In early February 2017, over 1.5 million websites were hacked because of a vulnerability in WordPress. A patch was quickly released by WordPress.org and installed automatically on most WordPress installations. Some users, however, had turned off automatic WordPress updates and were made vulnerable to the attack. If those sites had installed a plugin such as Wordfence, they may have been protected or at least alerted to the problem sooner.
Wordfence Security Features
Wordfence has a web application firewall that identifies malicious traffic, blocking it before it can access your site. The firewall rules are updated automatically and regularly on the free version of the plugin but in real-time in the premium version. The firewall blocks common security threats like fake Googlebots, malicious scans from hackers, and botnets.
One way hackers gain access to your site is through the login process, especially if you are not using SSL (https). Wordfence provides Two Factor Authentication—a combination of your username and password plus your cellphone—to improve login security. Wordfence can also enforce strong passwords for your registered users and disallow the use of “admin” for the username. The plugin will also lock out brute force attacks and prevent WordPress from revealing information that will compromise the login security. For example, telling the hacker that a specific username does not exist.
Wordfence can scan the core WordPress files, your plugins and your themes and compare them to the WordPress repository to see if they have changed. It cannot do this for any premium themes or plugins you have purchased as they are not stored in the repository. The plugin scans for known signatures of malware as well as backdoors that create security holes. Additionally, it continuously scans for malware and phishing URLs including all those on the Google Safe Browsing List that may be in your comments, posts and files that are security threats.
You can monitor all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. It will block traffic of all known attackers in real-time including entire networks of known attackers.
What to Do if You Are Hacked
There are many companies who specialize in cleaning a hacked site. Your first call should be to your hosting company. Some provide assistance in this area while others may be able to “shut off” your site to the outside world while you work on the files “behind the curtain.” If you have a recent pre-hacking version of your site as a backup that you can use to restore you site. This is the easiest route. If not, the process is a bit more involved.
If you want to attempt to fix the problem yourself, you can replace all the core WordPress files with a new copy from WordPress.org—making sure you are using the exact version of the files you had previously installed. (You cannot upgrade now if you are in the middle of cleaning up a mess. Your files and your database would not match and you would probably break your site.) Disable all plugins by renaming the plugin directory, e.g., plugins-off, and try logging in. You will need to work with your hosting company to let your IP through to your site while you are working. If you can successfully log in, rename the plugin directory back to plugins but leave them deactivated. Install Wordfence, activate it and then run the scan. You may need to work with your hosting company if the scan won’t work with your site turned “off” to the outside world.
If this sounds like too much and you’d rather have it done by someone else, you can contact us and depending upon the severity of your problem we will either fix it or recommend someone who specializes in this.