Posts Tagged ‘How To’

How to Protect Your WordPress Website from a Pharma Hack

WordPress-Pharma-Hack

WordPress is the best Content Management System (CMS) platform on the planet and with WordPress Developers can build all kind of websites for their clients.  Being a popular CMS platform, WordPress powered websites are most attractive for hackers. In 2010, Pharma hack was one of the serious threat to WordPress website. Although WordPress themes like The Thesis Theme team and WordPress core developers are trying to make it more secure, so its the best practice to keep your WordPress powered site always up to date  and use online tools like Sucuri to know more about latest threats and Malware to make it more safe and secure and use .

What is Pharma hack:

If your website look like pharmacy related website instead of helpful Web resource or not displaying your own content on searching of keywords on Google or other search engines, Its mean your website site is effect by WordPress Pharma hack. The users when trying to search your site  with required keyword, the search engine will not display your website, it will display  pharmaceuticals companies related web pages.

According to Pearsonified: who was effect once and written a detail article on WordPress Pharma hack

The WordPress pharma hack quietly exploits your highest-ranking and most valuable pages by overriding the title tag and by inserting spammy links into the page content. Interestingly, the modified title tag and spammy links are only visible to search engines.

The three red arrows highlight <title> tags that were cloaked by the WordPress pharma hack. [Source: WordPress Pharma hack ]

This is the big lose for site owners because they tried enough to get  good traffic but they never know their traffic is not coming from search engines and traffic going down everyday because hackers have put their malicious code in your web pages that replacing your links and Google description by stealing search links.

There are lot of tutorials and articles on Preventing WordPress powered website (wparena’s: how to find remove and protect wordpress site from malware and Identifying removing and preventing malware on your WordPress site), but in today I am simple going to complie a list of useful articles and tutorials along with tips and tricks for diagnoses, fixes and prevention of  WordPress Pharma Hack.

Understanding WordPress Pharma Hack Penetration

There are different ways attackers insert the malicious code into  WordPress file to get control over the database, plugins files even on WordPress core file like adding code in .htaccess file.   According to Sucuri which can provide the best  protection service for your websites and  web servers, there are three parts for WordPress pharma hack to add malicious code:

  •  Backdoor that allows the attackers to insert files and modify the database.
  •  Backdoor inside one (or more) plugins to insert the spam.
  •  Backdoor inside the database used by the plugins.

If you fix one of the three, but forget about the rest, you’ll most likely be reinfected and the spam will continue to be indexed.

As always, we recommend that you update your WordPress instance to the latest version. This goes for all of your plugins, themes, etc. WordPress is typically very secure, it’s when you’re running old versions, and/or out of date plugins/themes that run into trouble. Keep your stuff up to date, and it will minimize the risk of infection significantly.

[Source: Understanding and Cleaning the Pharma hack on WordPress]

For all other Web page security Golem Technologies. On the other hand, according to Pearsonified, These kind of attacks happened in two parts: There are malicious files in the WordPress plugins folder which contain identifiable PHP functions like  eval() andbase64_decode()but this kind of hack is not exception for such kind of hack. The only difference with Pharma hack inclusion, these functions stored in the WordPress database as strings, and they’re encoded backwards!  which open the backdoor for further run the string from the database. At runtime, a hack file in the plugins folder pulls these strings from the database, flips ‘em, and then runs ‘em as functions, and that’s how the deed gets done.

The hack pings Google Blog Search with queries like this one to see how many links a particular page has, and then it stores the results in the database. At runtime, the hack uses the number of links to determine which pages to target. [Source: WordPress Pharma hack ]

WordPress Pharma Hack Affects

In most (not all) cases the spammy links and/or content is cloaked or hidden from your sites visitors, it is only visible to search engine bots.  When a search engine bot makes a request for a page on your site in addition to the page being requested a search engine bot will identify itself in the user agent field.  Scripting languages such as php and javascript can read this value and determine when the request is coming from a search engine bot.

The form of the pharma hack varies from site to site, it can hit a single page or 1000s of pages, on some sites the hackers add 100s of hidden links to on-line pharmacy sites to the legitimate pages of a site.  On other sites the hackers use a cloaked or conditional hack which returns the spammy content only to a search engine bot.  Another common method is to add a php file to the site that returns the spammy content. The methods for accomplishing a pharma hack also vary from site to site, from some generic methods effective against all sites, to more specific methods that target the sites’ CMS such as WordPress or Joomla. [Source: Spam Hacks, The Pharmacy Hack, The Porn Hack]

According to websitedefender a Pharma Hack typically affects websites in three ways:
1. Results are visible on search engines only
2. Very difficult to eliminate
3. Highest ranked pages are targeted
Detail: Web security – SEO poisoning- pharma hack

Jaspal Sahota given detail WordPress Pharma hacks affacts on .htaccess file with other  vulnerabilities: Iif you know how to read .htaccess file, you’ll see that the planted code only works when the visitor is coming from Google, AOL or Yahoo):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (google|yahoo) [OR]
RewriteCond %{HTTP_REFERER} (google|aol|yahoo)
RewriteCond %{REQUEST_URI} /$ [OR]
RewriteCond %{REQUEST_FILENAME} (html|htm|php)$ [NC]
RewriteCond %{REQUEST_FILENAME} !common.php
RewriteCond /home/xyz/public_html/common.php -f
RewriteRule ^.*$ /common.php [L]
</IfModule>

Again, the final file (common.php) was planted. [Source: Pharmahack]

Protecting from WordPress Pharma Hack

There is very useful  article on WordPress prevention at FAQ_My_site_was_hacked. On the following list I have compiled a helpful articles which provide setp by step instruction about how to prevent from WordPress pharma hack attack:

How to Diagnose and Remove the WordPress Pharma Hack

You’ll have to dig through the two places where the hack is known to romp—your WordPress plugins folder and your WordPress database.

WordPress Pharma Hack

This is quite a different attack vector than say brute-forcing passwords on a WordPress site. If you know a little about what you’re doing, this is actually pretty straight forward. In fact, you can script these things pretty easily; this example was written by a hacker over a weekend.

Pharma Hack Fix for WordPress

It is really a brilliant plan.  If it weren’t so illegal – it would be perfect.  As far as I can tell, they employee a 3 stage process.  (Thanks for the help figuring this all out from my friend David, who is a super knowledgeable dude with this sort of stuff.)

How To Completely Clean Your Hacked WordPress Installation

Step by step process on how to completely clean out and restore a WordPress installation that has been hacked.

How to find a backdoor in a hacked WordPress

What’s a backdoor? Well, when somebody gets into your site, the very first thing that happens is that a backdoor is uploaded and installed. These are designed to allow the hacker to regain access after you find and remove him. Done craftily, these backdoors will often survive an upgrade as well, meaning that you stay vulnerable forever, until you find and clean the site up.

Top 5 WordPress Security Tips You Most Likely Don’t Follow

A list of the top 5 tips that most WordPress administrators do not do, but should:

How to increase the safety of WordPress

In this article we will see a series of technical and not that improve the safety of WordPress in a shared and dedicated, by changing some settings and adding the appropriate plugin.

Secure WordPress Themes providers:

StudioPress Premium WordPress Themes PageLines CMS WordPress Themes

How to Secure and Protect WordPress Website through .htaccess file

Protect-the-wp-config.php-File-in-WordPress-Blogs

With the help of a .htaccess (hypertext access) file you can get a directory-level configuration and it  allows you to decentralized the management of your web server configuration. As well it allow you to improve your blog’s security, and reduce bandwidth. Today, we compile a list of tips and hack to increase your WordPress website through .htaccess file.If you like these tips and hacks then please grab the WPArena RSS feed for keep yourself up to date!

Note: Be careful to make changes in this file because modifying the configuration of a server can cause security concerns if not set up properly. So Always have a Backup.

Restricting access to wp-admin

There are different ways to protect your  wp-admin. By using WordPress plugins ”Enhance WordPress security with two-factor authentication plugins” and through adding a .htaccess file into a wp-admin directory like:

By restricting the IP address and create a .htaccess file including following piece of code:

order deny,allow
allow from a.b.c.d # This is your static IP
deny from all

By restricting  the directory with a password:

AuthUserFile /etc/httpd/htpasswd
AuthType Basic
AuthName "restricted"
Order Deny,Allow
Deny from all
Require valid-user
Satisfy any

Source: You can read more about Hardening WordPress website with .htaccess file

Individually Blacklist IP Address

There are considerable number of spammers, scrapers, crackers, those need to be blacklisted to visit the website. Perishable Press every year blocked some IP address and they are giving solution on how to block IP address by using .htaccess file:

<Limit GET POST PUT> order allow,deny allow from all deny from 192.168.0.10 </LIMIT>

Source: Improve site security by protecting .htaccess-files

Ultimate IP Blocker

Want to ban a IP, but don’t know how to use .htaccess and only ban for some pages? Let ipBlocker help you, ban IP(s) with a easy way and many functions, no need any database supported.

Protecting WordPress wp-config file

Josiah Cole giving solution on how to secure your own Website by editing or creating own .htaccess file in the following manners:

1. Protects itself (security)
2. Turns the digital signature off (security)
3. Limits upload size (security)
4. Protects wp-config.php (security)
5. Gives access permission to all visitors with exceptions (security, usability)
6. Specifies custom error documents (usability)
7. Disables directory browsing (security)
8. Redirect old pages to new (optional)
9. Disables image hotlinking (bandwidth)
10. Enables PHP compression (bandwidth)
11. Sets the canonical or “standard” url for your site (seo, usability)

Add the following piece of code in .htaccess file to protect he wp-config file:

# protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files>

Other useful links: How To Secure WordPress configuration file

Add the following code to Disable Directory Browsing:

# disable directory browsing Options All -Indexes

 Disables image hotlinking:

#disable hotlinking of images with forbidden or custom image option
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wparena.com/.*$ [NC]
#RewriteRule \.(gif|jpg)$ – [F]
#RewriteRule \.(gif|jpg)$ http://www.wparena.com/yourimage.gif [R,L]

Source- Almost Perfect htaccess File for WordPress Blogsa

Redirect WordPress Feeds to Feedburner via .htaccess (Redux)

.htaccess is a powerful tool which also help to redirect WordPress feeds to feedburner.

Redirecting your WordPress feeds to Feedburner enables you to take advantage of their many freely provided, highly useful tracking and statistical services. Although there are a few important things to consider beforeoptimizing your feeds and switching to Feedburner, many WordPress users redirect their blog’s two main feeds — “main content” and “all comments” — using either a plugin or directly via htaccess.

For those of us using Feedburner for all content and comment feeds, we have consolidated the previous htaccess code into a single redirect. Additionally, we improve functionality by verifying the requested URI and simplifying the regex used to match the target string. Check it out:

# temp redirect wordpress content feeds to feedburner 
<IfModule mod_rewrite.c> 
RewriteEngine on 
RewriteCond %{HTTP_USER_AGENT} !FeedBurner [NC] 
RewriteCond %{HTTP_USER_AGENT} !FeedValidator [NC] 
RewriteRule ^feed/?([_0-9a-z-]+)?/?$ http://feeds.feedburner.com/wordpressarena [R=302,NC,L]
</IfModule>

Source: Perishable Press | How to switch RSS to feedburner in Thematic

How To Stop Image Hotlinking through .htaccess | WP Recipes

IP Delivery to Stop RSS “Content Thieves”

Quads Zilla at Seo Black Hat explained how to know IP address who is stealing your RSS Feed and how to block IP address through .htaccess file.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^69.16.226.12
RewriteRule ^(.*)$ http://newfeedurl.com/feed

How to maintenance page with a. Htaccess file?

You want to migrate your blog , switch themes , or to update WordPress , why not redirect your visitors to a maintenance page.

RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123
RewriteRule $ /maintenance.html [R=302,L]

Source – CatsWhoCode | Woueb.net | Protecting the WordPress wp-admin folder

Deny no referer requests [stop spam comments!]

If there are lots of spam comments on your blog, along with akismet, you can stop spam comments with .htaccess to prevent spammers posting comments on your blog.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

Source – How to: Deny comment posting to no referrer requests

Force “File Save As” Prompt

By using this code you can force user not to open downloadable files instead you force them to save as:

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4

Source – AskApache: THE Ultimate Htaccess | Forcing a Download with Apache and .htaccess

Improve Site Security by Protecting HTAccess Files

 presents on Perishable Press different  methods to protect .htaccess file. The following code below prevents external access to any file with .htaccess. Add the code below in your domain’s root .htaccess file.

Case-sensitive protection:

# CASE SENSITIVE METHOD
<Files .htaccess>
order allow,deny
deny from all
</Files>

Weak pattern matching

# WEAK PATTERN MATCHING
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

Strong pattern matching

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

.htaccess – gzip and cache for faster loading and bandwidth saving

In order to speed up site and save bandwidth, you can use.htaccess file to gzip text based files and optimize cache HTTP headers.

If your hosting provider like HostGator has mod_gzip module enabled, the best way to compress your content is to add the following lines to your .htaccess file:

mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*

Source – There are other different ways for fast loading and saving bandwidth on:
.htaccess – gzip and cache your site for faster loading and bandwidth saving
WordPress Super Cache: Makes WordPress Faster

WordPress Safer Admin Plugin

Have you ever wondered how you can hide your WordPress Admin Panel so possible attackers won’t be able to find it and gain access to your WordPress site?

If you want to ensure that no one knows where your WordPress Admin Panel is, then this WP Safer Admin Plugin is the right tool for you!

Detail

WP-Restrict

WP-Restrict is a WordPress plugin that allows WordPress admins to restrict access to their web site based on IP addresses.

Detail

Redirecting Subdirectories to the Root Directory via HTAccess

One of the most useful techniques in my HTAccess toolbox involves URL redirection using Apache’s RedirectMatch directive. With RedirectMatch, you get the powerful regex pattern matching available in the mod_alias module combined with the simplicity and effectiveness of the Redirect directive.

RedirectMatch 301 ^/blog/.*$ http://domain.tld/target.html 

Source – Perishable Press | How to redirect the spammers where you want

Removing Category Base from WordPress URLs

The below .htaccess code illustrates 2 different ways to redirect any request for /category/slug/ to /slug/. You should only redirect after applying the php hacks described earlier, otherwise you could end up creating a loop.

RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
# OR
RewriteRule ^category/(.+)$ http://www.askapache.com/$1 [R=301,L]

Source: AskApache

Valiantly automatically fix URL spelling mistakes

This directive can be useful to auto-correct simple spelling errors in the URL

<IfModule mod_speling.c>
CheckSpelling On
</IfModule>

Source – Vortex Mind

Redirect the spammers where you want

Here is the script to add to your WordPress blogs (or into your site’s) .htaccess file:

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*wparena.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://the-site-where-you-want-to-send-spammers.com/$ [R=301,L]

Easily rename your .htaccess file

# rename htaccess files AccessFileName ht.access

Source: Stupid htaccess tricks | How to redirect the spammers where you want

20 htaccess hacks to prevent your wordpress site from hacking

Make your wp-login.php page xenophobic

Here’s the code that you should be copy paste to your root .htaccess file (where wp-login.php exist).

# Redirect wp-admin and wp-login to specified address if not from specific ip
# Btw you're free to add additional directory as you see fit
# Note: This'll break your site if you have plugins/themes that depend on accessing admin-ajax.php
RewriteCond %{REQUEST_URI} wp-login|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . http://www.domain.com/ [R,L]

# Or .. if you prefer to return 404 Not found instead of redirecting it, use below code instead
RewriteCond %{REQUEST_URI} wp-login.php|wp-admin
RewriteCond %{REMOTE_ADDR} !^123.456.789.
RewriteRule . - [R=404,L]

Source – Hardening WordPress with Mod Rewrite and htaccess | 7 Tools For Fighting Spam In WordPress

The easiest way to ban a WordPress spammer

Require password for 1 file

<Files login.php>
   AuthName "Prompt"
   AuthType Basic
   AuthUserFile /home/askapache.com/.htpasswd
   Require valid-user
</Files>

Protect multiple files

<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
   AuthName "Development"
   AuthUserFile /.htpasswd
   AuthType basic
   Require valid-user
</FilesMatch>

Source: ultimate htaccess code snippets

Speed up your site by compressing and caching your content with .htaccess

In the following series you can compress and cache your site content with Apache and .htaccess file.

compress text files

<ifModule mod_deflate.c>
  <filesMatch "\.(css|js|x?html?|php)$">
    SetOutputFilter DEFLATE
  </filesMatch>
</ifModule>

Expire headers

<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
  ExpiresByType text/html "access plus 600 seconds"
  ExpiresByType application/xhtml+xml "access plus 600 seconds"
</ifModule>

Cache-control headers

<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "max-age=216000, private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "max-age=600, private, must-revalidate"
  </filesMatch>
</ifModule>

Turn etags off

<ifModule mod_headers.c>
  Header unset ETag
</ifModule>
FileETag None

Remove last-modified header

<ifModule mod_headers.c>
  Header unset Last-Modified
</ifModule>

Source: More on compressing and caching your site with .htaccess

Performance Optimizer Plugin for WordPress

The plugin will help you increase the performance of your WordPress website. We aim to do this by optimizing key features of the website’s loading process thus increasing the loading speed and limiting the bandwidth consumption.

Detail

References and other Useful Resource:


Protect your WordPress site .htaccess
Using htaccess Files for Pretty URLS
Web security: what is an .htaccess file
How to protect and secure your WordPress site
A to Z of WordPress .htaccess Hacks
Comprehensive guide to .htaccess
Introduction to .htaccess
Forcing a Download with Apache and .htaccess
Hardening WordPress with htaccess

.htaccess Builder

To quickly and effortlessly deliver an htaccess file without having to remember anything about the apache server language used to construct the htaccess file!

htaccess Builder! is complete as is – however – depending on requests and sales it has the potential to grow to cover just about every function of htaccess.

Detail

How to Find, Remove and Protect WordPress Site from Malware

WordPress powered websites are hit list on the crackers, they are using Maleware (a malicious software) for attacking your WordPress site. There are different form of Malware, like viruses, Trojan horse, spyware, hijackers, crimeware, adware, dialers, keyloggers, worms, rootkits and similar programs. Detail about different types of Malware have explained by James D. Nardell on “Different Types Malware“. Latest news about Types of Malware and all other security threats can be found at Panda Security website which provide and present Collective Intelligence Monitor about all threats, as they said ” The best way to defeat your enemy is to understand him.”  I have written step by step guide on How to Identifying removing and preventing malware WordPress site when one of my friend blog xponent4 was effected and I cleaned it up. Now its running okay without Malware but still on threat because of shared hosting on Servage, although they provide the good support but I recommend the best hosting like Hosgator.

If your site is infected, I cab help and assist you with removing Malware from your server and can clean up your WordPress site (Request at Wparena’s Facebook page and like it ). Even we can do basic penetration test free of cost to tell you about Valnurabilities in your WordPress powered Website.

Identifying Malware on WordPress Powered Website


There are different ways that can help you to identify Malware on your website. If you see any issue with Malware  on your site, first of all change your FTP, Admin, and database password and than try to use some online tools like Sucuri, Stop Badware and antiphishing to know more about latest threats and Malware.

Google Safe Browsing Diagnostics tool can help you to check vulnerabilities in your site and provide you the next step about protecting your site, detail you can read on  How to Identifying removing and preventing malware WordPress site.

Next you can use WordPress plugins to check about Malwares on your website, but before using these plugins do foolowing steps to make it more secure. Update all your installed Plugins, Test all Links on your site to make sure that your site not linking to site which contain Malware. All these checking you should don on Virtual Machine, so your actually Machine not be infected during any test. If you are not sure how to do that ask on  Wparena’s Facebook page or you can request in Comment to do it for you.

Timthumb Vulnerability Scanner

Timthumb Vulnerability Scanner is an excellent tool to check any Vulnerability in your site. The recent Timthumb.php vulnerability (discussed here) has left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.

Regina Smola from wpsecuritylock, has explained about this Plugin and Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.

As well Elegant Themes authors provide a security patch and updates in their themes which use image re-sizing script called Timthumb, so their themes are more secure now. Woo Themes authors also update and mention the Security Flaw in their themes.

Detail

Exploit Scanner

Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers. This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames. It does not remove anything. That is left to the user to do. How To Detect Malware in WordPress Using Exploit Scanner.

Detail

There is a huge list of Security Plugins to Protect Your WordPress Site, but few best one are complied by Jules on Quertime Editorial and inspired by Techlila. More Secure Plugins for WordPress: Security Ninja

Reversing engineering to a malware wordpress theme

Removing Malware from WordPress website


Make a COMPLETE and CLOSE review of your ENTIRE content and replace suspect files with fresh ones from trusted sources. Always keep 3rd party Plugins and theme up to date to minimize the risk of security issues as good as possible. Regularly check your content so you might notice unauthorized modifications pretty soon yourself because when notes of this type get overhand we will charge an admin fee for our additional work.

After finding any suspicious and malware infected ads, links, Posts or piece of code in your file, image or in script, remove all of them. If you are sure that your site has been hacked, Follow the steps provided by Go Daddy to get back it online:

  • Take the site offline to avoid putting site visitors and customers at risk.
  • Remove all offending code. This is only effective long-term in conjunction prevention.
  • Fix underlying security vulnerabilities to prevent future attacks.
  • Check for and remove “back doors” left by the hacker. A back door allows the hacker future access even after you secure the site.
  • Check for and install updates, and research the software you are using to find out if other users have been affected.

[identifying-removing-and-preventing-malware-on-your-hosting-server]

Other Resources:

Beginners Guide on How to Remove Malware Scripts and Files
How to Remove malware from website
How to Identifying removing and preventing malware WordPress site

In case if you Machine is infected with Malware you can get help from Different approaches to removing malware.

Protect Website from Malware


Finally all you have to protect your site for further attack and the best tool is the prevention. Try to keep upto date all your Plugins, Theme and Core WordPress and use scanners that can detect vulnerabilities. Before putting any ad or link on your site make sure its not distributing any  Malware and monitor them regularly. As well make sure user generated contents are no containing exploit links to Malware and they are clean for visitors without any suspicious link and executable files.

For maximum security please ensure your account password is secure (at least 6 mixed numbers and letters) and that it is changed regularly. Ensure that permissions for your folders are set to 755 and for files it is set as 644. Also check that no folders have insecure permissions such as 777.

For a password to be strong, it should:

  •  Be at least seven characters long. Because of the way passwords are encrypted, the most secure passwords are 6-12characters long.
  •  Have at least one symbol character in the second through sixth positions.
  • Be significantly different from prior passwords.
  • Not contain your name or user name.
  • Not be a common word or name.

Other Resources:

Tips for Cleaning & Securing Your Website
How do I protect my website from malware
How to Protect a Website From Malware
How to get rid of code injected Malware on your website
How to Protect Your Website from Malware and Virus Attacks
How to Identifying removing and preventing malware WordPress site
5 Powerful Anti-Malware WordPress Tools

If you have any issue with your WordPress powered Website ask us on Wparena’s Facebook page.

WordPress Shortcode with loop, meta, category, pagination, Gallery and Plugins

With shortcode it is possible to display complicated codes or function result every where in your WordPress  Theme like  in widgets, excerpts, comments, theme files, user descriptions, and category/tag/taxonomy descriptions. According to WordPress support’s site “A shortcode is a WordPress-specific code that lets you do nifty things with very little effort. Shortcodes can embed files or create objects that would normally require lots of complicated, ugly code in just one line. Shortcode = shortcut [shortcodes].

Shortcodes were introduced in WordPress 2.5, and allowed the Gallery feature allows the option to add an image gallery to a Post or Page on your WordPress blog. but now you can us shortcode for your theme by using WordPress plugins and can create your own function to display requires result. I was working on my client web site and was required to display one category post on a specific page, I tried few plugins but did not get the proper result so one of blog fellow have given a solution on Simple Recent Posts Shortcodes for WordPress, which help me a lot and here is my code for The Corporation WordPress Theme:

<?php
function my_recent_posts_shortcode($atts){

global $post;

$myposts = get_posts(“showposts=5&category=32″);
foreach($myposts as $post) : setup_postdata($post); ?>

<img width=”120″ height=”120″ <?php the_post_thumbnail(); ?>
<div class=”latest_news_box”>
<h3><a href=”<?php the_permalink() ?>” rel=”bookmark”><?php the_title(); ?></a></h3>
<p><?php the_content_limit(520); ?></p>
</div>
<?php
endforeach;
}
?>

There are different requirement to display content on your blog, Kevin Chard have wriiten lot of usage of shortcode on his blog. You see shorcode usage on the following link: wpsnipp/shortcode. and  , the Founder and editor of WP-Snippets, explained in detail about shortcode usage on this link: Getting Started with WordPress Shortcodes (+Examples).

WordPress Plugins for Shortcode


Slider gallery shortcode

This plugin creates a new shortcode for WordPress. With this new shortcode, you can create a slider gallery in seconds just by typing [slider] while you’re writing your post or page. The slider will display the images that you have uploaded to the current post or page.

If you need more options, this simple shortcode features multiple attributes that you can set. You can:

  • add controls to go back and forward through each slide
  • select an specific transition between images (fade, zoom, scroll, curtains, grow, toss and many more)
  • show the image title
  • set the size of the images displayed in the slider
  • wrap the image with a link to the image file
  • adjust the transition speed
  • set the pause between transitions
  • set the initial delay before the first transition
  • exclude some selected images.

TitanEditor – The Shortcode Editor On Steroids

Features

  • Drag and drop Functionality – Drag, drop, move or delete your short-codes until your satisfied.
  • Page template Manager – No more messing around inside your default pages and posts, create your own page templates filled with short-codes.
  • Button shortcode editor – Create as many button styles and shapes you want.
  • Most common shortcodes included – Buttons, tabs, accordion, toggle, slider, images, columns, lists, message boxes, video, quotes, separator, blog elements, galleria and pre/code
  • Quick fill – After adding your columns your able to fill them all by just one click.
  • TitanEditor Page Attributes – After creating your page template and you’ve filled and rearranged all components then just create a new page and select your page template from the TitanEditor Page Attributes window and your done.
  • Clever editing – Not happy after seeing your freshly baked page, then just select the template through TitanEditor and edit it, TitanEditor remembers where you have left and opens the page just as you left it.
  • Screencasts Included – Watch the videos for full instructions on how to use the editor, once your used to it you never return to the wp-editor ever again.
  • Blog Post compatible – Your also able to create a nice looking blog post that looks different then any other blog post. Just create a page template ad your content through the editor and assign this page template to that blog post.
  • Editors Option Panel – A option panel from where you can enable or diasble the stylings, so if you want to use your own then you only need to disable it.

Tabbed Content Shortcode

A clean, easy to integrate, reusable tabbed content area for your WordPress themes!

Features

  • Reusable , add as many as you want on the page!
  • Easy to use, activate and copy-paste the sample shortcodes to begin
  • Auto sizing on a tab by tab basis
  • Help and information admin page
  • Easy to integrate into any design

SWS: Nivo add-on for Styles With Shortcodes

Styles with Shortcodes is a great plugin that makes life easier using WordPress whether you are a seasoned developer, designer or just a normal user!

Live preview | Detail

Shortcodes Ultimate

With this plugin you can easily create buttons, boxes, different sliders and much, much more. Turn your free theme to premiun in just a few clicks. Using Shortcodes Ultimate you can quickly and easily retrieve many premium themes features and display it on your site. See screenshots for more information.

Detail

Display Posts Shortcode

The Display Posts Shortcode was written to allow users to easily display listings of posts without knowing PHP or editing template files.

Detail

Category Post Shortcode

This plugin allow you to display post list in your page or post by using shortcode.

Detail

List category posts

The shortcode accepts a category name or id, the order in which you want the posts to display, and the number of posts to display. You can also display the post author, date, excerpt, custom field values, even the content! The [catlist] shortcode can be used as many times as needed with different arguments on each post/page.

Detail

Category Shortcode

This plugin creates the [Category]] Shortcode. The code takes 5 arguments:
number: the number of posts to display. 0 equals the default number. -1 equals the total available.

Detail

Available shortcodes for WordPress Hosted Blog


Miscellaneous | Video | Images and Documents | Audio

Detail

How to Hide or remove the WordPress Upgrade Message in the Dashboard

It is very important to keep up to date your WordPress because of security threats, specially now a days due to its popularity. Although WordPress function pop you up all the time for new update version to automatically update it or through providing download link at the top of WordPress admin panel, as well  a link on the update page where you can automatically install the new available version.

In case, you are using WordPress for your client or have made lots of customizations on core WordPress files, then might not want this message to displayed, because it will overwrite all the files and client site will lost all the changes.

So there are few option to hide it from dashboard through some function adding in function.php file, by using  WordPress plugin to hide this message and manually removing the code from WordPress core file. Different bloggers had provided the solution on their bog like like as follow:

1. Just Open functions.php file from wordpres theme and put following code in that file: (from wordpressapi)

add_action('admin_menu','hide_update_message');
function hide_update_message()
{
remove_action( 'admin_notices', 'update_nag', 3 );
remove_filter( 'update_footer', 'core_update_footer' );
}

2. All you have to do is simply open the theme’s functions.php file and add this: (wpbeginner)

add_action('admin_menu','wphidenag');
function wphidenag() {
remove_action( 'admin_notices', 'update_nag', 3 );
}

3. To get rid of the “Please update now” message in your WordPress dashboard, simply paste the following code on your functions.php file. (wprecipes)

if ( !current_user_can( 'edit_users' ) ) {
  add_action( 'init', create_function( '$a', "remove_action( 'init', 'wp_version_check' );" ), 2 );
  add_filter( 'pre_option_update_core', create_function( '$a', "return null;" ) );
}

4. You can optionally put this code with a condition so that the update message will only be shown to the site admin or other user roles depending of the if-statement in the code snippet below. (fredrikmalmgren)

function hideUpdateNag() {
    remove_action( 'admin_notices', 'update_nag', 3 );
}
if ( !current_user_can('activate_plugins') ) {
    add_action('admin_menu','hideUpdateNag');
}

5. Removing the update message is very straightforward to do – simply add the following lines of code to your functions.php file:(vooshthemes)

remove_action('wp_version_check', 'wp_version_check');
remove_action('admin_init', '_maybe_update_core');
add_filter('pre_transient_update_core', create_function( '$a', "return null;"));

All the above almost do the same thing, If still not satisfied requirments you can use WordPress Plugin to hide “WordPress Upgrade Message” from users and clients dashboard.

Hide Update Reminder

This plugin allows you to hide the update WordPress reminder from all users that are not assumed Administrators (cannot upgrade plugins).

If you have multiple users then this means those who are not admins don’t need to see the message. Useful for CMS based sites, so the client doesn’t see the notice.

Detail

If you want to display notifications to your user when you update something or when you wish to make an announcement. The plugin
WP update notifier” is simple yet effective and extremely usefull.

Disable WordPress Core Update

Completely disables the core update checking system in WordPress. The plugin prevents WordPress from checking for updates, and prevents any notifications from being displayed in the admin area. Ideal for administrators of multiple WordPress installations.

Detail

Free & Professional WordPress Security Service Free & Professional WordPress Security Service

We Love WordPress. WordPress Arena is a place for WordPress Developers and Designers, providing Tips, tricks, tools and resources to build a website or blog on WordPress. We also present The WordPress Showcase for all kind of WordPress Powered Websites.


Copyright © 2014 WP Arena All Rights Reserved

Divi WordPress Theme