GoDaddy WordPress Sites Getting Hacked
If you have a WordPress site on GoDaddy, keep a close eye on it. This week alone two different people have come to me with site issues that have turned out to be the same exact hack. There seems to be a spate of them going on – see this thread in the WordPress forums that I came across – this is the same hack that I found. Fortunately in the cases I’ve seen it hasn’t caused a ton of damage – more a nuisance than anything, but it indicates vulnerabilities in your site. GoDaddy of course will provide you with no help at all – they won’t even check if it’s a hack, they will just assume it’s some WordPress issue and not even give you a place to start trying to fix it. I’m not a security expert so I’m not sure if the timthumb vulnerability was the way in, but in both cases that vulnerability was present. In both cases I found code added to the functions.php file as well as a few other dodgy files showing up.
For hack clean-up I recommend Sucuri (aff. link) – they are the leaders in web security and are WordPress experts. And once you have things straightened out, I recommend moving to a proper hosting company such as WPEngine (aff. link) where they won’t brush you off with a “it’s a WordPress problem, so we can’t help you” response. In fact they work directly with Sucuri and if your site were to be hacked, they would clean it for you.
Again, I’m no expert so I cannot say if any of the following plugins would have prevented this exact hack or if the problem is a deeper issue with GoDaddy’s servers themselves, but generally I recommend the following to increase the security of your site:
WordFence – actively scans and protects your site. There is a free version and a paid version. The free version is better than nothing, the paid version is even better.
TimThumb Vulnerability Scanner – For checking if you’re at risk from the timthumb hack, use the vulnerability scanner to find and fix that issue.
Exploit Scanner – has also helped me in the past find files that have been hacked, but it gives a lot of false positives so it’s hard for newbies to really know what is a real issue and what isn’t. I’d recommend it for more advanced users, or you could run the scan and have an expert look over the results for you.
Honorable mention – WordPress Firewall 2 – this plugin hasn’t been updated in a while and I wouldn’t usually recommend such an old plugin but I have been running it on one of my sites for a long time with no problems and it seems to be working fine. In the beginning you may again get a few false positives but you can whitelist those. I still get notifications from the plugin about attempted hacks it claims to have prevented, so it certainly makes me feel like it’s doing some good!
photo courtesy: http://www.flickr.com/photos/brianklug/6870002408/sizes/z/in/photostream/
I believe godaddy is just trying to make extra money in the last two years. I have two Godaddy servers and every website in the last two years has been hacked, I regulary update plugins & wordpress and change my FTP password. They want you to pay for their Sitelock Malware Removal which is $70-$123AUD per year per website. This will remove all the malware automatically and protect your site over a year. You can do it manually by removing the code through Wordfence but this takes hours.
Makes me so angry paying this for every single website!
Wish I had the time to move all my websites to another hosting company. Grrrr
My site has been hacked. GoDaddy said there’s nothing they can do about it. Is this a common problem? I have no access to my site whatsoever.
Fatal error: require_once() [function.require]: Failed opening required ‘/home/content/72/8724872/html/wp-content/plugins/revslider/inc_php/revslider_slider.class.php’ (include_path=’.:/usr/local/php5/lib/php’) in /home/content/72/8724872/html/wp-content/plugins/revslider/revslider.php on line 28
It can be common if you don’t keep WordPress and plugins up to date amongst other steps. GoDaddy is not known for being the most secure host. If that error is preventing you from accessing your site, you need to go into your File Manager, via your Control Panel, navigate to wp-content, then plugins, then revslider. Rename the revslider folder to: off.revslider
This will disable the plugin and allow you to access your site (assuming that error is the only thing in your way.
For clean-up you can use either Sucuri or HackRepair.com.