Getting WordPress Security Back on its Feet – Part 1

In the light of current attacks on 90,000 WordPress sites by hackers we thought it best to feature a blog post on what to do when your website is under attack from malware. We  are going to go through a checklist of maintenance steps that will help you secure your WordPress site. Most online hosting solutions have a measure of anti-malware security but in the recent attacks they seem to have failed to remove malware from the affected sites. In fact if anything Google Chrome has managed to detect more malware.

Why WordPress Security Checklist?

Many of us are not professional developers who are well versed in website development. The CMS is so easy to use and configure, that many people simply add a theme and a few plug-ins and upload it to a free online hosting. This is why we are going to feature a do-it-yourself security maintenance that you can carry out to make sure your site is purged of malware and WordPress security is up and running.

Before we begin, we advise you to follow the instructions in the list if you have a working understanding of your WordPress CMS. If not we recommend not proceeding. Secondly you must know where to apply the changes.

Take down your website

The moment you detect malware on your WordPress site you should take it down as open as possible to prevent hackers from further abusing it. You are better off working on your website off-line, rather than modifying it under constant attack from hackers. We recommend doing this step by showing a ‘website under maintenance’ message to prevent your search engine rankings from going down. Implement this by following these instructions:

Step One:

first off we are going to make a ‘website is under maintenance’ page. Create a PHP file named 503.php and add the following line of code before <html> tag:

[code language=”PHP”]<?php

header(“HTTP/1.1 503 Service Temporarily Unavailable”);

header(“Status: 503 Service Temporarily Unavailable”);

header(“Retry-After: 3600?);

?>
[/code]

What this file does is return a 503 HTTP response which tells the search engines that your website is temporarily and available. The retry after field specifies the duration after which the site should be crawled.

Also remember to add your Google Analytics tracking code in the head section of the page.

Step Two:

Now we will modify the .htaccess file to redirect all incoming requests to the 503.php page. Simply add the following code to your .htaccess file.

[code language=”css”]RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^111.111.111.111

RewriteCond %{REQUEST_URI} !/503.php$ [NC]

RewriteRule .* /503.php [R=302,L]

[/code]

Change the passwords

Since your site has already been compromised you should prevent further intrusion to your system back changing all the passwords. This means your hosting Control Panel, FTP account,  your WordPress admin panel and especially your database. After you change your database password you should reflect the change in the configuration file of your WordPress site. This file will be under the name wp-config.php. If you fail to do so then you’ll see the following error message:” error establishing a database connection”.

To make the changes open the file and locate the section that looks like the code posted below and update the password.

[code language=”php”]/* The name of the database for WordPress */

define(‘DB_NAME’, ‘putyourdbnamehere’);

/* MySQL database username /

define(‘DB_USER’, ‘usernamehere’);

/* MySQL database password /

define(‘DB_PASSWORD’, ‘yourpasswordhere’); <=Update your password here

/* MySQL hostname */

define(‘DB_HOST’, ‘localhost’);

[/code]

Congrats! You have managed to cover the essentials of WordPress security. In our next post we are going to look at additional security features you can correct to increase your security.

Till next time.