What is the right solution to keep secure my wordpress website without affecting any malware?


#1

One of my client website is getting affected by malware often. i have used Wordpress Plugin (Wordfence) to clear the virus. It was cleared at that moment but again it is affected. I need a permanent solution to keep my website secure without any malware inject. Anyone can help me in this?


#2

What steps did you take to prevent it happening again? For example, have you changed all your passwords and ensured they are really strong? What file permissions are you using?

This article might be helpful:
https://perishablepress.com/what-to-do-when-your-site-gets-hacked/


#3

It sounds as though you haven’t completely cleaned the malware from your site. A plugin can help, but doesn’t do everything. As well as the link @technobear gave, have a look at the following Wordfence articles:

https://www.wordfence.com/blog/2018/03/cleaning-a-hacked-website/?utm_source=list&utm_medium=email&utm_campaign=030818

https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/?utm_source=list&utm_medium=email&utm_campaign=030818

As well as changing your admin user’s password, I would strongly recommend changing the admin user’s username.

If you can, consider installing modsecurity on your hosting account.


#5

I’d do this: 1. Secure your WordPress website by protecting the login page and preventing brute force attacks.
2. Use 2-factor authentication
3. Analyze how this malware happened to prevent the future ones