Matt contacted us with a very concerned tone: “All my websites are hacked. I’m using Sucuri, but they keep on getting infected. I don’t know what to do. Google can deindex me if this continues. Can you help?”
Most website owners ignore the issue of security… until it’s too late. Some think that installing a security plugin will do the trick. Some more cautious people will subscribe for Sucuri. But unless your security is set up by a professional, chances are you’re completely out in the open, and all it takes is for a web crawler to discover your WordPress site and attack it with a battery of pre-programmed attack strategies. If this happens, and you’re not protected, your site will be hacked. No question about it.
Matt is a great guy. A decent, hard-working, honest man who tries to take a piece of the online cake. He hosted half-dozen websites on a single hosting account (hosting provider is irrelevant here, so I’m not mentioning it so that you don’t jump to the wrong conclusion that XYZ Host is bad).
Matt’s sites were infested with PHP code injections and automated, plugin-based security cleanups or Sucuri had no chance of cleaning this up. The WP-Admin folder was infected, and about half-dozen files had code injections on all his websites. So we had to go through all of the files, manually remove the injected code, on all the sites. A MAMMOTH task.
We’ve battled with the infection for about a week, cleaning up the files, closing up loose ends, changing file permissions, etc. After we’ve cleaned up the sites, we installed security plugins (the right ones) and configured them properly so that Matt’s sites are finally secure. It’s been over 8 months now, and Matt is at peace. No hacked websites. Although his sites constantly get hit by hacking scripts. But properly set defense parameters to keep junk off his sites.