Alert! Alert! Malware Detected!

This week, we had a fellow student of ours get Malware installed on their webserver. Our awesome hosts over at QTH.com caught it and deleted the install before others were infected. It turns out, weak login credentials and default email address usage was the way in. It was a good reminder on making sure to keep things as secure as possible. With wordpress being such a popular platform, it also makes it a popular target with the bad guys. They will always try to find a way in, but let’s not make it any easier for them.

The following post will walk you through the steps of helping to minimize the risks.

Tip 1: Delete Unused Installs

The most effective way to stop a bad guy from accessing a WordPress site is to delete the install if it isn’t needed. If we have any test installs or old staging environments that are no longer being used, get rid of them, ASAP.

  1. Login to cPanel
  2. Scroll down to the scripts area
  3. Click on WordPress
  4. This will launch the WordPress area of the Softaculous App installer
  5. Scroll down to see your WordPress Installs.
  6. Click the big Red “X” next to the installs you no longer need.
  7. On the next screen, confirm the uninstall.

Tip 2: Update your Admin password and Email Addresss

If you need to keep your install, but used a weak password and/or default email address during the install process update those credentials.

  1. login to your wordpress site (yourdomain.com/wp-admin)
  2. On the dashboard click on the Users Tab.
  3. Hover over the users name and click Edit
  4. Scroll down to the email form element. The email can be used in place of a username during login, so if this looks like a default, bad guys can figure it out easily. You should update it to your real email address.
  5. Next scroll down to the password form element
  6. Click Generate password and remember what they generate for you, or update it to the password of your choice.
  7. Then click the update profile button

Tip 3: Create a new Administrator Account

WordPress doesn’t let you change the name of usernames. So if you want a more unique username, just create a  new user with an administrator role, and delete the original. This also lets you add a new password and email address at the same time.

  1. login to your wordpress site (yourdomain.com/wp-admin)
  2. On the dashboard click on the Users Tab.
  3. Click the Add New button
  4. Fill out the credentials of the new user.
  5. In the Roles dropdown, choose Administrator
  6. Click the Add New User button

With the new user added, go to the upper right hand corner and logout of the current session. Since you can’t delete yourself, you have to log back in as the new user that was just created.

  1. logout of your current session
  2. login as the new user
  3. Hover over the original username
  4. click the red “delete” button
  5. Attribute the content to a new user if desired
  6. Then confirm deletion.

Conclusion

There will always be bad guys trying to do bad stuff with our tech. As long as the popularity of WordPress remains high, so too does the incentive of these bad guys to try to break into our sites. In addition to the steps above, you will want to make sure to update your themes and plugins in a timely manner. Just make sure to back-up your site and to check compatibility before doing so.