-
Don't even waste your time on googlefaker.
Google's tool, for all its shortcomings, can do things that others can't, such as detecting that images on a site are displayed in the wrong size. this is when a 1000x1000 image is displayed as a 100x100 thumbnail, compressed by the browser to 100x100.
I literally the other day repaired a crooked subject of the client on this occasion. there, miniatures 110 × 82 were displayed in the sidebar - but the original, full-sized pictures were stuffed there.
Plus, what other tool will show you that your images are highly unoptimized? when png file you can compress from 500kb to 45kb without quality loss - this is very important information.
Well, why are you advising nonsense again?
and now show me what other tool can be used to identify such obvious website shoals?
https://i.imgur.com/tOZcemv.jpg
https://i.imgur.com/fEarWYT.jpg
and so on.. I hope that's enough.Flector, If you used normal tools (and did not consume different Google fakes) - these questions simply would not exist.
All of the above provide information 3 orders of magnitude higher and more useful than this Google fake. Really relevant and useful information.All of the above provide information 3 orders of magnitude higher and more useful than this Google fake. Really relevant and useful information.
I do not like the tool from Google, at least because it own services they are not guided. but he shows the obvious things like pictures perfectly. well, there is also gzip, browser caching, etc. - that is, the most obvious.
and I prefer to watch Google, since only its assessment is important. what difference does it make what third-party services will show if Google will still be guided by its own assessment?
Check yours, where the pictures are incorrectly inserted. What are the problems?
I hardly managed to find something similar to take screenshots.because only his assessment is important.
Who cares? Just don't say that to Google 🙂
And yes, an estimate. getting 100/100 is no problem. But for the site, this is a disaster.
And yes, an estimate. get 100/100 - no problem. But for the site, this is a disaster.
Well, you slipped Google a 503 error, what's the point?
this is not a solution to the problem.And yes, Google scores are important.
I don’t know how much, they don’t disclose such numbers - but it would be stupid to make a service on which nothing depends, right?PS Yes, and even if Google does not care about its own assessment - this is first of all necessary for the webmaster himself, and not for Google. if the webmaster does not have gzip enabled, browser caching and images are not in their size, this should be fixed.
and there is no need to fix what Google does not consider important (I'm talking about ratings of other services) - just Waste there will be time.
And yes, Google scores are important.
Learn how to analyze output.
but it would be foolish to make a service on which nothing depends, right?
I'll tell you a terrible secret - Google services (and not only Google) have long been made not for people. How many services of the same Google have sunk into oblivion? How much was really useful, and then disappeared? Long gone are the days when Google did something for people. Bigdata, yes.
this is first of all necessary for the webmaster himself,
For a webmaster, there are really useful and necessary things. And there is nothing to waste time on different trash. (if you haven't noticed - they also show google parrots)
what a magical excuse - learn to analyze the issue.
ok - I will also answer you - learn to analyze the issue. all other things being equal (absolutely the same ranking factors - from links to PF), the first site in the search results will be the site with the highest rating from Google.
don't believe? well, your right.
it still won’t work to test this - there are no equal sites.in any case, it doesn’t matter - because the optimization is done not so much for Google, but for your own visitors. as with the same pictures, when the webmaster inserts a 5Mb picture as a thumbnail.
what is the meaning of that?
In the "importance" of Googleparrots.
what a magical excuse - learn to analyze the issue.
direct argument for all occasions.If you say something about PS, it is extradition that is the only true proof.
to test this all the same will not work - there are no equal sites.
And are they different? You can’t even check Google parrots at sites from the issuance? There, 50 and even 30 are quite in the TOP10.
it's just one of thousands of ranking factors. that's why I talked about "equal" (not different) sites - only in this case you can make sure that the Google parrots work.
Facebook may have a score of "0" for Google parrots - but it will still be TOP1 for the query "Facebook". it's kind of obvious.
Google PageSpeed Insights has only one advantage - a separate search results analysis for desktop and mobile, otherwise it is bad in the same way as an eternally dissatisfied grumpy wife )
It is full of analogues, the problems of the configuration site are analyzed by many services,
I deliberately did not give a link to Pingdom at the beginning of the topic, for example, I like Webpagetest more, the difference is only in the way the result is presented and subjective convenience.
Badly shrunk pictures are also found by many, the only question is, throw off 10 parrots and give out what - the pictures on your site are not at all optimized due to 1 byte difference ...
Take the same GTMetrix , there is an estimate for the PageSpeed algorithm and Yslow,
moreover, a site with 95% PageSpeed can be “bottom” unoptimized on Insights, this is really their problem and they make it a problem for others, especially for those who cannot analyze the meaning of the ratings and the results.
The site is good, optimized, but on G PS I - “oh, everything is bad”do you really think that these same “google parrots” are the most important ranking factor in the world?
I think they are parrots. They don't provide any useful information. And to the download speed in general, no sideways (what kind of pagespeed? From the very name of the service - a fake). The speed is not measured in Google parrots, but in bps.
As for ranking - if the sites in the TOP10 have 30 google parrots, then what is the point of them at all?
Something like that.only in this case can you be sure that the Google Parrots are working.
Not parrots work, but all factors. 90% of which are not in this goofeyka, and 90% of what is there is bullshit.
The only benefit from it for lamerv is that you can download optimized graphics. But only graphics, not styles and scripts.
- The topic ‘Check website for errors’ is closed to new replies.
As one of the most popular platforms, WordPress is attacked by trojans from time to time, injecting malicious code etc.
There are several articles about created with help WordPress. They also contain information on how to clean your resource from malware. This topic is so relevant and critical that its constant discussion will not only not harm, but will also benefit the owners of various sites.
Beginners in creating sites, who have just started using various CMS for work, are rather not weakly frightened when they discover that their resource has been attacked by viruses. Trying to restore the normal operation of projects, they make various mistakes, which ultimately aggravates the situation and in some cases leads to the loss of data or necessary files. In this article, we will tell you how to study current threats, detect them and clean the site of viruses without harming your data and content.
Do backups regularly!
Before we start discussing WordPress hacking, it is essential to discuss backups. If you use WordPress and plan to have a large number of visitors, you simply must get in the habit of backing up your blog regularly. Save all content, settings and databases to be able to fully restore all files. This will not take much time, but it will help to avoid serious problems in the future.
Which is better: site restoration or timely detection of a virus?
If you use certain utilities to create backups, for example, you have the ability to restore the project to its original state. However, I don't think it's a very good idea. Taking advantage of creating backups without finding and removing malicious code will not solve the problem, your site will still be left in a vulnerable state. So that best solution will find the virus, get rid of it, restore the site itself and subsequently close the vulnerability.
Malware detection
Malicious software is content that is distributed with the intent to harm or obtain your personal information. This malicious code can be spoofed or inserted into design elements, plugins, files, or a database. If the site has been hacked, malicious software can also get on the computers of visitors, redirecting them to various resources that also contain other viruses, or simply open the necessary sites through frames from your site. On the this moment There are many different variations of hacking, both WordPress engines and any other sites.
Search for infected pages
You can start your search by browsing the pages for malicious malicious code.
- Is it visible on all pages?
- Does it appear on certain pages or posts?
- Where exactly does the malicious code appear? Is it in the footer, in the table of contents, somewhere in the content, or in the sidebar?
The answers to these questions will tell you exactly where to look for the problem.
Check design elements and plugins for malicious code
The most commonly infected objects are themes and plugins. You can start searching for code by checking the active theme (currently in use) for malicious code. If you have added any themes other than the default one, check each one.
by the most in a simple way The check is to copy a backup copy of the entire theme directory to the local computer, then delete the entire theme folder from your server. Then, download the default theme for WordPress called TwentyEleven from the official source and upload it to the server. After completing all the procedures, check the site - if the code of the attackers has disappeared, then the problem was in one of the design themes.
Now, you can find the malicious code in the old skins folder by opening each one in turn in text editor. Scrolling through the code, you may notice a suspicious-looking part of it and get rid of it. There is also an easier option - you can simply download a new copy of the active skin from the developer's website.
Imagine such a scenario that you could not find a virus in your templates. Then, the next step is to search for it in the plugins you use. In this case, the same method that is used in the case of themes is suitable.
Create a backup copy of the plug-ins on local computer while deleting them from the server. Next, check your site for malware and see if it has disappeared. If the problem is solved, then it was in one of your plugins. Download fresh copies of the plugins that you have and enable them one by one. In the event that the virus reappears after downloading and installing new copies, remove the infected plugin from your server.
The best ways to secure your themes and plugins are:
- Remove unused plugins and themes.
- Make sure you download themes and plugins from a trusted source.
- Always download updated versions of the themes and plugins you use.
- Unused themes and plugins downloaded from various torrents and unofficial sites.
How to detect malicious code embedded in WordPress itself:
If you have checked the themes and plugins you use and the infection is still present on your site, the next step is to check the core WordPress files. Again, the method used in cases with themes and plugins will help here.
First of all, back up all the necessary files (for example, the wp-config file, the wp-content folder, as well as the .htaccess and . files). After that, delete all files from the server, download the new engine archive and upload it to the server. Fill out the wp-config file with the required information. After that, check the site for viruses, if they disappear, then the problem was in the portal itself - the main engine files were infected. Restore the necessary content from a backup: images, various video or audio files.
How to protect core WordPress files from infection:
- Make sure the permissions are set to 644 on all files.
- Do not change or move core files.
- Everywhere use only complex passwords- to FTP, Database, WordPress, etc.
How to detect a vulnerability in the database WordPress data:
The next step is to check the databases. First of all, make sure you have a database backup. If you regularly create backups, you can restore it to its original form quickly and without problems, but the first thing you need to do is make sure that the vulnerability is in the database.
Download and install the plugin for finding exploits Exploit Scanner. Run the plugin and crawl the site. The Exploit Finder Plugin will scan your database, core portal files, plugins, and skins for suspicious code and return the results when the scan is complete. Once the scan is over, you will need to take a look at the results. In the scan report, you will find a large number of false threats and warnings, so read the log slowly and carefully. The scanner does not remove anything, so once you find malicious code, you will need to manually remove it from the database.
- If you have not backed up your database before, do so even if your site has been attacked and infected.
- Having an infected database is in any case better than having no backups at all.
Copy the suspicious-looking code from the scan log, if any is found by the exploit scanner, and run the query through mysql as if the site is running normally and the query was made through phpmyadmin.
Based on where the suspicious code is inserted, for example, articles, comments, or any sections, you will need to insert it into the newly created database and see what happens in the end. If there are not so many suspicious points in the scan results, you can safely edit the fields manually, removing unnecessary code. Otherwise, if there is too much suspicious code in the database, you might want to use the Find and Replace option, but this method quite dangerous, and if you are not sure, there is a risk of losing important data.
We went through all the points, and you ran out of ideas where to look for the problem?
I think that most people can easily detect, study and remove a virus if their site is attacked and infected. But, nevertheless, detecting a virus in certain cases can be quite difficult. Just in case you've tried all the methods above and still can't find what exactly the problem is, you can always turn to WordPress security experts - who can easily clean your site of viruses for a fee.
Finding the right security specialist for WordPress products
There are many freelancing websites where you can offer a reward for helping solve a problem. Before the final selection of a candidate, pay attention to the reviews and awards that he has received, and choose the most experienced and competent. You can also post offers on popular SEO forums or freelance exchanges. Be sure to make sure that the person you are hiring has a good reputation, references and work experience.
Conclusion
WordPress sites are as secure as possible. As a site owner, it is your responsibility to monitor the status of the site, use the most up-to-date methods to protect against possible threats. Use complex passwords, regularly check access rights and create backups, clean the site from unnecessary information in a timely manner.
On the Internet, you can easily find great amount a variety of resources with various templates and themes for wordpress, in most cases they are free and you can often find various viruses and other unpleasant code in them that will have a bad effect on your seo, and this can also become a serious threat to your site. The template you choose may also contain the code of advertising links of various exchanges and you won’t even know about it until you check your template for viruses and other rubbish, because most of the malicious links will be encoded and you won’t immediately determine by eye where exactly such code is located.
Usually such a left code is installed in the index.php, footer.php files, but you should not confuse them with regular links, when the topic author leaves them open and they are visible when viewing the topic, they do no harm to anyone, you can simply delete them or leave them, it's up to you to decide. The only thing you will need to do is close them from indexing so as not to once again attract the attention of search engines, since links are now very severely punished and lowered in the search results, especially if you have a young site.
If you are already a more experienced webmaster and understand html basics and php, then be sure to check the main files after selecting and installing your template on the site, for this they usually use the “notepad” program, there are times when they simply insert open links there, which are also absolutely not needed on your site and they must be followed delete. Then you should check your theme with such a wonderful plugin as TAC (Theme Authenticity Checker) its function is to search for malicious links and dangerous code, moreover, if you find such a link or code, then this plugin will automatic mode will show you this code so that you can easily find it and remove it.
Check and remove malicious code using the tac plugin
To get started, install it on your site, to do this, open the "plugins-add new" menu, enter the name and click install. Click activate and the installation will be completed. Next, go to the menu "appearance-TAC"
After that, you will see all your themes and the plugin will give you information whether or not your templates have various malicious viruses or an encrypted code, if everything is in order, you will see the inscription “Theme OK”, which means that the plugin did not find something serious. As you can see from the snapshot, the theme turned out to be absolutely clean and there are no even simple static links in it.
If your template contains static links, then you can see them, to do this, click "Detalis" and you will see the link code.
This is how your templates are checked for viruses, as you can see from the example above, the topics turned out to be without any extra codes, if any malicious code comes across on your template, you will see a red inscription, after that you will need to go through all malicious files and completely remove the code output by the plugin.
It is very important to download only themes from official sites, one of such wordpress.org there you will find high-quality and clean templates for your sites on any subject. Also remember to keep your theme up to date and check the code from time to time.
Often our users ask if there is a way to check their WordPress site for potentially dangerous code. The answer to this question is: YES, YES and again YES. There are both paid and free tools to scan your WordPress site for potentially dangerous or unwanted code. It is always a good idea to do regular checks on your site by scanning for malicious code. In this article, we will show you several ways to scan your WordPress site for potentially dangerous code.
Theme Authenticity Checker (TAC)
Theme Authenticity Checker is a free plugin that will check all your WordPress themes for potentially dangerous or unwanted code.
Often hackers aim to hack topics to inject links into them, so a plugin is a great way to check for them.
Exploit Scanner
Exploit Scanner - another free WordPress plugin, which is more powerful than Theme Authenticity Checker as it allows you to search all files and database of your WordPress installation for malicious code. It looks for signatures that match malicious code and detects them.
Note: a certain number of false positives are possible, so it is necessary to understand what you are doing and determine whether it is really malware or if everything is in order.
Sucuri
Sucuri is one of the MOST best scanners security for WordPress in general. They have a simple free site scanner that checks your resource to see if everything is in order with it. However, the paid version is far superior to the free version in terms of its capabilities. In short, after you install Sucuri, it automatically monitors your website 24 hours a day, 7 days a week for malicious scripts. It audits site-wide activity to let you know in time if anything goes wrong. If something seems suspicious, Sucuri blocks the IP. The plugin also sends you a notification if any suspicious activity starts on the site. And finally, the plugin offers malware cleanup, and this service is included in the price of the service (regardless of whether your site is large or small).
For our projects, we have chosen a plan for 5 sites, which costs about $3 per site per month. It makes sense to pay $3 per month and not worry about the security of the site.
By the way, the service is not only for beginners. Big publishers like CNN, USAToday, PC World, TechCrunch, TheNextWeb and others use Sucuri. These guys know what they're doing and that's why people trust them with their sites.
For all questions and feedback, please write in the comments below.
Do not forget, if possible, to rate your favorite entries with the number of stars at your discretion.
Before you figure out how to clean up a WordPress site, you need to understand what, in fact, we will be dealing with. In a broad sense, the term “virus” refers to malicious software that can cause some kind of damage to the owner of a web resource. Thus, almost any code embedded by attackers into engine scripts can be included in this category. These may be hidden links leading to pessimism in search results, backdoors that provide a hacker with admin access, or complex structures that turn the site into a zombie network node, and even a bitcoin miner. We will talk about how to identify and eliminate viruses of various calibers, as well as protect against them.
Many of the tips mentioned in previous articles can protect the site from infection. For example, “infection” can be found in pirated templates and plugins, the complete rejection of such components is an important step in terms of security. However, there are a number of more specific nuances.
1. Install a reliable antivirus
A malicious program can be introduced not only from the outside - the computer from which the project is administered can be the source of infection. Modern Trojans can not only steal the FTP password, but also download the executable code on their own, or modify CMS files, which means that the safety of your web resource directly depends on the security of your working machine.
The IT market offers many antiviruses. However, the most smart choice- products of large companies:
● Among domestic products, the leading positions are occupied by the proposals of Kaspersky Lab and Dr. Web.
● Among foreign commercial solutions, one can single out the Norton line from Symantek Corporation and the popular ESET NOD;
● Speaking of free options, then Avast and Comodo are unconditionally leading.
2. Scan the site using online services
If suspicious activity is detected (engine errors, slowdowns, pop-up windows and third-party banners), the simplest thing you can think of is to run the resource through an online scanner that can determine the fact of infection. The undisputed leader here is VirusTotal, located at virustotal.com. To use it, just go to the “URL-address” tab, drive in the link of interest and click on the “Check!”
After a while, the system will issue a report with the following content:
It should be clarified: VirusTotal is not an independent project, but a kind of aggregator virus scanners. In this regard, it becomes possible to check WordPress for viruses simultaneously in 67 systems. The undoubted advantage is a detailed report, which provides data on all supported services. After all, antiviruses are very fond of sounding a false alarm, so even if the detection rate differs from the ideal one (for example, 3/64), this does not mean that the resource is infected. Focus, first of all, on large players (Kaspersky, McAfee, Symantec NOD32 and others), small offices often define certain sections of the code as dangerous - do not take this seriously!
3. Use Yandex.Webmaster
You probably noticed that some links in the search results are supplied with a warning message: “The site may threaten your computer or mobile device". The fact is that the search engine has its own algorithms for detecting malicious code, notifying users of the potential risk. To be aware of what is happening and be the first to receive notifications, it is enough to register in the Webmaster service. You can view all the necessary information on the “Security” tab:
If a threat is detected, information about infected pages will be displayed here. Unfortunately, a selective check of WordPress for viruses is not possible - Yandex performs scanning on its own, moreover, not all uploaded web documents fall into the sample, but only a part of them, determined randomly.
4. Check Google Reports
The most popular search system in the world offers an even simpler way to monitor - just follow the link google.com/transparencyreport/safebrowsing/diagnostic/?hl=ru and enter the address of the site of interest in the appropriate field. You will receive comprehensive data on the resource, and see if Google has any claims in terms of detecting malicious scripts:
How to clean a Vodpress site from viral links?
Let's move on from general recommendations to specific ones. Let's start with common variants of malicious code - the introduction of extraneous URLs and redirects to the target web resource. Unfortunately, black hat SEO is still popular, which means that hackers are not sitting idle, since this task is one of the easiest. Let's sort it out in order.
1. Redirect to third-party resources
Imagine the situation: you go to your own website, but you are immediately transferred to another “leisure” catalog or a landing page offering to make money on Forex. This almost certainly means that the web resource has been hacked, and a few new lines have appeared in .htaccess. Treatment is elementary: open the file, find the directives containing the address to which the redirect is going, and then delete them. So, for the conditional malwaresite.com, the necessary constructions can be as follows:
| < IfModule mod_alias. c>Redirect 301 https: //site/ http://malwaresite.com/ |
| < IfModule mod_rewrite. c>RewriteEngine On RewriteBase / RewriteCond % ( HTTP_HOST) ! ^texeo\. su [NC] RewriteRule ^(.* ) http: //malwaresite.com/$1 |
A more sophisticated option is a permanent redirect written in PHP. If you checked and didn't find anything suspicious, the problem is most likely in the index.php file. Redirection here is done by sending the necessary headers to the visitor:
include("redirect.php"); exit();
Remember - there are no such fragments in the original index.php, so you can safely delete them all. Also find and eliminate the include file (in our example it will be redirect.php located in the root folder).
A more tricky move is a redirect for mobile gadgets. Accessing your resource personal computer, you will never detect the fact of infection, however, users of smartphones and tablets will be unpleasantly surprised when they get to another page. Such a redirect can be implemented:
1. .htaccess
The simplest way, which is easily calculated. The device is determined by the presented User agent. It might look like this:
| < IfModule mod_rewrite. c>RewriteEngine on RewriteBase / RewriteCond % ( HTTP_USER_AGENT) ^.* (ipod| iphone| android) .* [ NC] RewriteRule ^(.* ) $ http://malwaresite.com/ |
2.PHP
Similarly, a redirect is implemented in PHP. The construct below can be found in the index file. Again, do not forget about the ubiquitous include:
| "/(android|bb\d+|meego).+mobile|ip(hone|od)|blackberry|zte\-/i", substr ($uagent , 0 , 4 ) ) ) header ( "location: http://malwaresite.com/") ; ?> |
3.JavaScript
Here comes the screen resolution check, if the width is 480 pixels or less, the visitor is redirected to a malicious site. If your project uses a similar method, be sure to check this block for address changes.
| < script type= "text/javascript" >if (screen.width<= 480 ) { window. location = "http://malwaresite.com" ; } |
2. Check outgoing links
However, the redirect is too rough and explicit way. Much more common is the injection of URLs hidden by CSS and other methods. What you can't see is almost useless to fight. However, by using the awesome Xenu Link Sleuth utility, you can evaluate your WordPress link profile. The latest version of the program was released in 2010, however, it is still relevant to this day, and even works great under Windows 10.
With Xenu installed and running, click File - Check URL. You will see a window:
Here it is enough to enter the project domain, and click OK. It is also possible to add filters by mask:
● Consider URLs beginning with this as 'internal' - consider addresses containing the specified fragment as internal;
● Do not check any URLs beginning with this - allows you to exclude certain links from checking (for example, if you want to see only outgoing links, enter the site domain here).
Upon completion of the procedure, the utility will offer to check WordPress for the so-called orphan files - web documents that do not have a single URL.
If you answer in the affirmative, a data entry window for FTP authorization will appear:
This function can be useful if the site is old and has undergone a lot of changes during its existence: it can be used to clear the directories of “garbage”. However, we are more interested in the scan results:
Thus, if there are viruses on WordPress that cause hidden URLs to appear, Xenu will help to detect the fact of their presence. The only question is how to proceed.
3. Search and destroy
Let's imagine that Xenu found active links to a hypothetical malwaresite.com. How to find and remove them? Sometimes the task is extremely simple. Non-professionals act rudely, limiting themselves only to hiding the URL from prying eyes, but the address itself can be written explicitly in the code. The following options are possible:
1. Placement of the url in the footer instead of copyright;
2. Using the orphan files described above (for example, an html document is loaded into a directory with images - search engines can also index it);
3. Manipulating Cascading Style Sheets:
● text-indent: -9999999999px/position: absolute; left: -9999999999px - move the link outside the display;
● display:none/visibility:hidden - make the text invisible;
● font-size: 1px; - single-pixel URLs that cannot be seen.
To find and remove a virus from a WordPress site, it is enough to scan the entire engine for the presence of a line containing “malware.com”. On Windows, this can be done using the free file manager Unreal Commander:
1. Upload all project files to a local folder on your computer using FileZilla, as described in the previous article;
2. Launch Unreal Commander and click the spyglass icon to enter the search interface;
3. Select the desired folder, check the "With text" field, enter "malwaresite.com", specify all encodings and click "Start Search".
The result will be a list of files in which the phrase was found. Now it remains to edit them by removing the lines of code responsible for displaying the link.
Using PHP Antivirus for WordPress
The cases described above are just the tip of the iceberg. A professional hacker can find a non-standard approach even to such a simple task as placing a hidden backlink. As a rule, you will not be able to find anything on your own, without the help of the appropriate software. Fortunately, such solutions exist, many of them, moreover, are free. Let's take a look at the most effective ones.
1. AI-Bolit
Probably the most popular antivirus product from Revisium. Available in two versions: to work directly on the hosting, and a local machine running Windows (compatible with 10, does not require installation). Unfortunately, the *nix version does not have a web interface and is only suitable for a VDS or Dedicated server, so we will analyze how to work with the tool on a PC.
1. Download the utility from the link revisium.com/kb/scan_site_windows.html and unzip it to any convenient place on your computer. Please note: the path to the directory should not contain Russian letters, so the easiest way is to place it in the root of the disk;
2. Inside the archive, you will see the following: a folder with the “aibolit” antivirus itself, “site” (here you need to copy the checked web documents, all of them will be scanned, regardless of the nesting level), as well as three bat files:
● start — for a quick check;
● start_paranoic - deep scan to identify any suspicious code fragments;
● scan_and_quarantine — the script will place all dangerous files in an archive.
3. To get started, double-click on any of the presented bat-files, depending on what result you want to get. The scan will start and generate the report AI-BOLIT-REPORT.html (can be viewed in any browser). In quarantine mode, it will be in an archive with suspicious scripts
Of course, there is actually no malware at all. And, as you can see in the screenshot, the developers themselves warn about the likelihood of errors.
2.Manul
In addition to monitoring, Yandex offers everyone to use a free antivirus of their own design. Written in PHP, Manul can be run on almost any web server and is compatible with most popular CMS. In addition, the script can not only detect, but also remove dangerous code. Below is a step-by-step guide to identifying and treating viruses.
1. Download the program at https://download.cdn.yandex.net/manul/manul.zip;
2. Unzip the archive to the root directory of your site;
3. Follow the link site_name/manul/index..php);
4. Create a password. The script has serious security requirements: the passphrase must be at least 8 characters long, contain capital letters, numbers and special characters.
5. Now you can start scanning by clicking on the button of the same name. You can also customize the script by setting the request interval. The larger this value (in seconds), the longer it will take to check. The coefficient can be set to zero, however, on low-power hosting, this can lead to a significant increase in response time, up to the unavailability of the resource.
6. After that, the check will start - do not close the tab before it ends!
7. When the scan is completed, a window will appear with a button to download the report. Click on it to download scan_log.xml.zip.
8. In another browser tab, open the analyzer located at https://antimalware.github.io/manul/. Click on the “Upload file” button and send the resulting archive for verification.
9. At this stage, we proceed directly to the removal of viruses from the WordPress site. A window will open in front of you, in which you can select operations on dangerous files (depending on the degree of threat, they are marked with a red, yellow, or green flag). The “Quarantine” button allows you to archive suspicious files, and the “Delete” button allows you to get rid of them forever.
10. Having completed the desired actions, scroll down the page and copy the code that appears in the “Prescription” field
11. Now return to the Manul tab, go to the “Treatment” section, paste the received code into the field that appears and click “Execute”.
https:="" lazy="" lazy-hidden="">
13. Upon completion of all procedures, a log window will appear on the screen. You can also download quarantined files, if available
3. Santi
A relatively young project designed to detect and eliminate viruses on a WordPress site. Currently, the product is in beta testing and is free, the only paid service is SMS notification of the owner about detected threats. In addition to the monitoring module itself, the script offers consumers many tools to eliminate the consequences of intruders' activities. But about them - later, first we will deal with the installation.
1. Download the distribution kit from the official site santivi.com. Unpack the contents of the archive into a folder previously created on the hosting in the root directory, for example: /var/www/website/public_html/santi_av
The above is a simple name, but it's best to use a random sequence of lowercase English letters and numbers.
2. Go to the antivirus page. In our example, the address will look like this: https://site/public_html/santi_av
4. At the first start, you need to configure the script by checking the automatically set parameters and making adjustments, if any. Also be sure to change the data for authorization:
5. Register on the product website, then fill in the "Personal information" section by entering the received SANTI ID, E-mail address and mobile phone (optional - needed for SMS distribution). Subsequently, you can turn on preferred notification methods on the “Informing” tab.
6. On the “Files and DB” tab, specify information for connecting to MySQL, and also select a method for backing up web resource files. The following options are supported:
● creating a local copy;
● Using an FTP server;
● Yagdex.Disk;
● Google.Drive;
● Dropbox.
7. After completing the above manipulations, click on the “Finish” button. If everything went well, the following will appear on the screen:
You can change the settings in the program section of the same name.
“Santi” has an intuitive interface and contains everything you need to effectively remove viruses from your WordPress site. The tools are divided into thematic sections. Let's consider each of them:
1. Home.
Here you will find the most necessary information about the protection status. From the notifications section, you can issue commands on actions to be taken with detected threats.
2. Autopilot
Allows you to configure the actions performed by the script in automatic mode. Among them:
● File Monitor - scans the integrity of web documents, except for dynamic ones (access logs, errors, etc.). Checks modification date, hash sum, appearance of new directories and files.
● Database monitoring - captures suspicious activity in MySQL.
● Backup - completely backs up the site at certain intervals, keeping a copy on the server or in the cloud storage. You can configure the settings through the appropriate tool in the “Utilities” section (there is a possibility to selectively select directories and files). At the output, you will receive an archive in a specific .sabu format - only Santi himself, as well as a proprietary program for a Windows-based PC, can process it.
● Checking the site through the eyes of search engines - uses information from Yandex and Google about threats detected on the resource.
● Checking the site through the eyes of desktop antiviruses - scanning based on signatures provided by the largest companies that develop solutions in the field of cybersecurity solutions for PCs.
3. Utilities.
Here is a set of auxiliary tools designed to help maintain the site and ensure its security. Consider the most interesting:
● Date-search. It is useful if the period of infection is approximately known. With the help of filters, you can set the time range, as well as list file extensions and specify how to process them (exclude from search or check).
● Configurator.ftpaccess. Used to configure FTP servers based on ProFTPD and Pure-FTP.
● Removal of malicious inserts. It will be useful if the WordPress site has suffered from a virus, and you know exactly its code. You can specify the beginning and end of the dangerous fragment, list the types of files that need to be processed/excluded, separated by commas, and select the action “search” or “search and disinfect”. In the latter case, the given sequence will be automatically deleted when it is found.
● File editor. Supports work in several encodings, line numbering, elementary syntax highlighting.
Specialized antiviruses for WordPress
In addition to those listed, there are more narrowly focused solutions made in the form of plugins for CMS. Let's analyze the most effective.
1.AntiVirus
How to check WordPress templates for viruses? The answer lies in a small module with an extremely uncomplicated name and a very ascetic interface. The settings window prompts us to run a manual scan (Manual malware scan), or enable automatic monitoring of the project (Check the theme templates for malware). The second checkbox allows you to connect Google Safe Browsing databases. It is also possible to enter an email address - in this case, reports will be sent to your E-mail.
If you click the “Scan the theme templates now” button, all templates installed in the system will be immediately scanned. The page will appear:
The utility highlights suspicious fragments with a red frame. Of course, false positives are also possible - in this case, AntiVirus has allocated a block of code responsible for preventing the display of messages about erroneous authorization. In such cases, just click on the “There is no virus” button.
2.TAC
Another highly focused module is Theme Authenticity Checker. After installation, it will appear in the “Appearance” section of the admin panel. There is no need to configure and run anything here at all - the plugin conducts a fully automatic scan and issues a conclusion without any details:
3. Quttera
A more advanced module that scans the entire engine. Two types of verification are available: external — using an online service:
and internal - using the script of the plugin itself. To launch them, just click on the “Scan Now” button.
The result of the check will be the following report:
As you can see, the antivirus separates all found files into potentially dangerous, suspicious and malicious ones. Such a classification is largely conditional - like its counterparts, Quttera tends to raise false alarms. It is best to put the plugin on a site that is obviously clean and run primary monitoring, which results in adding all “rejected” files to the white list. To do this, just go to the “Detected Threats” tab and click “WhiteList File” under each warning.
4. Sucuri Security
This plugin is the most advanced of the specialized ones. The disadvantages include mandatory registration on the official developer resource and obtaining an API key, otherwise the functionality will be limited. A corresponding warning will appear immediately after activation.
By clicking on the button, you will see the following window:
The administrator's domain name and email are determined automatically, but the latter can be changed. The DNS Lookups checkbox should only be checked if you are using CloudProxy.
Before you figure out how to protect WordPress from viruses, you need to properly configure the extension in the Settings section. Here you will see several tabs at once. In General, you can set the main parameters:
● Plugin API Key - allows you to enter an API key;
● Data Storage Path - specifies the path to the directory where Sucuri Security stores logs, a list of checked files and other service information (by default - /uploads/sucuri;
● Reverse Proxy and IP Address and IP Address Discoverer - activate if external proxy services or firewall are connected;
● Failed Login Password Collector - includes tracking of failed login attempts on the site;
● User Comment Monitor - Check the content of comments added by users. Helps protect against both spam and malicious inserts;
● XML HTTP Request Monitor - filters Ajax requests, may adversely affect site response time;
● Audit Log Statistics — display of event statistics, here you can set the number of analyzed records (by default — 500);
● Date & Time - allows you to change the time and date if they are defined incorrectly;
● Reset Options - reset the default settings (useful if you start experiencing problems with site performance or scripts after installing the plugin, but you can't figure out what's wrong).
The “Scanner” tab allows you to:
● Start a forced scan with the “Fast Scan” button;
● Choose one of three algorithms (SPL - the fastest, Global - the slowest and most thorough, or OpenDir - the golden mean);
● Set the scan frequency (by default — 2 times a day);
● Enable and manage the file system scanner (FS Scanner);
● Set up report analyzer and clear logs.
On the “Alerts” tab, you can specify an email address for sending notifications, as well as set a message template by choosing from those offered, or by entering your own in the “Custom” field.
Here you can also set the frequency of sending emails and parameters for detecting brute force attacks.
Below you can fine-tune alerts. In addition to the default checkboxes, it is worth activating all checkboxes related to user actions - this will help to successfully catch spammers and brutefores.
It is also worth including all the items related to the status of plugins (marked with a plug) and templates (marked with a brush). This will not load the system, but it will help to detect the actions of an attacker who has gained access to the project and made changes to its configuration.
The “Ignore Scanning” section allows you to specify directories that do not need to be scanned (you must specify the absolute path to the folder). It is worth adding the locations of video and audio files here: checking them is meaningless, and it will eat up a lot of server resources, which will negatively affect performance.
“Ignore Alerts” allows you to exclude changes to certain types of content (post-types) from alerts.
The “Trust IP” tab allows you to set ranges of IP addresses, actions from which will not be registered by the system. It is convenient if the work with the project is carried out by a group of people from the same subnet.
“Hearbeat” helps to configure the API of the same name used for server-browser two-way communication. It is mainly used in workgroups, and if you are the sole owner of the site, it is better to turn it off altogether. This will remove an additional vulnerability, as well as increase the performance of the engine.
After making all the edits, you can start scanning in the Malware Scan section with the corresponding button:
In addition to the scanner itself, Sucury Securyti includes a number of useful tools that allow you to protect WordPress from viruses even before the site is hacked. All of them are collected in the Hardening section. I will list the possibilities:
● Verify WordPress version - monitors the relevance of the core engine and allows you to run a forced update;
● Website Firewall protection - CloudProxy connection (WAF must be preconfigured on the corresponding tab);
● Remove WordPress version - removes the CMS version display;
● Block PHP files - blocks access to service files via .htaccess (for Apache), or offers recommendations for configuring Nginx;
● Verify PHP version - checks if the version of the installed interpreter is up to date;
● Security key - will let you know if you forgot to update the security keys in wp-config.php;
● Information leakage (readme.html) - removes the Readme file containing information potentially useful to a hacker;
● Default admin account - checks if the admin login is used for the super administrator account;
● Plugin & Theme editor - blocks the built-in template editor in one click;
● Database table prefix - reminds you to replace the MySQL table prefix with a unique one, instead of the default wp_.
The Post-Hack section will come in handy after you have cleaned your WordPress site of viruses. There are three tools here:
● Security keys - allows you to create a new set of security keys and replace compromised ones;
● Reset User's Password - will help you bulk reset the passwords of registered users of your choice;
● Reset Plugins - Reverts all installed plugins to known safe versions, with the exception of premium add-ons.
Let's summarize
After reading the article, you are convinced that the fight against malware is not at all something out of the ordinary. Thanks to the availability of specialized solutions, even a non-professional can perform operations such as checking a WordPress template for viruses, monitoring the CMS core and cleaning the site in case of infection. But just like in medicine, in IT, the key to success is not cure, but prevention. Remember - hackers pose a threat not only to you and your offspring, but also to visitors to the web resource. Often, it is they who are under attack by visiting infected pages. This is fraught with the loss of the most important thing - the trust of users, which will inevitably result in the loss of regular readers, and even customers. Therefore, it is very important to take care of security issues as early as possible, minimizing the likelihood of hacking.