There are cases where WordPress is infected with malware even though WordPress itself and all plugins are up-to-date. We will explain the real route of entry in this case.

Intrusion route 1: Unauthorized login to the management screen

Twenty percent of the time, WordPress is hacked and tampered with because hackers are able to determine the password for administrative privileges and log in.

Once a hacker is able to log in to the WordPress administration panel, they can do almost anything they want on the server, including defacing the site, installing unauthorized plug-ins, and uploading viruses.

Hackers can use a variety of common password dictionaries to find out the login password for administrative privileges in what is called a brute force attack, in which the login enforcement is automatically repeated tens of thousands of times.
We recommend that you use a password that is at least 12 characters long, is a random string of characters, and contains at least one single-byte alphanumeric character (upper and lower case) and one symbol. It is also dangerous to use a password that is close to your administrator ID.

Intrusion route 2: Unauthorized login via test site

The above unauthorized logins are equally dangerous with respect to test sites. Even if you think that the test site is undetectable, its URL or folder can be discovered by a search engine.
We recommend that the administrator password for the test site be a random string of at least 12 characters, including at least one upper and one lower case alphanumeric character and one symbol.

Intrusion route 3: Infection via another site on the server

Some recent malware spreads infection automatically by scanning the folder structure on the server. If there are multiple sites sharing the same parent (Root) folder on the server, malware infection may spread through other sites.

For this reason, it is necessary to remove unnecessary sites from the server, and to take security measures such as increasing the strength of the administrator’s password for all sites on the server, updating and vulnerability scanning to close the vulnerabilities.

The following plug-ins can be used to easily perform vulnerability countermeasures and malware scanning of all sites on the server. We hope you will make use of it.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

Intrusion route 4 Vulnerability of the server itself

In some cases, more fundamental vulnerabilities in the server’s OS (Linux), server configuration software, etc. can be exploited to infect a site with malware.
Vulnerabilities in operating systems and middleware (Apache, Nginx, PHP, etc.) are discovered on a regular basis, and continued use of older, unpatched versions can allow an attacker to exploit these holes to gain entry into the server itself.
Key measures include
Regular OS and software updates, disabling unnecessary services and ports, configuring firewalls, strengthening SSH connections, installing a WAF (Web Application Firewall), regular log monitoring and tamper detection
etc.

However, on shared servers, these measures are taken by the server management company. (In many cases, the site operator is required to update the PHP version and Mysql version.)
Therefore, site operators need to pay special attention to the security measures of the server itself when using VPS, AWS, or other types of servers that allow root access and free configuration of the server’s software.

Intrusion route 5: The site operator’s PC is infected with a virus

Although extremely rare, the site operator’s PC may be infected with a virus, the local PC test environment may be infected with malware, or FTP connection information may be leaked via a virus.
It is recommended that all site operators’ PCs be tested for viruses.

Intrusion route 6: Malware is included in the illegally obtained plug-ins or themes from the beginning.

If you have installed an unauthorized theme or plugin (called a “nulled theme” or “plugin”) on your WordPress site, the theme or plugin may contain malware from the start.

In some cases, production companies use nulled themes and plug-ins without informing the contractor in order to cut costs.

Malware included in such nulled plug-ins and themes can be detected by the above malware scanning plug-in, so please use it if you wish.

We hope this helps you.

Terms of Use for Generated AI

This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.

Related Posts:

  1. When WordPress is hacked, do you know the cause, date and time of the hack?
    One of the rare questions we receive when WordPress Doctor recovers from malware or tampering on behalf of our clients is that they want to know the cause and date of the problem. Here is an explanation of how we can find out. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page,...
  2. What to do if you have multiple WordPress sites on your server and find that they are infected with malware
    If you have multiple WordPress sites on your server and find that they are infected with malware, here is what to do. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using...
  3. Five major reasons why WordPress is infected (re-modified) again even after malware is removed.
    We know that reinfection of a WordPress site with malware is the last thing a site operator wants, as it prolongs the period of time that the site is in disrepair and can cause problems with clients. Here we would like to explain the five main factors that can cause reinfection. Terms of Use for Generated AI This page prohibits...
  4. Security measures for plugins, themes, and WordPress updates (updates) that are difficult to keep up to date
    Updating (updating) a WordPress site’s plug-ins, theme, or main body will overwrite the code, so it may be difficult to update if you have customized the site in any way. In addition, many sites have been stopped by their creators from updating their sites because of the possibility of malfunctions that may occur if the above mentioned updates are made....
  5. How to check individual WordPress themes and plugins for vulnerabilities
    Here are some ways to check for vulnerabilities in WordPress themes and plugins. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.1. it is not for the...
  6. We will explain 5 blind spots that are more dangerous for WordPress operators who think they have security measures in place.
    We will explain five blind spots that are more dangerous for WordPress operators who think they have security measures in place. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated...