Frequently Asked Questions

About Application Security Compromises

Print this Article
Last Updated: July 21, 2015 1:58 PM

There are a few common ways that your website, or Web application, can be hacked, or compromised. Web applications such as WordPress®, Joomla!® and Drupal®, can be compromised by security vulnerabilities or by someone guessing your password. Hackers who compromise your website can then use it for malicious activity, such as spreading malware or directing visitors to other sites.

How to Know You've Been Compromised

Often times, when your site's been compromised, there are no obvious indications; the following signs can help you determine if you've been compromised:

  • Your visitors' browsers warn them that your website might harm their computer when they visit your website
  • Your website is listed as suspicious with Google Safe Browsing™. You can check your website's status at google.com/safebrowsing/diagnostic?site=[your domain name]

What to Do After a Compromise

Begin by removing the malicious files listed in the individual compromise's article. You can do this via FTP (more info) or your control panel's file manager (more info).

You should review all directories and consider their function versus the file types they contain. For example, you might want to more carefully review .php files if they appear in an images directory. Those aren't image files, so they probably don't belong in that directory and are often times malicious files.

If you have a backup of your site and database that was created before the compromise and does not contain malicious content, we recommend using these backups to restore your site to a known un-compromised state (more info).

If you don't have a backup, you should review all of the site's content for malicious scripting, particularly files that have been modified since the day of the compromise.

For your database, you should look for entries created after the date of the compromise, as well as keywords that are common to comment spam, including Viagra, Cialis, payday, and cash.

Make sure you also update your application to the latest version. Keeping your application updated greatly improves the security of your website.

Lastly, you should change all of your hosting account's passwords, including the application's admin password, FTP password (more info), and database password (more info).

Preventative Measures

Update all of the application content, including:

  • Application version
  • Themes/components
  • Plugins/modules
  • Removing unused themes and plugins

Perform regular anti-virus scans on your computer to make sure it doesn't have any malicious content on it, such as keyloggers, which can give attackers access to your passwords.

Use strong passwords (more info) and rotate them regularly.

Look for security-enhancing plugins that:

  • Enable a two-factor authentication system
  • Notify you if any of your website's files change
  • Lock your administrative account after too many failed login attempts
  • Notify you when updates are available