Known as an expert WordPress trouble-shooter, I often receive calls from clients about hacked websites. Recently, I received an email from an IT services company that also hosts websites for some of their clients. One of their websites was hacked and showing malware warnings. The site was also redirecting to another location.
After providing the WordPress login credentials, I discovered that the website contained outdated plugins, themes, and core WordPress. There were updates available for plugins, themes, and WordPress core. After launching, the website backend updates were never processed. A scan of the website highlighted several plugins that had critical vulnerabilities (meaning that hackers know about the vulnerability and have hacked other websites).
After running all the available updates and replacing abandoned plugins, the malware still existed. The hacker had changed the code in numerous locations, and the code self-replicated (meaning that once deleted in one file, another file caused the malware code to spread to other files).
To stop the self-replication, I had to take a copy of the website and download it to my local web hosting server. Once installed on my local server, I could go through all the infected files and manually remove the malware code. With the website now secure, I uploaded the cleaned website to the live server.
All was good for a day or so, until I received another email that the website was hacked again! Also, about 20 other websites on the same shared hosting server were hacked as well.
How did the hacker get in again?
cPanel Password Was Hacked
Turns out, the hacker had access to the web hosting server. The hosting server used cPanel (a popular web hosting addition) for managing the server backend. Once the hacker has access to cPanel, they had direct access to the server. The cPanel password was on a known hacking website. The hosting company used the same password on numerous cPanel accounts.
The first step was to change the password on all the cPanel accounts. Next, I had to download all the infected websites and clean them. After cleaning the affected websites, I restored them to their live servers.
When hosting your website on a shared hosting server, ensure your web hosting company secures all accounts.
How do you secure a web hosting server?
Securing a web hosting server is essential to protect your website and sensitive information from cyber threats. Ask your web host company if they are taking steps to secure the websites on their servers. Here are some items that your web host should be doing to help secure your web hosting server:
Things to ask your web hosting company
- Ensure that your server software, including the operating system and web server software, are kept up to date with the latest security patches.
- Use strong, unique passwords for all server and database accounts, and regularly change them.
- Use Secure Sockets Layer (SSL) encryption to secure the transmission of sensitive data between the server and users’ browsers.
- Disable any unnecessary services or applications not needed to run your website, as they may pose a security risk.
- Install and configure a firewall to block unauthorized access to your server and limit the exposure of vulnerabilities.
- Regularly monitor server logs to identify and address any suspicious activity, such as unauthorized logins or brute-force attacks.
- Regularly back up your website data and store it off-site to protect against data loss in case of a security breach or other disaster.
- Limit access to your server and database to only those who need it and use secure authentication methods like public-key cryptography.
- Use intrusion detection software to monitor for signs of unauthorized access or malicious activity.
- Stay informed about new security threats and best practices by reading security blogs, attending webinars, and participating in online security communities.
By following these tips, your web hosting company can help you secure your web hosting server. A secure server will protect your website and sensitive information from cyber threats. It may not be your website that is vulnerable but other websites on the same web server. Ensure your web hosting company takes steps to secure your web hosting server.