WordPress is perhaps very popular as a CMS among those who are not that tech savvy. It’s easy to use and of course inexpensive too. But many who use WordPress never realize that this easy, inexpensive CMS is quite dangerous too. This because it’s mostly used by people who are not that tech savvy and not too concerned about Virus Protection, Virus Removal etc. Hence it’s easily prone to virus attacks. One of the most popular virus attacks that happen on WordPress is the eval(base64_decode ( )). Every single index.php file will be changed so that the opening php tag of these files would read like <?php eval(base64_decode( followed by some gibberish. Repeated attempts to clean the virus, even by restoring from a back-up wouldn’t work and the files just would go on getting infected. This kind of hacking is usually done to redirect sites somewhere else on the Internet (for example to an online ad) and make money.
So, how to protect your website and website visitors against this virus? Here are some Virus Protection and Virus Removal tips…
Virus Protection Tips
- Harden WordPress using .htaccess file modifications, security plugin installations etc.
- Do regular WordPress security updates.
- Harden your PHP installation. Use very secure passwords for SSH, SCP and FTP.
- Use a trusted, effective antivirus program.
- Install an SSL Certificate; always use SSL certificate.
Virus Removal Tips
- Begin with blocking or shutting down the site. This is for two reasons. First, it will protect site visitors from getting the infection. Second, it will prevent the hacker from acessing the site when the repair is being done.
- Download copy of all your files from your backup, which would be uninfected. Download and install a File/Folder Comparison Utility.
- Run the File/Folder Comparison Utility, check the differences and resolve them. Detect infected files and overwrite them with files saved from the back-up.
- Before unblocking your site, it’s imperative to review your security precautions, in detail.
- Now unblock the site and check if it works fine.
- Keep watch on the site; check if some intrusion happens again or not.
Well, once you have removed the eval(base64_decode ( )) infection, it would be advisable to think of preventing further malware strike. Act fast and go for a trusted, effective antivirus software, one that has some real good features. Antivirus is something that is mandatory for all computer/internet users in this age of malware and malware attacks. You should also make sure each site you own (individually or for a company) has been protected with SSL certificates. Prevention, no doubt, is better than cure…