Ok, so I have spent hundreds of hours on my website and installed all these great plugins for security. I am feeling good then…. HACKED!
What?? But I installed Better WP Security, BulletProof Security, Semisecure Login, Login defender, Invisible Defender, and the list goes on!!
Then I got HACKED, BAD.
There were injections into the SQL database, PHP, Htaccess and the list keeps going. The Malware was the 301 redirect which is very very dangerous to a website.
The 301 Redirect Malware tells Google via your htaccess file to redirect your website to a different URL. Google can blacklist or ban your site from Google for this activity, if the 301 redirect stays active.
Not only was my site infected, but every folder and website on that server was infected.
Being a developer, I knew how to track this down and deleted all the files and infected areas. Nope, that did not completely get out the Malware, and it continued to spread.
Luckily I had Cloudflare and CodeGuard. Cloudflare is a community of geniuses who pointed me in the right direction on how to solve my malware issues, and CodeGuard backs up my site every day. Keep in mind, these two services are FREE to start. Get them now!
THE HEROS: Sucuri.net
Sucuri has a team of experts who monitor your website for a small yearly fee. But when I look at the fee based upon my time that is saved in redeveloping the site, there is no argument. Everyone should get their website secured by Sucuri.net
After a couple hours, the Malware was completely gone from all the sites on my server and by the next day, Google had deleted the 301 Redirects from Google search. Sucuri Saved my site and 5 other websites. They are still monitoring all my sites now, everyday.
So, the million dollar question is, what happened with all these plugins that promised a secure WordPress???
Those plugins ONLY protect that one site. There are dozens of other ways to get access to your website, and no plugin can save your site. Every site needs active daily protection.
Also, the first indication of the issue was because of CodeGuard.com. They back up and send me summaries everyday of the files that changed. As I noticed these changes each day, I knew something was wrong. Also, I was able to revert back to my old files before the attack thanks to CodeGuard.com.
Summary to make your WordPress Secure
1. Sign up for CloudFlare.com
2. Through Cloudflare, sign up for CodeGuard.com (Also there are tons of other great security options from Cloudflare, so look into those too and let me know)
3. Get Sucuri.net. They will save your site and your time if a hack occurs.
4. Use one of these plugins for added security Better WP Security or BulletProof Security. BUT DO NOT RELY SOLELY ON THEM.
5. Keep your site and all plugins up to date.
We have now built a WordPress Hosting solution for our clients to use. This new server is FAST and has all the WordPress Security built in!
Sucuri is shot, I wouldn’t recommend them to my worst enemy. Especially since our website has been down FIVE DAYS. Not only did Sucuri’s ‘robust security’ fail to protect our site from the hack in the first place, but they have repeatedly failed to fix the problem, taken days to answer support queries, and at the end of it all our site is still down and they’re still clueless. If anyone is considering using Sucuri’s annual website security service, seriously save yourselves the headache – and ask yourselves if you really need to spend money on a service that doesn’t work.
Hi Carolyn, I think their malware removal tool is excellent, I have never used them for security though. I just use CloudFlare. Thanks for you insight and I hope your website is back up now.