If you have a WordPress site on GoDaddy, keep a close eye on it. This week alone two different people have come to me with site issues that have turned out to be the same exact hack. There seems to be a spate of them going on – see this thread in the WordPress forums that I came across – this is the same hack that I found. Fortunately in the cases I’ve seen it hasn’t caused a ton of damage – more a nuisance than anything, but it indicates vulnerabilities in your site. GoDaddy of course will provide you with no help at all – they won’t even check if it’s a hack, they will just assume it’s some WordPress issue and not even give you a place to start trying to fix it. I’m not a security expert so I’m not sure if the timthumb vulnerability was the way in, but in both cases that vulnerability was present. In both cases I found code added to the functions.php file as well as a few other dodgy files showing up.
For hack clean-up I recommend Sucuri (aff. link) – they are the leaders in web security and are WordPress experts. And once you have things straightened out, I recommend moving to a proper hosting company such as WPEngine (aff. link) where they won’t brush you off with a “it’s a WordPress problem, so we can’t help you” response. In fact they work directly with Sucuri and if your site were to be hacked, they would clean it for you.
Again, I’m no expert so I cannot say if any of the following plugins would have prevented this exact hack or if the problem is a deeper issue with GoDaddy’s servers themselves, but generally I recommend the following to increase the security of your site:
WordFence – actively scans and protects your site. There is a free version and a paid version. The free version is better than nothing, the paid version is even better.
TimThumb Vulnerability Scanner – For checking if you’re at risk from the timthumb hack, use the vulnerability scanner to find and fix that issue.
Exploit Scanner – has also helped me in the past find files that have been hacked, but it gives a lot of false positives so it’s hard for newbies to really know what is a real issue and what isn’t. I’d recommend it for more advanced users, or you could run the scan and have an expert look over the results for you.
Honorable mention – WordPress Firewall 2 – this plugin hasn’t been updated in a while and I wouldn’t usually recommend such an old plugin but I have been running it on one of my sites for a long time with no problems and it seems to be working fine. In the beginning you may again get a few false positives but you can whitelist those. I still get notifications from the plugin about attempted hacks it claims to have prevented, so it certainly makes me feel like it’s doing some good!
photo courtesy: http://www.flickr.com/photos/brianklug/6870002408/sizes/z/in/photostream/