How to avoid malware and increase security

Hindrik
(@hindrik)

8 years ago

Hey WordPressers.

There are currently some issues regarding web-safety that I would like to discuss with you. When I started out as a WordPress freelancer, I would have never thought of this topic. The first websites I made (2012) were never attacked. When I started to develop my skills, I always offered my client some web security by making use of iThemes Security (free version). Everything went pretty fine and I never had major issues. However, these days, two of my websites are sending spam emails to the contacts bound to the email account, and one of them is non-stop under attack. Concerning this last point, I installed WordFence (free) and deleted iThemes Security, and at least all traffic is being kept outside the door. However, these email scripts cannot be found by all the major plugins (e.g. Exploit Scanner, WordFence, iThemes Security etc.). Other security scans such as Sucuri or the scan from ManageWP do not find anything at all. After reading loads of articles about hacked websites and malware, I am still not confident about solving these problems. I personally feel that this topic goes beyond my knowledge. What I usually do as being a freelancer, with things that go beyond my knowledge, is outsourcing. I don’t create my own Themes, I purchase them. Which goes hand in hand with plugins. However, one question that remains is the following.

How can I convince myself and my clients, that I can make their website secure to average hackers and other inappropriate traffic, by making use of proper plugins or other software.

To give a direction what I considered so far. The premium services by WordFence do not seem to solve these problems. Sucuri premium is awesome, but way to expensive for my clients. ManageWP (through which I manage all my sites) creates backups but is also not able to detect these malicious files.

Any suggestions about fully securing WordPress websites, for a reasonable price, taking private clients into consideration, are highly appreciated. Even full WordPress management systems are fine. As long as I keep the undesired traffic out of the door, and can promise my clients (to some extend) that they are considerably safe.

Thank you for helping out!

Viewing 3 replies - 1 through 3 (of 3 total)

Andrew Nevins
(@anevins)

WCLDN 2018 Contributor | Volunteer support

8 years ago

How can I convince myself and my clients, that I can make their website secure to average hackers and other inappropriate traffic, by making use of proper plugins or other software.

That’s already covered in WordPress core, you don’t need to install a plugin to be secure. Maybe just follow some best practices; http://codex.wordpress.org/Hardening_WordPress

Thread Starter Hindrik
(@hindrik)

8 years ago

Ah I forgot to tell. The first website does not even have any email-addresses configured. Its just sending spam. The hosting company says the following: “The email-addresses are not sending spam, the spam is being sent from the website itself”.

Concerning the other email-address, this one is only being used through the webclient of one.com. The client scanned her computer with Anti-Malwarebytes and nothing was found.

Thread Starter Hindrik
(@hindrik)

8 years ago

Thank you, I will definitely read into that.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘How to avoid malware and increase security’ is closed to new replies.

How to avoid malware and increase security

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics