Website gets defaced in a couple of hours of installing a plugin

  • We run a website on WP, and it uses the Customizer theme
    The wordpress version is latest, and all plugins we install, are also latest

    Our front page was defaced a couple of times, and there is a strong co-relation to the hack happening after a plugin install.

    We are trying to figure out if there is something we can do to prevent this.

    The last incident happened after we installed Mailchimp For WP.

    It looks like there is a backdoor either in the plugin or the theme, but most of the time the wp_options table in the WP DB has a couple of entries that have scripts and html added inside it.

Viewing 5 replies - 1 through 5 (of 5 total)

  • A few things you can do:

    1. Make sure all plugins and your theme are running the latest versions.

    2. Install a security plugin like WordFence to scan your site. You could also use the free security scanner at Sucuri to look for malware.

    3. Check the files on your server to see if anything looks like it doesn’t belong (nonsense file names). Also look inside your themes to see if there are modified dates that don’t look right.

    4. Change the password on your database and reflect that change in your wp-config.php file.

    5. Tell your host about the issue. If you’re using shared hosting, it’s possible your issue is arising from a problem with another account on that server.

    #5 is always the biggie for me. From experience, hosts are often either at fault or able to help.

    Hi there,
    It seems you have to do a lot of work to make your website work normally again.
    To improve your plugin vulnerability, you should being with a complete malware scanner check. Then, delete all your plugin folders before reinstalling each one.
    Your plugins will now have been cleaned up.
    Next, search your uploads folder. You are looking for PHP files, which shouldn’t be there. If you find them, delete them.
    Then delete your inactive themes, as this is a place where hackers often install their backdoors.
    Delete .htaccess file. It is often the case that a redirect code is added as a .htaccess file.
    Then take a look at your wp-config.php and your wp-config-sample.php. If something doesn’t look right, reset.
    Finally, use a malware scanner to scour your database for any backdoor files.

    I hope that will help you!

    Good point, Colin. Some are even willing to clean up any malware for you.

    Thanks Eric!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Website gets defaced in a couple of hours of installing a plugin’ is closed to new replies.