bookmark_borderWhat To Do If You Suspect a Security Issue
We take security issues very seriously and want to make sure that any security concerns are appropriately addressed in a timely manner. In this article, we will take a look at identifying a legitimate security concern and what to look for before submitting a ticket to support.
Note: This article is not intended for security researchers reporting a code vulnerability. For technical details on identifying code vulnerabilities, you may review our article on security practices in Gravity Forms.
Determining if you have a threat
If you have a security threat, many times it will be quite blatant but can sometimes be a bit subtle. Here are a few things to look for:
- If any part of your site has been abruptly replaced with other content you do not recognize, your site has likely been hacked.
- Suddenly being unable to log into your WordPress admin dashboard is another sign that your side may be compromised.
- Check for unknown plugins. Some attacks will install plugins with clever names to hide their true intent.
- If you have Webmaster Tools enabled, most times Google will alert you of possible malware on your site. Check your email for any alerts that may have been sent regarding a security issue.
- Check the pages on your site. Many times when a site is compromised, links will be injected within either the footer or within the main content itself.
- If you are accepting payments, check to ensure that any payment gateway information is indeed yours. If the payment information has changed, it’s a sure sign that your site has been compromised.
Cleaning up a compromised site
If your site has been compromised, it can sometimes be quite difficult to completely track it down. Here are a few things that can help you clean up a site after it has been compromised:
- If possible, restore from the earliest possible backup. This will ensure that you have a clean copy of your files rather than attempting to track down the issue which can take quite a while. Always back up your site early and often as this is your best defense against a catastrophic issue.
- Install iThemes Security and use the security scanner included with it. Often times, iThemes Security can easily locate malicious files hiding deep inside your WordPress installation.
- Restore your WordPress core files with a fresh copy. As it is a good practice to never modify your WordPress core files and instead build a plugin that makes the changes you need, replacing your WordPress core files with a fresh copy can often make an impact if malicious software has modified them.
- Reinstall any plugins and themes you may be using. Doing so will make sure you have a clean copy. Although most data should be stored in the database, be sure to create a backup first just in case anything goes wrong.
- Change any passwords used to access your content. This includes your WordPress admin user passwords, FTP credentials, database credentials, and cPanel passwords. If you’re having trouble making those changes, your web host should be able to easily make the change for you.
Preventing security issues
- Keep all of your plugins, themes, and WordPress core updated at all times. A large number of sites are compromised due to out of date plugins, themes, or WordPress core every day. Keeping everything up to date is your best defense against attacks.
- Use secure passwords. Often times, the password being used is the weakest link in the chain. Passwords should be completely random and contain a mixture of upper-case and lower-case letters, numbers, and symbols.
- Use security plugins for added protection. iThemes Security does a great job of preventing common attacks before they happen as well as BruteProtect will help prevent against brute force attacks.
- Using secure, well-known plugins minimizes security risks as they are regularly updated and vulnerabilities are discovered rather quickly and before they are discovered by the public.