1

One of my developers manages our company site. It’s a Wordpress site. It was injected with Malware and Google flagged it. We have two domains. The site is on one and our email is on another. One of my admins put a redirect on the domain our emails resides on so it would lead to our main site. There’s no site there. Google flagged both domains. We are on Google for Business email so our outgoing emails have a big red bar warning that it may contain malware. Our CEO had to send a warning to all of our clients and I was embarrassed for him. This is the second time the site has been injected with malware. I was hired to clean up this mess. Among others.

We moved the site from Hostgator to Green Geeks. We added Sucuri Security and their Wordpress plugin. I am thinking we need to move to VPS as well. The redirect has been disable but the CEO wants it back and we could possibly move our email to another domain but we would have to redirect our old email I assume. Maybe move from Google to Office 365 as well. I know that’s a lot of info. What would you do? Thanks.

8 Spice ups
2

Whilst Wordpress is obviously a target, don’t forget to look at the other ways your site can be compromised.

The OS, the database (I’m assuming MySQL or MariaDB), PHP version and the passwords.

There’s no point spending all your time concentrating on the Wordpress angle if you don’t look at the other bits.

What’s the justification for moving your email? If your website is compromised, your email should be (in theory) unaffected unless you’re sending things from your website.

1 Spice up
3

First thing to do is to find out how the hack occurred, if it was a wordpress vulnerability then changing VPS’es and all sorts won’t make a blind bit of difference.

1 Spice up
4

The redirect on the domain caused our Google email to be flagged. Our emails have warnings of malware in the messages section. The Wordpress plugins have been removed or cleaned. The site is now clean. The question pertains to how prevent this in the future. Email being on the same domain and all.

5

By practising good security.

Keep an eye on security bulletins.

Harden the server.

Use secure passwords.

Ensure it’s fully patched, OS, wordpress, everything.

and so on.

1 Spice up
6

I don’t use Google Apps so can you explain how a compromised website leads to email warnings, because that seems illogical - the two things are completely separate.

2 Spice ups
7

I too do not see the correlation between the two. Kinda weird that Google flagged its own email service.

8

This just in: Wordpress is a constant vulnerability.

3 Spice ups
9

Yep.

This is why you pay someone else to manage your website. Let them handle the patching for all the bits.

10

Use the word fence plugin. Sends alerts when someone attempts to log in. Change default username and password.

Wordfence allows to auto-ban anyone trying to log in with the username admin or any username containing the word admin. Its pretty good.

2 Spice ups
11

Say your website is spiceworksweb.com

Your email is you@spiceworks.com

You want clients to find your site typing spiceworks.com so you redirect spiceworks.com to spiceworksweb.com

Spiceworksweb.com gets code injection in its wordpress plugins. Google flags spiceworksweb.com and the redirect, spiceworks.com. Google also flags your email saying they contain links to a malware infected site. Your signatures also has website and email addresses.

12

Ah, so it’s the links it’s complaining about, not the email itself. Gotcha.

Would not making them links alleviate that?

13

Cloudflare ?

BitNinja ?

Imperva ?

http://www.imperva.com/

14

Went with Sucuri Security.

15

Yep, users have their email address and our website address in their signatures. Even when we removed the signatures 1 out of 10 times the email was still flagged. I ran these test with Google support.

16

Not sure if it’s related or not, but since yesterday one of our general email addresses has been spammed by subcription/sign up emails from sites built with wordpress, thousands of them.