There have been cases where the WordPress staging environment has been contaminated with malware and malware has spread to this site. It is necessary to operate the WordPress staging environment in a security-conscious manner.

What is a WordPress staging environment?

A staging environment is a website environment that has the same configuration as the production environment that is directly accessed by users and is the final test for that environment. (It is a copy site with an arbitrarily different URL.)

Hetemul, Name.com, X Server, and others provide functions that make it easy to create a staging environment these days.

However, just because a site is a staging site does not mean that it is free from malware. If any of the files on the staging site can be accessed via the Internet, it is possible to be hacked and embed malware.

The WordPress staging environment can become infected with malware and spread malware to this site.

Once the staging environment is infected with malware, if the staging is copied to the production site, or if the staging site shares the same parent folder as the production site on the server, the malware can scan the folder structure and propagate itself to the production WordPress site.

For this reason, private staging sites should also be operated with security in mind.

・Strong passwords for all administrator users

Regularly update WordPress and plug-ins.

Install and properly configure security plug-ins.

Regularly perform vulnerability and malware scanning.

↓Vulnerability and malware inspections can be performed with the following plug-ins. We hope you will use the following plug-ins.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

is a basic security measure.

Reference
Five free WordPress security measures

What if multiple staging and production sites are infected with malware?

If a staging site or multiple production sites are infected with malware, the aforementioned malware scanning plug-ins can be used to scan and remove the malware, but some malware has the ability to block access to the administration screen, or reside in the process and instantly resurface, Some malware can also be of low code quality, which can cause the site itself to be corrupted into an inaccessible state.

We recommend that you contact a professional malware removal service as soon as possible if you feel that you are in over your head.

Related Posts:

  1. What to do if you have multiple WordPress sites on your server and find that they are infected with malware
    If you have multiple WordPress sites on your server and find that they are infected with malware, here is what to do....
  2. Why does WordPress malware (tampering) spread to all sites in the server?
    I would like to explain why WordPress malware (tampering) spreads to all sites on the server....
  3. It is dangerous to get rid of WordPress malware infected sites one by one!
    If you have multiple WordPress sites on multiple domains under a single contract, and it is clear that several of them are infected with malware (tampered with), it may be dangerous to repair them one by one....
  4. Notes on what to do if multiple WordPress sites across the server have been infected (tampered with) by malware.
    We will explain the precautions to take when multiple WordPress sites across the server have been infected (tampered with) by malware....
  5. Five major reasons why WordPress is infected (re-modified) again even after malware is removed.
    We know that reinfection of a WordPress site with malware is the last thing a site operator wants, as it prolongs the period of time that the site is in disrepair and can cause problems with clients. Here we would like to explain the five main factors that can cause reinfection....
  6. What to do when multiple (or all) sites on a single server are infected with malware
    We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering)....