Hacked Sites?
Just curious, but we are told that the best way to safeguard one's site is to back it up regularly, which I agree.
However, let's say your site has been hacked and you don't realize this.
In the meantime, you do a complete backup.
Once the offending files are removed, through SiteSupport, or you do it some other way, won't restoring your backed-up files also bring down the original problem back to your site?
In such cases, how can you get rid of the offending files?
I was just thinking...
James
Recent Comments
21
I do my own backups regularly, James. That way I have a choice of which version to use. WA only keeps one backup which could have the corrupt files in it.
Install Wordfence security plugin and do regular scans. It will find any corrupt files for you and make it easier to repair or remove them.
As I understand this is a free online service rather than a regular plugin. They do scans remotely and send a report. I do not like this, you never know how this may affect sites performance and what they are really doing. Is there a tool that would do this locally and when I want, just like WP-Optimize?
Thank you for your constructive feedback into my dilemma, Marion.
I had started doing more regular backups, following your sound advice, and I hope all will be well from that angle.
I've already installed Wordfence and have it running. So far so good, but if I encounter any issues, I might have to disturb you once more, if it's not too much of an inconvenience.
I did a search and find this "It puts significant amount of load on your server. This could affect your site’s performance if you are on a shared hosting environment. It messes up with your WordPress data and stores a lot of information in your database."
I also asked Support and they say there is no need for such a heavy tool at WA hosting.
They also say there's no need for you to make backups but they only keep one backup of each website. There's no historical backups to fall back on. I don't trust them to take care of my production websites.
I think it would be wise to play it safe, especially after weeks, months or even years of working on a particular site. The amount of damage, frustration, and utter despair would be beyond words should something go wrong.
Thank you once more, Marion...you're an angel :)
Easy to agree, I do not trust them either, in particular because of my main site which was deleted once by one of them. And not everything was restored because of only one backup they keep.
In fact my question to them was if the plugin was allowed at all, because I know that some are not. But they did not answer the question.
But this tool is clearly heavy, this is my issue with it.
I agree with you Jovo. The plugin is heavy and WA doesn't permit automatic scans but I don't care about that. I'll keep using it anyway. Just as I'll keep doing my own backups.
Yes...backing up bad files is a possibility. I would suggest keeping multiple backups and checking when you restore for the offending files.
I keep an eye on my defined users and also check for code added to pages, posts and media files just to make sure everything is as it should be.
Thank you for your response...
Do you apply a particular procedure, or use a plugin perhaps, to check for added code to pages, posts and media files?
I mean, how would I know such code has been added in the first place?
So I had discovered that my site would randomly redirect my visitors to another site. After doing some digging I discovered that a script was added to the last line of my posts and pages and to the description of my images.
I log into my site dashboard every now and then and just search for
I use the Better Search Replace plugin to search for and remove the script in a single move if I find it. I only activate the plugin when I need it and deactivate it when I'm done.
Some things go on with our websites that we're not even aware of, which can be quite frightening, to say the least. It's a good job you had discovered your site was randomly redirecting your visitors to some other site.
I'll have a look at my site's dashboard, and see if there are any
I've heard it said all too many times that plugins are a source of security problems, especially if these aren't updated regularly. I make it a point to always update mine, and even the theme itself, when there are updates available.
I've never heard of the Better Search Replace plugin before you mentioned it.
Thank you so much for helping me out. It's greatly appreciated.
Would it be a problem if I contact you again should I have any other issues?
James
That Better Search and Replace program is great for removing a string or replacing links even across your entire site with the push of a button. I absolutely love it.
Feel free to reach out any time. If I can help I will.
See more comments
If you restore a website with bad files, then yes, the restoration process is going to be with the bad files.
Not sure how you can get "hacked". There is a lot of scare about this, but generally speaking this simply doesn't happen. We have SiteProtect and many things we do from our end to keep websites secure, including red flagging many plugins that have security holes to prevent the problem from even happening.
Thank you for answering my question, Kyle.
Yes, there has been a lot of scare about hacking lately, which has left me rather wary of things.
I appreciate your assurance on this, and to be quite honest, I enjoy being safe rather than sorry.