We want to make our clients and partners aware of serious malware issues that have been affecting WordPress sites over the last few weeks.
In these cases, malware attacks are causing a host of problems:
- Disruption of business operations
- Impact on website performance
- Potential impact on search rankings as the site gets flagged by search engines
- Impact on reputation, especially if personal information is stolen
- Emails going undelivered from the targeted domain
These issues stem from a larger conflict between WP Engine and WordPress. As many of you know, WP Engine isn’t a small player—it powers over 1.5 million sites globally, making it one of the largest WordPress hosting services. Unfortunately, this feud has impacted several of our clients’ sites.
While we work on helping our clients resolve these specific issues, it’s important to note that many others are facing similar challenges. We will continue to monitor the situation closely.
What to look for:
There are several checks that should be conducted proactively by your Development team. Start by conducting a deep scan with a security and malware checker tool, such as Sucuri SiteCheck or Wordfence Premium. Follow that with a manual review of the browser source code and Network tabs. Use any internal dev tools at your disposal to identify any suspicious code or outside network interactions.
What to do if something suspicious is found:
- First, remove the malicious software, which usually is a piece of code or file(s) identified by the malware scanning tool
- Check & clean the rest of the website
- Review user access and/or hidden backdoors. This may result in needing to change all passwords.
- Increase website security by making sure all components are up to date.
- Set up multi-factor authentication where needed for user access, if not already done already
What to do immediately to help prevent an attack
Check the last time that your plugins, themes, and security updates were updated. Verify that this is happening automatically, because the vulnerability lies in not updating them.
If updates are happening automatically, you need to verify that you are getting notified for each update and assessing the urgency for each one. In some cases, there may be reasons to delay updates, and in some cases, you might want to check those updates on the staging environment to make sure they’re working properly (and not breaking anything) before pushing live.
Read more about Intrepid’s Web Services.