Very recently two of my client’s website are hacked by malware. This malware is attacking the mobile devices, because the website looks fine when open from desktop browser. When you open the website from a mobile device, then you will be redirected to several sites continuously.
After googling for “wordpress redirect hack on mobile devices” to get some solutions. There actually quite a lot of websites getting the same kind of malware, but it is injected in some ways like:
- header.php of the active themes
In my case, I found the culprit in the plugins. There is a weird plugin named bb_press2 and it is not listed on the plugins page. So I try to delete it and it fixed my client’s website.
Some people said that wordpress is not secure because it is open source and a lot of security hole can be found by hacker. Well, its not totally true because of some reasons:
- Hacker / malware can get inside a hosting server through your website, or through your hosting provider, or through another website on your shared hosting provider. Pick a good hosting provider, not just the cheap one. Your customers can get to your competitor website because your website is slow.
- WordPress is continuously updating its features and security. If your website is not updated, its on you. There are a lot of security practices that we can implement to make your website more secure.
- There are a lot of security plugins that can be used to improve your website security. Pick carefully and know what need to be secured.
- There are a lot of themes and plugins developed by unknown author which need to be examine carefully because a malware can get into your website from your themes / plugins.
Well, if your website need a cleanup or a monthly updates and maintenance, you can contact me.