Joomla & WordPress Services

FAQ's for the website security services we offer for the Joomla! and WordPress open source content management systems.

Best WordPress Security Plugins

Over 30,000 WordPress sites get hacked every day by hackers taking advantage of vulnerable websites

The following WordPress website security plugins can help you protect your website from attacks.

Wordfence

Wordfence is the WordPress’ most popular security plugin with over two million users. A large part of its popularity has to do with its ease of use. Wordfence’s user-friendly interface provides users with a live traffic view that reveals hacking attempts in real time.

Wordfence is versatile too. It’s compatible with multiple sites including smartphone platforms. Its two-factor authentication beefs up login security, making brute force attacks incredibly difficult.

Maybe most importantly, Wordfence keeps master copies of all versions of WordPress to compare against user versions. By doing this, Wordfence can detect at least 44,000 known malware strains.

At the touch of the “scan” button, Wordfence will look for backdoors, malware, modified core files, unknown files in WordPress folders, outstanding updates, and comments with suspicious links.

Download WordFence

iThemes Security

iThemes (formerly Better WP Security) really focuses on the user as the first point of vulnerability. Of course, it executes most of the same core processes as other security plugins to keep WP sites secure.

But additional built-in features like two-factor authentication and Google reCAPTCHA options offer the added user security. With iThemes you can also choose an expiration date for passwords so that optimal security can be maintained.

Download iThemes Security

All-In-One WP Security & Firewall

All-In-One protects over 600,000 WordPress sites with its easy to use dashboard and robust protection methods. The user interface is quick and easy to interpret, featuring a security meter that shows the site’s current level of protection.

All-In-One offers three firewall levels: basic, intermediate, and advanced. These firewall levels are based on user needs balanced against the impact each firewall has on the functionality of each WordPress site. Advanced firewall means the most protection, for instance. But it also means the most potential for interference with other plugins and themes being used in WordPress.

Download All-In-One WP Security & Firewall

Bulletproof Security

At about 90,000 users, Bulletproof Security is not as widely used as other WordPress security plugins. Yet, the number of security features it provides is robust.

Bulletproof scans for malware provides a firewall capability, monitors logins for added security, backs up the site’s database on a regular basis, automatically logs idle users out, and provides a user-friendly interface, for starts.

Download Bulletproof Security

My website is hacked what should i do

Getting your Joomla or WordPress website hacked by hackers and cyber criminals can be very stressful and can have a serious impact on your online business in terms of traffic from Google, sales, customer confidence, brand reputation and so much more.

Don’t Take It Personally

Firstly don’t take this personally, Hackers have bots which scan the internet 24/7 looking for vulnerable websites to attack and inject malware into, script kiddies also try to deface websites in order to get some kudos within the hacker community.

Hackers don’t care who you are or what you do, all they care about is that you are running an out dated version of Joomla or WordPress or maybe you have a theme or plug-in which is out dated that can be easily hacked. They have one goal which is profit. Have can they exploit your website for profit, nothing more or nothing less.

Don’t Panic

If your Joomla or WordPress website gets hacked don’t panic as this often places you in a position where you make the wrong decision which may inflict even more damage on the website.  Take a deep breath and hire us today we help customers every day of the week to fix hacked WordPress and Joomla websites. We have the skills, knowledge and expertise to remove the malware and to secure the website for you to ensure it does not happen again

To find out more about the website security services we offer visit

WordPress Malware Removal Service To Fix A Hacked WordPress Website

Joomla Malware Removal Service To Fix A Hacked Joomla Website

How do i know if my Joomla or WordPress website is hacked

The following will help you understand if your website has been hacked by hackers

  1. The Website is injected with hidden pharmacy links.
  2. You are unable send email because the website is black listed for sending spam email.
  3. You can no longer log into the website.
  4. The website has been defaced
  5. You has lost all your website ranking in Google as hackers have injected hidden SEO links into the site.
  6. Google has blacklisted your website in search results with the label This site may be hacked
  7. The hosting company has suspended the website.
  8. The website redirects website visitors to a different website.

Can i recovery the hacked website from a website backup

If you have a website strategy in place which includes the daily and weekly backup of all the Joomla and WordPress files plus MYSQL database this is one option you could use to recovery the website. However please note you need to ensure the latest backup is a clean, virus, malware free version that has not already been hacked. The best solution is to start with a clean version of Joomla or WordPress and reinstall all the themes and plug-ins.

If your hoping the web hosting company has a backup of the website which you can recovery from they won’t. A large number of hosting companies do not provide website backups and state this in there terms of service. You are responsible for ensuring you have full backups of your website.

Tips to secure your WordPress website

WordPress is a great free content management system used by millions of websites around the world to create amazing websites. After you have installed WordPress we recommend you consider the following WordPress security tips to help you get started in keeping your website secure and to reduce the risk of it getting hacked by hackers.

Use SSL to encrypt data

Implementing an SSL (Secure Socket Layer) certificate to secure the admin panel. SSL ensures secure data transfer between user browsers and the server, making it difficult for hackers to breach the connection or spoof your info.

Getting an SSL certificate for your WordPress website is not an issue. You can purchase one from some dedicated companies or alternatively ask your hosting firm to hook you up with one (it’s often an option with their hosting packages).

Use can also use a Let’s Encrypt free open source SSL certificate which is available on a large number of websites.

USe strong passwords

Play around with the website’s passwords and change them regularly. Improve their strength by adding uppercase and lowercase letters, numbers, and special characters.

The followed websites allow you to generate strong password

  1. https://passwordsgenerator.net/
  2. https://www.random.org/passwords/
  3. https://www.roboform.com/password-generator

Keep WordPress Updated

Always ensure your using the latest, stable version of WordPress. This is one of the biggest reasons how hackers get access to websites, people just don’t keep them updated. Its simple to do and take a few minutes to updated the website. Also while your updating WordPress make sure you also update all the plug-ins and theme.

Protect the wp-admin directory

The wp-admin directory is the heart of any WordPress website as it allows you to manage the whole website if this part of your site gets breached then the entire site can get damaged.

One possible way to prevent this is to password-protect the wp-admin directory. With such security measure, the website owner may access the dashboard by submitting two passwords. One protects the login page, and the other the WordPress admin area. If the website users are required to get access to some particular parts of the wp-admin, you may unblock those parts while locking the rest.

One security plug-in you may want to consider is the AskApache Password Protect plugin for securing the admin area. It automatically generates a .htpasswd file, encrypts the password and configures the correct security-enhanced file permissions.

Use 2-factor authentication

Introducing the 2-factor authentication (2FA) at the login page is another good security measure. In this case, the user provides login details for two different components. The website owner decides what those two are. It can be a regular password followed by a secret question, a secret code, a set of characters, etc.

Change the admin username

During WordPress installation, you should never choose “admin” as the username for your main administrator account. Such an easy-to-guess username is approachable for hackers. All they need to know is the password, and your entire site gets into the wrong hands. make sure you choose a strong user name

Protect the wp-config.php file

The wp-config.php file holds crucial information about your WordPress installation, and it’s in fact the most important file in your site’s root directory. Protecting it means protecting the core of your WordPress blog.

It gets difficult for hackers to breach the security of your site if the wp-config.php file becomes inaccessible to them.

The good news is that making this happen is really easy. Just take your wp-config.phpfile and move it to a higher level than your root directory.

Now the question is, if you store it elsewhere, how does the server access it? In the current WordPress architecture, the configuration file settings are set the highest on the priority list. So, even if it is stored one fold above the root directory, WordPress can still see it.

15. Disallow file editing

If a user has admin access to your WordPress dashboard then they can edit any files that are part of your WordPress installation. This includes all plugins and themes.

However, if you disallow file editing, even if a hacker obtains admin access to your WordPress dashboard, they still won’t be able to modify any file.

Add the following to the wp-config.php file (at the very end):

define('DISALLOW_FILE_EDIT', true);

Remove your WordPress version number

Your current WordPress version number can be found very easily. It’s basically sitting right there in your site’s source view.

Here’s the thing, if the hackers know which version of WordPress you use, it’s easier for them to tailor-build the perfect attack.

You can hide your version number using https://wordpress.org/plugins/remove-version-info/

Set directory and file permissions

We recommend changing files and directory permissions to secure the website at the hosting level. Setting the directory permissions to “755” and files to “644” protects the whole filesystem – directories, subdirectories, and individual files.

Change the WordPress database table prefix

If you have ever installed WordPress then you are familiar with the wp- table prefix that is used by the WordPress database. I recommend you change it to something unique.

Using the default prefix makes your site database prone to SQL injection attacks. Such attack can be prevented by changing wp- to some other term, e.g. you can make it mywp-wpnew-, etc.

What Is Malware

Malware, a shortened combination of the words malicious and software, is a catch-all term for any sort of software designed with malicious intent.

Malicious intent is often theft of your private information or the creation of a backdoor to your computer giving someone access to it, its resources, and its data, without your permission. However, software that does anything that it didn’t tell you it was going to do could be considered malware.

Common types of malware

Though some of these terms can be used to describe software with a legitimate, non-malicious intent, malware is generally understood to exist in one or more of the following forms:

  1. Viruses infect program files and/or personal files.
  2. Spyware collects personal information.
  3. worm is malware that can replicate and spread itself across a network.
  4. Trojan horse looks, and may even operate, as a legitimate program.
  5. Browser hijacker is malware that modifies your web browser.
  6. Rootkit grants administrative rights for malicious intent.
  7. Malvertising is malware that uses legitimate online advertising to spread malicious software.

Malware infections

Malware can infect a computer or other device in a number of ways. It usually happens completely by accident, often by downloading software that has malicious applications bundled with it.

Some malware can get on your computer by taking advantage of security vulnerabilities in your operating system and software programs. Outdated versions of browsers, and often their add-ons or plug-ins as well, are easy targets.

But most of the time malware is installed by users  overlooking what they’re doing and rushing through program installations that include malicious software. Many programs install malware-ridden toolbars, download assistants, system and internet optimizers, bogus antivirus software, and other tools by default unless you explicitly tell them not to.

If your Joomla or WordPress website is infected with malware we can help you.  To find out more about the security services we offer visit

  1. https://www.hackedwebsite.services/wordpress-website-hacked/
  2. https://www.hackedwebsite.services/joomla-website-hacked/
Why do WordPress websites get hacked

When you have a business, no matter whether it is a large company, or just a small business you operate yourself online, getting your WordPress website hacked can have a serious impact on your business and can quickly become a costly problem.

There are a number of reasons why WordPress websites get hacked and are targeted by cyber criminals or hackers who have bots scanning the internet 24/7 looking for vulnerable WordPress sites

WordPress Vulnerabilities

You may have heard of something called a vulnerability scan in reference to your own PC’s anti-virus software. This is a commonly used application designed to find possible ways a hacker could corrupt your computer’s files or system and make or suggest the necessary fixes to any issues that are found.

Hackers use a similar method to scan for possible ways they themselves can hack your website. Due to this fact, it is always important to make sure you

  1. Always makes sure the website is running the latest, secure version of WordPress.
  2. Review the themes installed at the website.
  3. Review the plug-ins installed at the website to ensure you are running the most up to date version of the plug-in.

Poor Website Security

A common reaction to having your website hacked is surprise. Most business owners are unaware of exactly how easy it is to be targeted and exploited by a hacker. That is why lots of people don’t bother to make their access codes to their servers or WordPress site very difficult to guess. This leaves them vulnerable to hackers who can generate possible passwords for your site until they have the correct one in a matter of seconds if that password isn’t secure enough.

Out Dated Website Plugins

Hackers are willing to spend a significant amount of time looking for weaknesses in the makeup of your site that they can exploit to gain access. A common way for hackers to get in is via plugins that are not fully patched against backdoor access. This is why it is important to have plugins that are completely trusted and fully up to date with the latest patch on your website.

Exposure To Automated Hackers and bot attacks

While having your site run on a platform like WordPress is extremely convenient and user friendly when it comes to making changes and updates, as well as generating regular content to keep your business relative in searches, this does expose your website to automated attacks known as bots. While these bots are not malicious in nature, think of them as online pests that can quickly infest your site if not checked immediately.

If you would like us to complete a full website security audit on your WordPress website to ensure the site is safe and secure from hackers and cyber criminals take a look at the website security service we offer https://www.hackedwebsite.services/wordpress-security-service/

How soon can you fix my hacked WordPress website

After you have ordered the WordPress hacked repair service we offer at the website we will get started straight away on removing the malware and securing the website for you.

To help us to get started on fixing the hacked WordPress website we need the following information from you

  1. Website hosting control panel user name and password
  2. Website FTP login details for the website.
  3. Website administrator user name and password

if you have the the above information available for us after ordering the service at the website this will help us to get started on removing the malware and securing the website for you.

Free Malware Scanning Tools

If you suspect that your Joomla or WordPress website is infected by Malware then you can try scanning your website with one of the following free malware scanning tools below. Please note the tools may not be 100% accurate any may throw up some false positives but they are good start to help you identify if your website is infected with malware.

All the free malware scanner tools will check your website for the following plus more.

  1. Malicious files
  2. Suspicious files
  3. Potentially Suspicious files
  4. External links detected
  5. Iframes scanned
  6. Blacklisted status

Quttera

Quttera offers free malware scanning services for WordPress, Joomla, Drupal  websites and provides you with a detailed report

https://quttera.com/website-malware-scanner

SUCURI

Sucuri is a popular security scanner which allows you to scan your website running WordPress, Joomla, Magento and more for malware, blacklisting status, website errors, and out-of-date software

Once the website scan is complete they will tell you if your website is infected with malware of if you have out of date software.

https://sitecheck.sucuri.net

Virus Total

Virus total analyzes your website for suspicious files from various online scanners including Kaspersky, Malware, Dr. Web, Netcraft, Trustwave, Cybercrime, CloudStat and much more for viruses, worms, Trojans, and another kinds of malware infections.

https://www.virustotal.com

Google Safe Browsing Malware Scanner

The Google malware scanning tools allows you to quickly scan your website for malware infections

https://transparencyreport.google.com/safe-browsing/search

What Information do you need to clean my website

In order to fix your hacked website we need the following information

  1. Website address.
  2. website hosting control panel ( cpanel or plesk ) user name and password login details.
  3. FTP address plus user name and password.
  4. MYSQL  phpMyAdmin access including user name and password.
  5. WordPress or Joomla admin user name and password.
  6. Please ensure all details are correct including website address, user names and passwords.

Please note we need all the above information to start working on the website.

Can you fix my website in 24 hours

Once we have successfully received payment for the service via paypal.com we will contact you via email within 2 hours to request the following information.

  1. Website address.
  2. website hosting control panel ( cpanel or plesk ) user name and password login details.
  3. FTP address plus user name and password.
  4. MYSQL  phpMyAdmin access including user name and password.
  5. WordPress or Joomla admin user name and password.
  6. Please ensure all details are correct including website address, user names and passwords.

If we do not receive all the above information we will be unable to clean the hacked website within 24 hours.

How much does the service cost

The cost for each  Joomla and WordPress security service is only $149.00

  1. This is a fixed one time payment with no monthly payment fees
  2. If we don’t 100% clean your WordPress or Joomla! website you will get a full refund
  3. Payment is required in full via Paypal.com

The security service for WordPress & Joomla we offer includes the following

  1. We will complete a full security scan of your Joomla  or WordPress website to identify and investigate how the malware or malicious code infected the website.
  2. Once we have completed a detailed security scan of all the website files and MYSQL database the malware and malicious code will be removed in 24 hours
  3. We will install secure the website using best practice .htaccess security rules to reduce the risk of the website getting hacked again.
  4. Once we are 100% happy that your website is clean and secure we will complete a full Cpanel or plesk hosting file and mysql backup of the website.
  5. We will communicate directly with Google to remove “This website may be hacked” label.
  6. Our work is guaranteed for up to 30 days.
  7. If your website gets hacked within 30 days after we have completed the work we will fix the website for free.
Money back guarantee

We offer a full money back guarantee if we do not 100% clean your website and remove the malware or malicious code from your Joomla or WordPress website.

Please note if your website is displaying “this website maybe hacked” label in Google it can take up to 5 working business days for Google to remove the label from your website as they have to review all the information and evidence we have provided to them to 100% confirm the website is clean and safe.

Google this website may be hacked

If your Joomla or WordPress  has been blacklisted by Google and is displaying the label “this website may be hacked

our service includes the following to remove the blacklisted label and restore website traffic to your website from Google.

  1. Communicating with Google on your behalf to remove the label “this website may be hacked”
  2. Providing Google with all the work and evidence to confirm we have 100% cleaned your website.

Please note it can take up to 5 working business days after we have submitted all the information to Google for Google to remove the label “this website may be hacked”

During this time you will get no traffic or website visitors from Google to your website until the label “this website may be hacked” has been removed from your website.

For more information visit https://support.google.com/websearch/answer/190597?hl=en&ref_topic=3425513

How do I know if my website is hacked

A hacked Joomla or WordPress website can have a number of  symptoms including

  1. Website is blacklisted by Google
  2. Website is displaying the label “this website may be hacked” in Google
  3. You have lost all your traffic and sales from Google
  4. Your web hosting company has disabled or suspended your website
  5. Website has been flagged up by your hosting company or a 3rd part company for distributing malware
  6. Your website visitors have reported to you that their desktop Anti virus software is telling them your website is unsafe or has a virus.
  7. You can no longer send email or your website has been black listed by the email providers.
  8. You notice behavior that was not authorized at your website (creation of new users or new pages, posts created)
  9. You can visibly see that your site has been hacked when you open it in the browser
  10. Your website includes hidden website links to porn,  pharmacy or payday loan websites.
  11. Your hosting company advises you that you are using to much bandwidth

The above symptoms are just some of the examples you can expect to see if your website has been hacked.

To get your business back online and the hack, infection 100% cleaned hire us today.

Can i trust you with my Hosting data.

We offer a secure and confidential service for all customers.

All information you provide to us is treated with complete confidentiality.

We are a UK based development company with over 10 years experience developing and managing Joomla and WordPress websites for clients around the world who trust us to deliver a professional service.

If you have any questions about the services we offer please contact us at the website

Will my website be safe after getting hacked

Once we have completed the security work on the website and implemented the security measures to protect the website it should be more secure than it was before hired us to complete the work for you.

However please note that no website is secure from hackers and cyber criminals who are always looking at ways to exploit websites for there own gain.

We recommend you do the following

  1. Take regular backups of the website
  2. Always keep Joomla or WordPress updated to the latest version.
  3. Always update extensions or plug-ins to use the latest version.
  4. Never download or install themes or plug-in from websites you do not trust.
  5. Make sure the website is running the latest version of PHP 7
  6. Do not remove the security measures we have put in place to secure the website.
What happens if my website gets hacked again

Once we have successfully cleaned your website and removed the hack, malicious code as part of the service we offer we will put specific security measures in place to secure the website and keep it safe from hackers.

The security measures include

  1. Security specific .htaccess rules to block MySQL injections, RFI, base64 and more attacks.
  2. WordPress and Joomla security hardening measures using best practices.
  3. Installation and setup of a 3rd party software firewall plug-in or extension for Joomla or WordPress.

If your website does get hacked within 30 days after we have completed the work on it and put in place the above security measures then we will fix it for free.

Please note if you have made changes to the website including the removal of the following which we have put in place to keep your website safe from. hackers the offer is void and you will be changed $169.00

  1. Security specific .htaccess rules to block MySQL injections, RFI, base64 and more attacks.
  2. WordPress and Joomla security hardening measures using best practices.
  3. Installation and setup of a 3rd party software firewall plug-in or extension for Joomla or WordPress.
Can you fix WordPress and Joomla errors

If the error which appears at the Joomla or WordPress website is due to hacked files or MYSQL database then we will fix the technical issue and get your website back online.

However if the errors which appear at your website are not related to the hacking issue then we will not resolve them and you will be required to hire a developer to provide you with the technical support you need to investigate and fix the issue.

Please note our scope of work based on the service we offer specifically relates to security issues only.

Technical issues which fall outside of this scope will not be fixed.

Can you restore lost website data

Sorry we do not offer this service we only provide security services for WordPress and Joomla content management systems.

If your website has been hacked it is unlikely that you will have lost data.

The hackers aim is to

  1. Deface a website
  2. Inject spam links into the website theme, plug-in or MYSQL database for SEO purposes.
  3. Use your website for sending out spam emails
  4. Hosting videos on your website

If you do need to recover data we recommend you contact your web hosting provider for more information.

Website hosting security considerations

Security should be your top priority when choosing a web hosting provider for your Joomla! or WordPress website.

The following information will help you to make the right decision about the web hosting company.

  1. Do your research first before choosing a web hosting. Visit http://www.webhostingtalk.com
  2. Read the companies about us page,  find out how long they have been in business for.
  3. Ask them some pre sales questions.
  4. Do they offer daily website backups which you can access via Cpanel or plesk
  5. Are they running the latest version of PHP 7
  6. Is Mod security enabled
  7. Visit the Joomla! or WordPress support forums or Facebook groups to get advice from people who have used the hosting company or to see recommendations

The above is just a general guide to help you get started, however the a good hosting company is essential for the security of your website and we recommend you avoid cheap, shared web hosting services and invest in good quality web hosting for Joomla or WordPress.