Help.. desperately need help and advice.. my website was once blocked by Google due to malware.. my webhost supposedly 'cleaned' it up for me, I submitted for Google to re-review it again, and it got active again. However, today I checked.. my website was blocked again! What is happening? I updated to the latest Wordpress version and also changed my password as advised.. but it happened again. Below is the screenshot of the error message: http://www.flickr.com/photos/90562463@N04/9979037975/ Please help.. shall I be changing web host since it is down so often? Or is this a web host issue or my issue? I have no idea..
It's a fact of life if you use turdpress your site will get hacked at some stage, probably due to some crappy outdated plugin, theme or just because of it's diabolical poor unsecure code, just search "wordpress hacked" on google and you'll see what i mean.
Malky66 is right: it's a fact of life with WordPress, but the chance can be reduced by solving that glaring error above - your webhost cleaned it. I have a feeling they did a file restore and didn't fix the root-cause (outdated plugin, theme or whatever other insecurity). You need to learn more about the technicalities yourself, how to fix these issues, how to secure WordPress properly (the BulletProof Security plugin will help with his). You could switch hosts, but find the same problem. Yes, it's possible due to an insecurity in their server you are being hacked (but then so would probably all of their customers). So improve your skills and secure WordPress, or take an objective look at your site and ask yourself, "Do I really need to use it?" For a site that isn't updated regularly, doesn't do any database lookups, etc, that is effectively static then no. You could code it up in HTML. If you do need a database, look for a more secure alternative.
you are going to have this issue regardless of which webhost you use. There are companies that offer full management of your wordpress site but they tend to charge $30 - $50 per month. Try installing wordfence to help scan your site for malware, bulletproof security can help you to secure your site. Now these are just 2 suggestions of a wide range of things that you should be looking into, so start with these, then read up articles on how to secure your wordpress website.
thanks for all the advice folks.. i got someone to clean up my site already cos i'm really not a tech person.. he found a malware and removed it plus did some protection for me.. and hopefully I will be able to safeguard my site myself after this. .i will read up on how to secure my site and noted on wordfence, matt. thks!
Probably they restored an older backup and you got hacked again. Look for any vulnerabilities to prevent your site from getting hacked again.
sorry guys.. i have another question.. i have this shown on my site: Your backup folder MIGHT be visible to the public: To correct this issue, move the .htaccess file from wp-content/plugins/wp-dbmanager to /home/xxxx/public_html/wp-content/backup-db I thought I have already done so.. but the message is still there.. any ideas how to tell whether my backup folder is still visible to the public?
I never use wp-dbmanager for backup my WP blog. I use "backupbuddy" or manually backup direct from mysql. As mentioned above, use "bulletproof security" and "wordfence", since both free. When you install bulletproof security, it will guide you to install "htacess". Remember to activate root access + wp-admin access as well activates for deny htacess... You might also install "ip-blacklist" for blacklisting an ip which you think is suspicious.
Try installing ELI Antivirus (download at Wordpress Plugins)... ELI is free, easy to use and does a very good job at removing malware and other nasties... Roger