09-02-2013, 09:31 PM
Who's the host? Hosts like Dreamhost have scripts which will cleanse your site files.
Your sites can get hacked for a number of reasons. Sometimes the host is at fault. But there's a good chance moving your stuff to another host will just be moving your exploits to another host.
A few things to try:
- Install http://wordpress.org/plugins/p3-profiler/ to figure out what's sucking down the CPU in WordPress
- Install the free version of http://wordpress.org/plugins/wordfence/ and have it scan for exploits
- Go through your own files and look for any potential exploits. Sometimes just searching through the files for "base64" is a good start. Take an especially close look to code at the ends of the files.
- Once you've scrubbed all your files and make sure they're not infected, change your passwords.
- It's good to segment sites out so they're each on their own user, rather than all the sites being run under one user. It's easier to figure out where the source of the exploit is.
- Plugins. First of all, use the least amount of plugins you can. "plugins are all updated" isn't all you need to think about as far as updates. When was the last time each plugin was updated by the developer? Depending on the plugin, if it's more than a year old, I'd find a replacement.
- Setup the sites with Google Webmaster tools. It may seem odd, but if you use the meta tag for authentication, a lot of hackers will stay away from sites with that tag because they know instances of malware will be reported more quickly.
Your sites can get hacked for a number of reasons. Sometimes the host is at fault. But there's a good chance moving your stuff to another host will just be moving your exploits to another host.
A few things to try:
- Install http://wordpress.org/plugins/p3-profiler/ to figure out what's sucking down the CPU in WordPress
- Install the free version of http://wordpress.org/plugins/wordfence/ and have it scan for exploits
- Go through your own files and look for any potential exploits. Sometimes just searching through the files for "base64" is a good start. Take an especially close look to code at the ends of the files.
- Once you've scrubbed all your files and make sure they're not infected, change your passwords.
- It's good to segment sites out so they're each on their own user, rather than all the sites being run under one user. It's easier to figure out where the source of the exploit is.
- Plugins. First of all, use the least amount of plugins you can. "plugins are all updated" isn't all you need to think about as far as updates. When was the last time each plugin was updated by the developer? Depending on the plugin, if it's more than a year old, I'd find a replacement.
- Setup the sites with Google Webmaster tools. It may seem odd, but if you use the meta tag for authentication, a lot of hackers will stay away from sites with that tag because they know instances of malware will be reported more quickly.