I was frustrated and upset. I had just learned that my WordPress site had been hacked. Looking for help on how to fix it I came across a site called safewp.com. They specialize in informing people how to stop malicious hackers from getting into WordPress sites and how to protect it from attacks. They will even clean your site for you if that is what you need. They also have weekly webinars and that night.
The webinar was on a plug-in called Wordfence Security. This WordPress plug-in is by Mark Maunder and to me it was nectar from the gods. This plug-in scans your site and looks for trojans, malware and viruses. It repairs themes and plug-ins. It shows the changes in the files that where infected, it scans for malware, it shows which traffic is human and which is crawlers.
There are two versions the free and paid members. I have the free version and that night after I loaded Wordfence onto my site I was blown away. It showed that I had 13 malware problems. But I am jumping ahead of the story.
After you have Wordfunctional activated you will go down to the options setting. You put in your email and the API key you get. Scroll down to the alerts section, you can go with the default, Regina from safewp.com showed us some great alternatives as well.
There is a scan schedule but that is only available for paid members. I can tell you I have ran the scan every night before I go to bed since I got all the issues fixed. It is such a comforting site to see a green prompt at the end of the scan. There is a country blocking area for paid members where you can block off entire countries from having access to your website.
There is a blocked IP address section as well. You can usually block IP’s, there is a section of IP’s that are locked out from the login and IP’s who were recently throttled for accessing the site to frequently. You also have the capability of clearing the IP’s.
The next setting is the live traffic setting. This is so interesting it lists all hits, and then it breaks it into humans, registered users, crawlers, Google crawlers, pages not found, logins and logouts, top consumers and top 404s.
The next setting is the scan setting. This is where it goes over all the sections you checked in the options setting. It has a scan summary, a scan detailed activity and an issues section. The issues section is where I got my bad news of 13 malware problems. It tells you the issue and gives you several different things to do. My issues where many but thankfully it was an easy to fix problem that came from one outdated plug-in. I deactivated the plug in and the malware problem is gone.
So, that is my story of when my WordPress site got hacked. I hope you are able to learn from me and never get your site attacked or hacked. Each night I run the scan on Wordfence and go to sleep with the green message telling me I have no security issues on my site.