In my last post, we looked at a site with a relatively small hack that ended up being a big problem – they were distributing spam through an outdated WordPress plugin. This time around we will take a look at a similar hack that went undetected and not only ended up being a big problem, but also resulted in downtime for the site – all due to a lack of website monitoring.
Discovering the Issue
This client’s site went live in late 2013. It suffered the same problem as many smaller sites. The site was redesigned but not managed, either by the site owner or a WordPress professional. It’s unknown when the site was compromised, but because there was no website monitoring, the discovery wasn’t made until early 2015, when the client noticed the site was completely down and quarantined by the hosting company for sending out spam.
Fixing the Issue
Because the hack went undetected for so long, fixing it was more complicated. The clean up steps for WordPress were the same as our last example: comb the site (‘/wp-content/’) for strange code (i.e. code you don’t recognize or code placed randomly at the top of the file), update WordPress Core and all plugins, and check the custom theme and plugin files for suspicious code. However, there were a few extra steps needed to mitigate this particular problem.
Issues beyond WordPress
For this site, the affected code went beyond WordPress and actually installed files onto the server. These files allowed the server itself to send out spam to random email addresses – which is the action that lead to the server being quarantined. The website was also added to an RBL — an email blacklist which can be checked from MX Toolbox — which tells email clients to mark any mail from that website as spam, essentially assuring that none or few of this business’ emails to customers were getting through.
Just fixing the WordPress install would not work in this case for that reason. In order to fully clean the server, all of the files in each folder had to be reviewed and scrubbed. This meant around 20-30 hours of work to fix the hack and make sure it stayed fixed. On top of that, the hosting company had to be contacted to bring the website back online, and the site had to be removed from the blacklist, a process that can take 7 days unless the site owner pays for a shorter time frame.
All-in-all the site was offline for about a week and blacklisted even longer than that.
Preventing the Hack with Website Monitoring
The prevention measures in this case are very similar to those from my previous post. Regular updates of WordPress Core and plugins would have saved the site owners a lot of headache and lost business, not to mention saved their search engine ranking. In addition, a solution like Managed WordPress Hosting could have helped; the extra layer of security through firewalls and SSL, as well as 24/7 website monitoring, would have prevented the server from being used for spam. With proactive monitoring, the site owner would have been notified by their web host as soon as something was wrong with the site; that means less downtime if any, and possibly avoiding being added to the email blacklist.
Benefits of Managed WordPress Hosting
For this client, Managed WordPress Hosting would have prevented their website from being compromised and having extended downtime. Luckily, their site didn’t experience data loss – however they were not protected with recent backups. Add that as another feature of Managed WordPress Hosting and it’s easy to justify the cost: dramatically lower the chances of being compromised, 24/7 support if something does happen, and regular backups mean your clients’ sites are in the best possible position to stay up and continue serving their end users. Are your client sites equipped with 24/7 website monitoring and all the benefits of a managed WordPress host?