Please check if my sites are secured

I had performance issues and when I asked my hosting about it they reported that my sites are under brute force attacks. I've followed their recommendations then downloaded "Defender Pro".
Would you please check if my sites are clean and safe as Defender shows a lot of warnings on my sites? And I can't tell which are harmful and which aren't.

  • Ash
    • WordPress Hacker

    Hello Bart

    I have gone through all of your sites, thanks a lot for enabling support access. Most of your sites are clean.

    But here are two sites that you need to fix:
    https://www.sav****earts.us/

    In this site, these are the suspicious files. Those are:
    class-error.php
    wp-tinymce-help.php
    environment.php
    Environment.php
    common.php
    mycred-admin.php
    evalmath.class.php
    class-admin-builder.php
    class-admin-dragdrop.php
    class-admin-upgrade.php
    class-fields.php
    class-files.php
    class-form.php
    class-profile.php
    class-query.php
    class-followers-main-api.php

    So, if you don't need those files for anything, feel free to delete it. All of those files contains eval function which is suspicious.

    Another site is http://www.art******knm.com

    It seems you have either used a one click installer or all of your core files are changed. So, what you need to is download wordpress from https://wordpress.org/download/ extract the zip file, upload wp-admin and wp-includes folder only (not the wp-content and other files) and overwrite the current files.

    Once you do this, run another scan, and it should be okay.

    Let us know how it goes. Have a nice day!

    Cheers,
    Ash

  • Bart
    • New Recruit

    Hey Ash,
    Is it possible for you to do this for me, please?
    I don’t have much knowledge when it comes to this.
    Also, I am getting email notifications from WPMU DEV in regards to sites going DOWN; then I will get another one when the sites are BACK online.
    I contacted A2Hosting about the issue. (Ash, you do have access to my hosting account) The following is their response:

    ------------------------------------------------------------------------------------

    Hello Bart,

    Thank you for contacting A2 Hosting Support. I'm sorry to hear about the continued issues, we understand how frustrating this can be. We have checked and see the server was under heavy load earlier with PHP processes from savagehearts using the most resources. Checking logs we see many wp-login.php hits:

    We'll be searching for: 06/Jul

    wp-login.php requests per site:
    182 cmspro.savagehearts.us-ssl_log
    206 getsquaredup.savagehearts.us-ssl_log
    257 artattacknm.savagehearts.us-ssl_log
    338 europaintinginc.savagehearts.us-ssl_log
    452 oncallcleaninginc.savagehearts.us-ssl_log
    635 uniquestone.savagehearts.us-ssl_log
    1294 savagehearts.us-ssl_log

    wp-cron.php requests per site:
    35 savagehearts.us-ssl_log
    43 cmspro.savagehearts.us
    44 savagehearts.us
    48 uniquestone.savagehearts.us
    82 europaintinginc.savagehearts.us-ssl_log
    171 europaintinginc.savagehearts.us
    224 uniquestone.savagehearts.us-ssl_log
    245 oncallcleaninginc.savagehearts.us
    277 artattacknm.savagehearts.us
    362 artattacknm.savagehearts.us-ssl_log
    376 cmspro.savagehearts.us-ssl_log
    662 oncallcleaninginc.savagehearts.us-ssl_log

    xmlrpc.php requests per site:
    31 cmspro.savagehearts.us-ssl_log
    38 getsquaredup.savagehearts.us-ssl_log
    39 oncallcleaninginc.savagehearts.us-ssl_log
    45 uniquestone.savagehearts.us-ssl_log
    52 savagehearts.us-ssl_log
    54 cmspro.savagehearts.us
    64 artattacknm.savagehearts.us-ssl_log
    65 europaintinginc.savagehearts.us-ssl_log
    69 uniquestone.savagehearts.us
    115 artattacknm.savagehearts.us
    403 europaintinginc.savagehearts.us

    We have a guide for handling brute force attacks with WordPress that includes a few different methods:

    https://www.a2hosting.com/kb/security/application-security/wordpress-security#Defending-against-brute-force-attacks

    This should help reduce resources. Optimization in general would help reduce resources and improve page load speed. Optimization would include some of the following and can be performed by you or your developer:

    - Review plugins and deactivate/remove ones that are not vital and no longer needed for your site to function. Each plugin uses resources and can slow down your site, try to practice a "less is more" approach to plugins. Some good questions to ask yourself would be "do I need this plugin?" and "do I only use this once a year?" if you only use it rarely, then remove it and you can install again later when needed.

    - Use a caching plugin if one is not already setup. Popular caching plugins are WP Fastest Cache, WP Super Cache, and W3 Total Cache. Sometimes it is best to try out others if you don't experience good results with one. We offer W3 Total Cache in our A2 Optimized plugin: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-the-a2-optimized-plugin

    - GTmetrix provides some optimization tips in their reports: https://gtmetrix.com/ -- After you run the report: If you click on the item and then hover over "What's this mean?" a dialog will show, then click on "Read more" for additional information. There's also a WordPress optimization guide here: https://gtmetrix.com/wordpress-optimization-guide.html

    - Enable compression, browser caching, and optimize image files: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/optimizing-website-performance

    - Use a CDN like Cloudflare: https://www.a2hosting.com/kb/add-on-services/cloudflare/how-to-activate-cloudflare

    - Setup a robots.txt file and set the crawl interval, if you already have this set you can increase it: https://www.a2hosting.com/kb/developer-corner/controlling-search-engines-and-web-crawlers-using-the-robots-txt-file#Example-5.3A-Control-the-crawl-interval

    - The Query Monitor plugin may be helpful for troubleshooting resource/slow performance issues, it shows SQL query information that you can provide to your developer: https://wordpress.org/plugins/query-monitor/

    - Optimize and repairing the databases may help, especially with slow dashboard performance: https://www.a2hosting.com/kb/cpanel/cpanel-database-features/optimizing-and-repairing-mysql-databases-with-phpmyadmin

    Feel free to reply if you have any additional questions or concerns.

    Best Regards,
    ==============================================
    Ben P.
    Support Specialist
    A2 Hosting - Our Speed, Your Success!
    +1.888.546.8946
    https://www.a2hosting.com/support

    ------------------------------------------------------------------------------------

    Thank you Ash for any help I can get on this.

    Have a great day

    Bart

  • Bart
    • New Recruit

    Hello Ash,
    There was further development today.
    I reach out to our hosting provider over the phone (A2Hosting)
    They seem to think it is an easy fix. Please see attached Text File.
    I already did the login URL Masking at the Defender. Could you do the rest as i am not sure or too afraid to screw it up.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.