If you didn’t read part 1 make sure to go back and read it. A quick update is my WordPress website got hacked and this is my story of what happened. We talked about how important it is to protect your site to keep all of your sites and their plug-ins and themes up to date. The importance of keeping yourself informed and how difficult that was in today’s society when the information changes so fast and how a little site called safewp.com can help with that. I was on a webinar with them and that is when I learned how to save my site.
Introduction to Wordfence
The webinar was on a plug-in called Wordfence Security. This WordPress plug-in is by Mark Maunder and to me it was nectar from the gods. This plug-in scans your site and looks for trojans, malware and viruses. It repairs themes and plug-ins. It shows the changes in the files that where infected, it scans for malware, it shows which traffic is human and which is crawlers.
There are two versions the free and paid members. I have the free version and that night after I loaded Wordfence onto my site I was blown away. It showed that I had 13 malware problems. But I am jumping ahead of the story.
After you have Wordfence activated you will go down to the options setting. You put in your email and the API key you get. Scroll down to the alerts section, you can go with the default, Regina from safewp.com showed us some great alternatives as well.
There is a scan schedule but that is only available for paid members. I can tell you I have ran the scan every night before I go to bed since I got all the issues fixed. It is such a comforting site to see a green prompt at the end of the scan. There is a country blocking area for paid members where you can block off whole countries from having access to your website.
Paid Version Settings
There is a blocked IP address section as well. You can manually block IP’s, there is a section of IP’s that are locked out from the login and IP’s who were recently throttled for accessing the site to frequently. You also have the capability of clearing the IP’s.
Live Traffic Setting
The next setting is the live traffic setting. This is so interesting it lists all hits, and then it breaks it down into humans, registered users, crawlers, Google crawlers, pages not found, logins and logouts, top consumers and top 404s. The next setting is the scan setting. This is where it goes over all the sections you checked in the options setting. It has a scan summary, a scan detailed activity and an issues section. The issues section is where I got my bad news of 13 malware problems. It tells you the issue and gives you several different things to do. My issues where many but thankfully it was an easy to fix problem that came from one outdated plug-in. I deactivated the plug in and the malware problem is gone.
Defeated the Foe
So, that is my story of when my WordPress site got hacked. I hope you are able to learn from me and never get your site attacked or hacked. Each night I run the scan on Wordfence and go to sleep with the green message telling me I have no security issues on my site.