1 - 2022 | Ultimate Marketing Group

Archives

wordpress malware removal process

Our Malware Removal process and the latest WordPress Vulnerability Found by JetPack

A malware removal process is tedious and time-consuming, and over 360,000 websites should start this process soon. On January 18th, 2022, JetPack’s security system discovered a major breach that is used to take full control of a website. The discovery was made last September. The makers of AccessPress themes and plugins were responsible for such an error. The team was investigating an issue that involved a compromised site when they noticed the malicious code was contained in all the plugins and themes from this WordPress creator but just when downloaded from the AccessPress site directly.

Furthermore, they found the same theme or plugin downloaded from the WordPress repository was not infected. This led them to believe the AccessPress site was compromised and that the hackers injected their malicious code into all the theme and plugins. Upon installation of the infected theme or plugin, the malicious code created a backdoor that allows the hackers full site access.

JetPack’s theme only investigated the themes that are freely distributed, They didn’t make a conclusion on paid premium themes. If you have a paid version of AccessPress, you should check with the support team to see if you are affected.

Most of the affected plugins have been patched and cleaned up, but their themes have not. If you use one of their themes, you should look for help to transition your site to a different theme or clean it up immediately. In addition to replacing the theme or updating the plugin, there are a few more steps you need to do as the hacked also infected WordPress core files.

Our 10 steps to malware removal

We use a thorough clean-up process. Here are the steps we take to make sure all infected files are removed.

1- Zip and Download – Gather all your website’s files, compress them into a zip file and download them to your local computer. Most users tend to want to have the files replaced while still on your web hosting, but this can only create a never – ending cycle. As other infected files could still infect the clean files, as well as produce a poor user experience for your visitors.

2- Maintenance Page – Once the files are zipped and downloaded, the files should be removed from the web hosting, to keep away from poor user experience while cleaning the hack. An ‘Under Maintenance’ page should be created to avoid creating skepticism with site visitors.

3- Replacing Core files – In the situation of a WordPress hack, download a fresh WordPress copy of the same version the infected site is using. Then delete the wp-include and wp-admin folders, as well as any WordPress root files. Do not delete the wp-content and wp-config.php file.

4- Manually verified foreign files – Any file that does not belong on the root directory of the default WordPress structure, such as those beginning with “wp-” should be manually inspected. If it is decided that the file does not belong to the site, it should be removed.

5- Replace themes and plugins – Following up the replacement of the core files, you should proceed to replacing all plugins. Download files from the WordPress repository whenever possible and, in the case of premium plugins, make sure that the version downloaded from the source is clean by scanning the zip file using Virus Total. In instances where the developers have not cleaned up their themes or plugins, beginning a manual scanning process to remove malicious codes and files is necessary. This could be one of the most time-consuming parts of this process.

6- Scan the database – You often see the database infected as well. A copy of the database file should be downloaded and scanned for any injected malicious code. This is also a manual process, searching for the most common code injections and removing them. We use various open source tools, such as SonarQube.

7- Scan and double check – Before launching the site again, a full local scan should be done. Tools like WP Scan command line tool and SonarQube can help. If no infected files are found, then launching the site is safe. If infected files are still found, the process starting with replacing core files should be repeated.

8- Launching the site – Zipping the freshly scanned files, upload them to the web hosting. Remove the ‘Under Maintenance’ page files and unzip your clean files. Replace the database as well with the clean one, even if it wasn’t infected. Open and inspect the entire site from the visitor’s perspective.

9- Securing your site – Following a hack, you will want to increase security. Using a plugin such as Wordfence or Sucuri will help you scan your site from within the WordPress backend. Passwords for all users should be reset and make sure to use strong passwords.

10- Maintenance – Updating plugins, themes and WordPress in addition to frequent scans will help you avoid having to being this malware removal process again. Most security plugins can run scans on schedule and report if they find anything suspicious.

Conclusion

A CVE has been created if you are interested in more details.

CVE: CVE-2021-24867
Vendor: AccessPress
URL: https://accesspressthemes.com

For a list of all the themes and plugins affected as well as the version you need to update, to remove this malware, you can check the WP Scan CVE.

If you need help with any part of the malware removal process outline above or would like a security assessment of your site, feel free to contact us.

wordpress release news

WordPress 5.9: What to expect in this big update?

WordPress 5.9 is scheduled to be released on January 25th, 2022 after a short delay, and it brings some powerful enhancements. WordPress has been focusing on improving Gutenberg to produce the next big thing. Many argue that once Gutenberg reached more complex functionality, numerous page builders will have trouble competing.

What is Gutenberg or Block editor? If you are new to WordPress, web development, or web administration. It was first introduced in 2018 with the release of WordPress 5.0. Gutenberg is WordPress’s attend at a “page builder” if you will. You can do similar things as you would with a page builder. Create a row with multiple columns, add different content on each column, etc. Each of those elements, is called blocks. Hence, the name “Block Editor” (think of it as if you were building with Legos).

While the first release of Gutenberg lacked a lot of features, many WordPress users stayed with their traditional page builders and the now “classic editor”. Gutenberg has evolved increasingly with every WordPress update. Add to it, the many third-party add-ons that have been created to improve lacking functions, and you got yourself a good, light, and functional native “page builder”. Gutenberg is light, fast, and can improve page speed loading times significantly.

Back to WordPress 5.9. – As we mentioned, WordPress has been focusing on improving Gutenberg and this update is not short of that. Here are 3 things that every WordPress user should look forward to. Whether you are a developer, designer, or just an admin.

Full Site Editing (FSE)

Up until now, Gutenberg was able to aid you in page creation and was also recently added to the widgets’ area as part of WordPress 5.8. But was still lacking the ability to create your own header. You had to rely on whatever header options the theme provided. Well, that will no longer be an issue, as long as the theme supports it. These themes that support the block editor are called “block themes” and are a bit different from your traditional WordPress theme. We won’t elaborate on this post the difference between both, but will talk about it in a separate post in the future.

In WordPress 5.9 and with the usage of the Twenty Twenty-Two theme at the moment. You are able to design the header of your site. You could have different headers on different pages, or the same header across all pages. That kind of header building functionality, you would only see on “website builders” rather than page builders. Such as Visual Composer, Elementor, and Divi, but now it will be included natively. Although, many block focus themes, such as Blocksy, Ocean WP, and Kadence themes, to name a few, already offer this type of functionality.

FSE is new and will have limitations in the beginning but is a step on the right direction for WordPress, and it’s improvement of the block editor. Expect more block themes in the upcoming year as FSE evolves.

Enhanced Lazy Loading Performance

Another feature that is coming and that it will help websites improve the page speed test results is, enhanced lazy loading. WordPress added lazy loading to the images in version 5.5 and to iframes in version 5.7. That was a great addition, but it also brought another problem. When running a page speed test, the “Largest Contentful Paint” (LCP) and “First Contentful Paint” results increased. That’s because any image above the fold (top one-third of the web page) should not be lazy loaded. According to Google, it delays the page from loading completely, therefore increasing page load time.

WordPress is looking to fix that with this release. As reported by WordPress, based on a test they ran on 50 popular themes, they saw an LCP improvement and up to 30% faster page load. That is a huge improvement. We won’t get into much of the technical details but if you do want those juice details, you can check them out directly on the WordPress website (WordPress 5.9 Enhanced lazy-loading performance).

Blocks + Intrinsic Web Design

“One of the biggest points of friction for pattern and theme builders are the lack of responsive tools available at a block level. This needs to be solved in a way that doesn’t disproportionately increase interface complexity”.

According to WordPress, that’s why this improvement is needed. Most responsive frameworks flow naturally as you see them on smaller devices or as you shrink your browser window. Gutenberg has been having some issues in this area. Although there is not much more info as to how they expect to solve these issues specifically, our understanding is that they plan to add more control settings to each block as well as improve the natural block responsiveness. If you use other page builders, they have settings based on the device. For example, let’s say you have block that on desktop you want to add a large padding, but on tablet and mobile that padding needs to be smaller. You will now have the option to do so. We assume from WordPress’s preliminary road map info, this is what they are looking to achieve. As of the writing of this post, we have tested the latest beta version (5.9-beta4-52432), and we are yet to see any different settings on each block. We will continue testing the beta version and update this post as needed.

Conclusion

As you can see, WordPress wants to compete with other page builders out there. They are trying to build a more attractive and easier to use WordPress for everyday users. This type of competition is good for the end user. We will start to see other established page builders enhance their tools in order to improve performance. With over 50% of WordPress websites now using Gutenberg over the classic editor. We decided to start embracing it on recent projects, and the difference it makes in page speed over traditional page builders is staggering. The future of WordPress is looking bright, and we certainly look forward to what WordPress 6 will bring.

If you need any assistance testing Gutenberg or the latest version of WordPress on your site, we can help you get ready for the new release.