Wordpress Security

We were contacted by a local customer whose WordPress web site was constantly going down. The web site was being looked after (poorly) by an American company. This company had taken the money to build and maintain the web site, however the web site would disappear from the internet weekly.

We decided to move the WordPress web site to Sabba IT servers and that would be the end of it. Unfortunately, what would normally be a quick job turned out to be a nightmare. I’ve moved hundreds of web sites around servers for most of my life on many different technologies and this was one of the worst.

The original “design” company had downloaded a pirated copy of a premium template which was riddled with Ion-cube encrypted PHP virus/malware files. It turned out the original hosting server would delete the files weekly on a virus scan and then the web site would become unusable. The design company would then restore the files and the cycle would continue. I was not entirely sure of the malware purpose usually these display illegal activity advertisements or have key loggers to steal credit card details.

What did we do:

  • Moved web host to UK based Sabba IT servers. Managed Hosting
  • Remove/clean all infected files
  • Purchased the same genuine template
  • Re-integrated the template to the original content
  • Added SSL support (https)
  • Hardened and updated the WordPress installation. Ensuring no back doors were left open
  • Kept a close eye on it
  • Had a cup of tea

What was most annoying was the customer originally paid reasonable money for this initial site and the company did appear genuine and professional.

This should not put people off of WordPress as it still powers nearly 30% of the worlds web sites and some big names including M&S, BBC America and Microsoft. It is one of the most powerful and flexible content management systems available.

Just avoid rogue web designers, developers and coders, go for somebody local, recommended or even ring the customers on the portfolio and get some feedback.

If you have web site security concerns or are being let down by your current provider please view our managed hosting page or contact us to see how we can help.