Not long before Thanksgiving, a client had their site hacked. While I am far from an Internet security expert, I do understand that WordPress sites have numerous exploits, especially in the plug-ins and always take extra security measures such as installing Wordfence, adding a second layer of protection to the WP-admin and using strong passwords. 99% of the time if you've done those three things your site should be relatively secure or so I thought!
I managed to remove the malware several times, but it kept on getting re-infected. I could not understand why. Finally, I became aggravated enough and ignored the red screen you see above and went into the WP admin and upgraded to Wordfense Premium. Ironically, this was where I screwed myself. Even with the additional security added it still kept getting re-infected.
The problem was not anything I neglected; her site was on a shared host. You might not know what a shared host is. If you are using any of the most common hosts such as GoDaddy, hostgator, etc…you are on a shared host! Though most shared hosting companies will not admit it, you can be a victim of your neighbors mistakes.
I finally became aggravated enough to hire a security expert to come in and fix the problem. I thought my troubles were over, But they had just begun.
Here is where it all goes sideways…
I thought the nightmare was over, until a personal website I was building got hacked an hour after I had registered the domain. Obviously, somebody had access to my email. I then had to go through the onerous task of changing every password to every online account. I thought I had stopped the bleeding but then…
Saturday, I started to get alerts from my bank and credit card companies that someone was using my card to to run $500 purchases out of Walmart in Florida. I had to cancel all of my cards in the middle of a holiday weekend and now didn't have access to any cash.
If you've read this far, you might be thinking the same thing my client was. How would I stop this again?
I wondered the same thing myself. Was my only choice to use expensive dedicated hosts? Then, on December 12, 2015, WP Site Guardian was released. I found out about it, by watching a video the developers of the software made of a live hack on a WordPress Site by simply inserting some code into the comments field.
Watch this same video here…
The problem is not in WordPress itself; they constantly update to close exploits as hackers find them. If you have a WordPress site, I highly recommend that you update every time.
The problem is in the plug-ins and themes because WordPress is open source anyone can write an extension. WP Guardian would not have helped at the time because it was not available. When it was, I gave it a test run on one of my sites I believed to be safe and was shocked by the number of vulnerabilities it found. The fact is, anyone can write a WP plug-in and complete amateurs write many. On the opposite end of the spectrum, the more popular your plug-in is, the more people are trying to hack it.
WP Site Guardian finds, identifies, quarantines, and fixes any security holes you have in your WordPress site. It makes plug-ins that I thought that are the industry standard such as Wordfence look like a joke! At $27 for a single site license ($10 less than Wordfence Premium) and $37 for the multi-site license, it is a steal.
I am recommending this product so highly because had it been available at the time, it would've saved me thousands of dollars, gave me back a holiday weekend, and I still wouldn't be scrambling to change all my credit card info!
In summation, WP site guardian will soon become a necessity in any Webmasters Toolkit that is serious about the security of a website they control. I use it on this site, every other side I own and I install it on my client sites. Sure, it costs a couple of bucks for a license but now I sleep good at night, and you can not put a price on that!