Project Info:
I normally do not want anything to do with Wordpress websites. It's not for me. I've tried it and along the years and I have come to hate it.
That does not mean I do not have the connections to help you, but in Infifni company me and any of my employees work only with Drupal.
I will not diss Wordpress in this portfolio page, that's for another time and place.
Even if I hate Wordpress I love a good security challenge and if Wordpress isn't the ideal place for enhancing security then I don't know what framework is.
Need to rescue
The website stocareenergie.ro was simply broken. Nothing worked and to make matters worse, backups were also infested.
Solution
Usually hacks in Wordpress consist of breaking and entering plugins, themes or core files, adding dubious functionalities that serve the hacker. This case was the same. All over the place base 64 encoded PHP code did exactly what the hacker intended. Using different tools and with patience after a couple of hours we removed the parasites.
After that we enhanced the security of the website by changing file permissions, installing a couple of security plugins and upgraded common users or weak passwords.
The site was up again in less than a day. And the source of the worm was removed. Better luck next time hacker !
