WordPress sites getting compromised and Malware

Jan 18, 2016
24
2
3
India
cPanel Access Level
Root Administrator
I have many websites built on WordPress by different customers, We have noticed mass compromisation on the sites by adding codes in the wp-config file. Even I have checked many accounts having suspicious files, Scanned with ClamAV it shows them as Malware but even after them, they come back after a few days.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,336
582
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Rajesh Chauhan


My assumption would be that you have a vulnerable plugin/theme/etc. on these sites that continues to allow the site to be compromised. Removing the data isn't really enough, you need to remove the source of the issue. They have an article that might be helpful for you here: Hardening WordPress « WordPress Codex

Thanks!
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,336
582
263
Houston
cPanel Access Level
DataCenter Provider
Hi @Rajesh Chauhan

As far as analyzing which plugins/themes/etc. may be vulnerable we don't provide anything of that nature though you may find a WordPress specific plugin that does this a quick google search should provide you with some useful results. ClamAV can identify malware already on the server but not which plugins you've installed on the Wordpress installation that may be vulnerable.

Thanks!
 
  • Like
Reactions: Rajesh Chauhan

Infopro

cPanel Sr. Product Evangelist
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Is there any module to analyze such vulnerable files or detect or protect them from the server end?
At the bottom of the link posted above by cPanelLauren are several suggestions, WordFence and Sucuri addons are two you might want to look into installing. Both have online website scanners as well I believe.
Hardening WordPress « WordPress Codex