Announcement

Collapse
No announcement yet.

Website Hosting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MochaDoc
    replied
    I forgot about Jet Pack. Good catch.

    Out of the others, I've only heard of Yoast SEO.

    Looks like you're good to go with all your new plug ins. Just make sure they are all activated and properly configured.

    Leave a comment:


  • Harvi
    replied




    Thanks for the tips.  I just added the wordfence plug-in.  Good to know about 3rd party themes and plug-ins.
    Click to expand...


    I use following plugins now:

    1. Akismet Anti-Spam

    2. All In One WP Security

    3. Bluehost

    4. Category Post list Widget

    5. Content Views

    6. Jetpack by WordPress.com

    7. MailChimp for WordPress

    8. OptinMonster API

    9. Print, PDF & Email by PrintFriendly

    10. Social Media and Share Icons (Ultimate Social Media)

    11. SumoMe

    12. Wordfence Security

    13. WP Content Copy Protection & No Right Click

    14. WP Fastest Cache

    15. Yoast SEO


     

    Leave a comment:


  • Hatton
    replied
    Thanks for the tips.  I just added the wordfence plug-in.  Good to know about 3rd party themes and plug-ins.

    Leave a comment:


  • MochaDoc
    replied




    Finally website is back online.

    – upgraded wordpress to 4.9.6.

    – removed all recently added plugins.

    – removed all infected files.

    – changed all passwords.

    – I am the only user on this website. I do have subscribers through mailchimp.

    – Is it worth upgrading wordfence security to premium for $99/year cost ($89/yr for 2 yr; or $84/yr for 3 yr). I am planning to consider this option after this bad experience.
    Click to expand...


    No. Just stay away from third-party themes, etc. Stick to the WordPress vetted themes and plugins.

    As far as sitelock, your site is already locked (See below) with your current, bluehost plan (https://whois.icann.org/en/lookup?name=psychiatryeducationforum.com).

    Status


    Domain Status:clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)

     

    As far as additional site security, see my first recommendation and consider adding the Akismet plug-in. Between those three things (no third party themes or plug ins, wordfence and Akismet) you should be fine for free.

    Leave a comment:


  • Harvi
    replied
    Finally website is back online.

    - upgraded wordpress to 4.9.6.

    - removed all recently added plugins.

    - removed all infected files.

    - changed all passwords.

    - I am the only user on this website. I do have subscribers through mailchimp.

    - Is it worth upgrading wordfence security to premium for $99/year cost ($89/yr for 2 yr; or $84/yr for 3 yr). I am planning to consider this option after this bad experience.

    Leave a comment:


  • Harvi
    replied




    If you have a backup from before the site went down (and was presumably infected), wipe everything and put the old files in.

    Otherwise, you can try fixing it by FTP, which does not require the HTTP side (webpage) to be up.

    Have you ever used FTP?
    Click to expand...


    I did uploaded my old files and removed all these infected files. Working with bluehost to get this back online now.

    Leave a comment:


  • Ryan
    replied
    If you have a backup from before the site went down (and was presumably infected), wipe everything and put the old files in.

    Otherwise, you can try fixing it by FTP, which does not require the HTTP side (webpage) to be up.

    Have you ever used FTP?

    Leave a comment:


  • Harvi
    replied




    I am paying Bluehost $250 for hosting for 2 years.  So far I have had no problems.
    Click to expand...


    I also paid $250 for 2 years hosting and this 2 year period will expire in Sep 2018.

    Leave a comment:


  • Harvi
    replied




    Gross. $150/mo is too much for a small WordPress site.

    Checking out your site from archive.org, You were running 4.9.4 for at least a few days after 4.9.5 was released, which fixed several published vulnerabilities. One of those may have been the attack vector.

    Another common malware source is “free” third-party themes and plugins.

    Also possible, someone guessed your password.

    You can try to fix this yourself–

    1. Change all passwords immediately

    2. Check that all users are valid

    3. Install and run a wordpress plugin like this one, Wordfence or any of a number of others to see if find the issue

    4. Remove the wordpress version “fingerprint” from your theme


    Click to expand...


    Thanks Ryan.

    - I did installed free third party plugins recently and looks like this started malware attacks.

    - I will change all my passwords.

    - I did installed wordfence 1 month ago and fixed all issues found by wordfence.

    - Bluehost is recommending Sitelock package (which they are giving me at discount price of $85/month).

     

    I am not good with this coding and related stuff. I will request bluehost to activate my website, so that I can get in and remove these plugins and change themes. I am not able to access website through wordpress.

     

    Bluehost emailed me following mail:

     

    Your psychiatryeducationforum.com account has been deactivated due to the detection of malware. The infected files need to be cleaned or replaced with clean copies from your backups before your account can be reactivated.

    URL(s): /home1/psychio2/public_html/wp-includes/js/jquery/jquery.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-includes/js/jquery/jquery-migrate.min.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-includes/js/wp-embed.min.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-includes/wpsmedata.php: SL-PHP-UPLOADER-1-md5-ndw.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/wp-xmlrpc.php: SL-PHP-FILEHACKER-xl.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/wpsmdata.php: SL-PHP-UPLOADER-1-md5-ndw.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/7c76d2zh/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/6wby538l/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/cache/wpfc-minified/q7ge6h4o/c4ylq.js: SL-JS-REDIRECT-kb.UNOFFICIAL FOUND
    /home1/psychio2/public_html/wp-content/themes/accesspress-ray/welcome/demos/layout-1/content.xml: EIG.LinkSpam.NoSuspend.NotifyOnly-19.UNOFFICIAL FOUND
    /home1/psychio2/public_html/71ba5704c07aec55402cb7d674cb5783: SL-PHP-REDIRECT-1-afl.UNOFFICIAL FOUND
    /home1/psychio2/public_html/index.php: SL-PHP-REDIRECT-1-afh.UNOFFICIAL FOUND

    To thoroughly secure your account, please review the following:

    * Remove unfamiliar or unused files, and repair files that have been modified.
    * Update all scripts, programs, plugins, and themes to the latest version.
    * Research the scripts, programs, plugins, and themes you are using and remove any with known, unresolved security vulnerabilities.
    * Update the passwords for your hosting login, FTP accounts, and all scripts/programs you are using. If you need assistance creating secure passwords, please refer to this knowledge base article: https://my.bluehost.com/hosting/help/418
    * Remove unused FTP accounts and all cron jobs.
    * Secure the PHP configuration settings in your php.ini file.
    * Update the file permissions of your files and folders to prevent unauthorized changes.
    * Secure your home computer by using an up-to-date anti-virus program. If you’re already using one, try another program that scans for different issues.

    You may want to consider a security service, such as SiteLock, to scan your website files and alert you if malicious content is found. Some packages will also monitor your account for file changes and actively remove malware if detected. Click here to see the packages we offer: https://my.bluehost.com/cgi/sitelock

    Please remove all malware and thoroughly secure your account before contacting the Terms of Service Department to reactivate your account.

    You may be asked to find a new hosting provider if your account is deactivated three times within a 60-day period.

    Leave a comment:


  • Hatton
    replied
    I am paying Bluehost $250 for hosting for 2 years.  So far I have had no problems.

    Leave a comment:


  • Ryan
    replied
    Gross. $150/mo is too much for a small Wordpress site.

    Checking out your site from archive.org, You were running 4.9.4 for at least a few days after 4.9.5 was released, which fixed several published vulnerabilities. One of those may have been the attack vector.

    Another common malware source is "free" third-party themes and plugins.

    Also possible, someone guessed your password.

    You can try to fix this yourself--

    1. Change all passwords immediately

    2. Check that all users are valid

    3. Install and run a wordpress plugin like this one, Wordfence or any of a number of others to see if find the issue

    4. Remove the wordpress version "fingerprint" from your theme

    Leave a comment:


  • Complete_newbie
    replied
    85/month for what? Thats horrible. it should be 5 bucks a month. This is Whole life level rip off. Switch hosting.

    Leave a comment:


  • Tyche
    replied
    um no I think I pay that per year with Wix. Webs was a little cheaper but klunky.

     

     

    Leave a comment:


  • Kamban
    replied
    For a site that makes no money, no way would I pay $150 per month.

    How does your site get malware? Do you inadvertently introduce it. Or they do not provide protection

     

    Leave a comment:


  • Harvi
    replied
    I called bluehost customer service as my website is down (http://psychiatryeducationforum.com/)

    They recommended this $150/month cost. They did agreed to reduce price to $85/month X 1 year, after I told them that I am planning to take my website down.

    Leave a comment:

Working...
X