Site To My Maintenance Plan
Once I realised I had been hacked I added my own site into my own maintenance plan. Why am I not doing that already you ask? Well as usual I’m so busy looking after other people site’s my own site is always relegated to second place. A rookie mistake.
A scan showed up a vulnerability in the plugin mentioned above straight away, if I was doing proper monitoring of my site this would have been spotted sooner and fixed.
Remember kids, do what I say not what I do :).
Site Clean UP
I patched the vulnerability, cleaned up my site and blocked countries access.
Wrap UP
Our sites are constantly being scanned for weaknesses but hackers, can I suggest you do what I did and sign up for my ongoing maintenance plan where I’ll monitor for and react to any security weaknesses on your site.
This is not the first time this has happened and I’m sure it won’t be the last, make sure you monitor your site for security issues.
Photo by Kasia Derenda on Unsplash