Hackers can make a real mess out of your site. And sometimes, even after you fix it up, problems can remain on your site without you noticing.
We had a client reach out to us wishing to redesign their site. But since they had had issues with getting hacked in the past, they asked us to first check out and resolve their security situation.
Evaluating the situation
I logged in and poked around in their admin panel, and I also scanned their site with some security tools. While there was no active malware, I found an array of problems including:
- broken post-editing UI
- spammy categories and tags
- a user was registered with the name “admin”
- sketchy links hidden in a fake English directory of the site
- site was blacklisted by Norton
Since they had not been maintaining the site content themselves, these lingering issues went unnoticed. None of the staff noticed the Norton blacklist because they were using a different antivirus solution.
Our cleanup plan
This client was considering asking us to clean up this messy situation, but we were also working on redesigning their site. Since the site was not actively infected, we concluded that the cleanup work was not necessary.
Once the new design was installed, the old files and data would be wiped clean anyway. As a result, we had no problem requesting the site’s removal from the Norton blacklist. Two birds with one stone.
* Just a side note, if we were not planning on doing the redesign, I would have prescribed a set of cleanup tasks including malware scan, database hardening, username changes, password resets, etc.
How their site got in such a messy situation
I can’t say exactly why our client was hacked. But I can think of two reasonable possibilities.
Brute Force
“Brute Force” is a hacking method where you attempt to login thousands of times with different username and password combinations — until you get in. It’s very possible that this is how our client was hacked. They had a user named “admin,” which is the first username brute force hackers try. I’m guessing that the password for this user was probably not something especially strong either.
Vulnerable code
Another strong possibility was vulnerabilities from old code. This client had not used their webmaster’s maintenance/updates plan (ours is called the Hoshu Plan). When you don’t update the WordPress, themes, and plugins — the site becomes more and more vulnerable over time.
This is why it’s essential to keep your code up-to-date! Going without updates is probably the #1 reason WordPress sites get hacked.
