After spending many hours over the last few weeks fighting/removing malware and malicious code from standard and WordPress websites I thought I should do a general post about web malware.
It may not happen to your website but the chances are good that at some point it will. No website or security system is immune to these attacks.
You should take precautions to protect your site.
It is recommended that you stay up-to-date with the latest version of WordPress. Please note that this can sometimes “break” your theme/template. ALWAYS BACKUP YOUR WEBSITE BEFORE MAKING ANY UPDATES! An update of your theme may solve this problem, however updating the theme can also sometimes cause the need to reconfigure customizations like slideshows, special coding, etc.
Here is a list of security plugins that I highly recommend use on the sites I maintain:
Wordfence – monitors your site for problems and outdated files; you can and should use it to scan for malicious code and files
BruteProtect – protects your site from most cyber attacks and can also monitor your WordPress install, plugins, and themes for updates and automatically update them when possible.
Clef – two-factor authentication – blocks logins from all users other than those legimately registered. Requires some careful selections and an app on your phone.
These plugins can be installed using the Plugins > Add New button in your Dashboard sidebar. Search for them by name.
BruteProtect and Clef require a free account at WordPress.com
contact www.site-image.com for help with website maintenance