: How to prevent iframe virus? What are all the measures can be taken once affected by it? Suddenly, I see some of my blog files(wordpress) contains some <iframe> tags with links to some
Suddenly, I see some of my blog files(wordpress) contains some <iframe> tags with links to some websites. How does it happen? What do I have to do to remove this virus and clean my website?
I opened few files using a text editor and removed the <iframe> code. Also, changed all my FTP password. How can I ensure that my site is clean now? What are all the preventions I can take to avoid this in futre?
More posts by @Sims2060225
5 Comments
Sorted by latest first Latest Oldest Best
You can use the "Secure Wordpress" plugin which at the beginning was developed by Frank Bueltge. Now sitesecuritymonitor.com maintains it. The plugin contains a method to scan your Wordpress blog against known Vulnerabilities.
See: www.sitesecuritymonitor.com/secure-wordpress-plugin
Are you running on a shared server?
I've previously seen on shared servers instances where one account has been hacked and it's been possible for the hackers to access other sites on the shared server through files which the PHP users has access to.
or you could just do an in-file search and replace of your folders. Because iframes are evil by default...
Obviously, always make sure you have the latest version of Wordpress installed. The admin panel tells you when WP needs updating. If you don't log in too often, you could follow the wordpress.org blog feed to keep on top it.
Every time you download a new theme you should search through the source code for any use of base64_decode or eval (Notepad++ makes this easy), this is the primary way to hide malicious code or spammy links. You can copy the encoded HTML/PHP into an online base64 decoder if you like, to see what it's actually doing.
Cleaning a WordPress install, or any site, of such files is generally straightforward. If there's a pattern, do a search of the relevant files and then replace the bad code.
In the case of WordPress, there are a few different sources of bad code (probably others):
An already infected theme was installed
Your site's FTP password was guessed and hacked
WordPress is insecure and allowed a worm to be installed
One thing you can do is install TAC (Theme Authenticity Checker), which will scan for the bad stuff.
See Hardening WordPress for steps to take to make WordPress more secure. But basically when I've seen this happen what I do is back everything up (database and all files), then blow that install away and install a fresh WordPress install, fresh replacement plugins, and a fresh theme (if your theme was custom, get rid of the bad code first!).
Googling for "wordpress infection" should get you other articles with similar advice.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.