Malware infection is not only a WordPress problem, but is common to all CMS. (WordPress stands out because of its overwhelming popularity, but…) There are an increasing number of cases where old Movable Type is left unattended on a server and malware infection spreads to WordPress sites from there.

Malware infection from old Movable Type

Movable Type is the second most popular CMS after WordPress, but like WordPress, dangerous vulnerabilities have been reported.

There have been many cases of sites that were originally created using Movable Type, migrated to WordPress, and then left the pre-Movable Type on the server, where the vulnerability in Movable Type led to malware infection in WordPress.

To avoid such a situation, we recommend that you delete the entire Movable Type program data from the server as soon as possible if you have an old Movable Type that is not in use.
(Backups will be taken as necessary before deletion).

Avoid leaving unnecessary programs on the server as much as possible, as this will help improve security.

Many WordPress sites are hacked and defaced or malware (backdoors) are installed due to program vulnerabilities.

Hackers use random tools to check multiple sites for vulnerabilities and attempt to hack into them if they are present.

For this reason, it is important to avoid leaving unnecessary programs on the server to improve security.
We recommend that you check to see if any of the following programs are left on your server

1.Unused themes or plug-ins
2.Unused WordPress sites
3.Unused MovableType
4.PHPMYADMIN, which is used only rarely

If you have any of these programs on your server, we recommend that you remove them from your server as soon as possible.

Even if you are using them, we recommend that you implement basic security measures by installing plug-ins, etc.

Free WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal]

If one site is hacked, the malware infection can spread to other sites (domain folders) that share the root folder, especially if there are multiple sites on the server.

If multiple domain sites are installed on a server, it is recommended that all of them be secured to ensure safe site operation.

Even if you don’t have to take difficult security measures, just basic security measures can greatly increase the security of your WordPress site, as hackers mainly use the most widespread, shallow, and easiest hacking techniques.

Related Posts:

  1. What to do if you have multiple WordPress sites on your server and find that they are infected with malware
    If you have multiple WordPress sites on your server and find that they are infected with malware, here is what to do....
  2. Case of WordPress site tampered with due to Movable Type vulnerability
    Recently, we have been receiving an increasing number of requests for malware removal from sites that have older versions of Movable Type mixed in with their servers....
  3. How to Prevent WordPress Site-to-Site Malware Infection
    Taking advantage of the convenience of being able to operate multiple domain sites under a single server contract, malware today often analyzes the server folder structure and spreads infection from one site to the folders of other sites (domains)....
  4. Reasons for repeated hacker defacement and malware infection on WordPress sites
    Once a WordPress site has been defaced by hackers, embedded malware, or infected with a virus, the site may be repeatedly defaced even after you think you have removed the malware. We will explain how to deal with such cases....
  5. It is dangerous to get rid of WordPress malware infected sites one by one!
    If you have multiple WordPress sites on multiple domains under a single contract, and it is clear that several of them are infected with malware (tampered with), it may be dangerous to repair them one by one....
  6. 5 operations that are at high risk of WordPress sites being hacked and tampered with.
    We will explain the five most dangerous ways to operate a WordPress site that can lead to it being hacked, defaced, sent to another site, or in the form of embedded malware. We hope that you will use this information as a lesson to the contrary....