Please check if my sites are secured

I had performance issues and when I asked my hosting about it they reported that my sites are under brute force attacks. I’ve followed their recommendations then downloaded “Defender Pro”.

Would you please check if my sites are clean and safe as Defender shows a lot of warnings on my sites? And I can’t tell which are harmful and which aren’t.

  • Ash
    • WordPress Hacker

    Hello Bart

    I have gone through all of your sites, thanks a lot for enabling support access. Most of your sites are clean.

    But here are two sites that you need to fix:

    https://www.sav****earts.us/

    In this site, these are the suspicious files. Those are:

    class-error.php

    wp-tinymce-help.php

    environment.php

    Environment.php

    common.php

    mycred-admin.php

    evalmath.class.php

    class-admin-builder.php

    class-admin-dragdrop.php

    class-admin-upgrade.php

    class-fields.php

    class-files.php

    class-form.php

    class-profile.php

    class-query.php

    class-followers-main-api.php

    So, if you don’t need those files for anything, feel free to delete it. All of those files contains eval function which is suspicious.

    Another site is http://www.art******knm.com

    It seems you have either used a one click installer or all of your core files are changed. So, what you need to is download wordpress from https://wordpress.org/download/ extract the zip file, upload wp-admin and wp-includes folder only (not the wp-content and other files) and overwrite the current files.

    Once you do this, run another scan, and it should be okay.

    Let us know how it goes. Have a nice day!

    Cheers,

    Ash

  • Bart
    • WPMU DEV Initiate

    Hey Ash,

    Is it possible for you to do this for me, please?

    I don’t have much knowledge when it comes to this.

    Also, I am getting email notifications from WPMU DEV in regards to sites going DOWN; then I will get another one when the sites are BACK online.

    I contacted A2Hosting about the issue. (Ash, you do have access to my hosting account) The following is their response:


    Hello Bart,

    Thank you for contacting A2 Hosting Support. I’m sorry to hear about the continued issues, we understand how frustrating this can be. We have checked and see the server was under heavy load earlier with PHP processes from savagehearts using the most resources. Checking logs we see many wp-login.php hits:

    We’ll be searching for: 06/Jul

    wp-login.php requests per site:

    182 cmspro.savagehearts.us-ssl_log

    206 getsquaredup.savagehearts.us-ssl_log

    257 artattacknm.savagehearts.us-ssl_log

    338 europaintinginc.savagehearts.us-ssl_log

    452 oncallcleaninginc.savagehearts.us-ssl_log

    635 uniquestone.savagehearts.us-ssl_log

    1294 savagehearts.us-ssl_log

    wp-cron.php requests per site:

    35 savagehearts.us-ssl_log

    43 cmspro.savagehearts.us

    44 savagehearts.us

    48 uniquestone.savagehearts.us

    82 europaintinginc.savagehearts.us-ssl_log

    171 europaintinginc.savagehearts.us

    224 uniquestone.savagehearts.us-ssl_log

    245 oncallcleaninginc.savagehearts.us

    277 artattacknm.savagehearts.us

    362 artattacknm.savagehearts.us-ssl_log

    376 cmspro.savagehearts.us-ssl_log

    662 oncallcleaninginc.savagehearts.us-ssl_log

    xmlrpc.php requests per site:

    31 cmspro.savagehearts.us-ssl_log

    38 getsquaredup.savagehearts.us-ssl_log

    39 oncallcleaninginc.savagehearts.us-ssl_log

    45 uniquestone.savagehearts.us-ssl_log

    52 savagehearts.us-ssl_log

    54 cmspro.savagehearts.us

    64 artattacknm.savagehearts.us-ssl_log

    65 europaintinginc.savagehearts.us-ssl_log

    69 uniquestone.savagehearts.us

    115 artattacknm.savagehearts.us

    403 europaintinginc.savagehearts.us

    We have a guide for handling brute force attacks with WordPress that includes a few different methods:

    https://www.a2hosting.com/kb/security/application-security/wordpress-security#Defending-against-brute-force-attacks

    This should help reduce resources. Optimization in general would help reduce resources and improve page load speed. Optimization would include some of the following and can be performed by you or your developer:

    – Review plugins and deactivate/remove ones that are not vital and no longer needed for your site to function. Each plugin uses resources and can slow down your site, try to practice a “less is more” approach to plugins. Some good questions to ask yourself would be “do I need this plugin?” and “do I only use this once a year?” if you only use it rarely, then remove it and you can install again later when needed.

    – Use a caching plugin if one is not already setup. Popular caching plugins are WP Fastest Cache, WP Super Cache, and W3 Total Cache. Sometimes it is best to try out others if you don’t experience good results with one. We offer W3 Total Cache in our A2 Optimized plugin: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/wordpress2/optimizing-wordpress-with-the-a2-optimized-plugin

    – GTmetrix provides some optimization tips in their reports: https://gtmetrix.com/ — After you run the report: If you click on the item and then hover over “What’s this mean?” a dialog will show, then click on “Read more” for additional information. There’s also a WordPress optimization guide here: https://gtmetrix.com/wordpress-optimization-guide.html

    – Enable compression, browser caching, and optimize image files: https://www.a2hosting.com/kb/installable-applications/optimization-and-configuration/optimizing-website-performance

    – Use a CDN like Cloudflare: https://www.a2hosting.com/kb/add-on-services/cloudflare/how-to-activate-cloudflare

    – Setup a robots.txt file and set the crawl interval, if you already have this set you can increase it: https://www.a2hosting.com/kb/developer-corner/controlling-search-engines-and-web-crawlers-using-the-robots-txt-file#Example-5.3A-Control-the-crawl-interval

    – The Query Monitor plugin may be helpful for troubleshooting resource/slow performance issues, it shows SQL query information that you can provide to your developer: https://wordpress.org/plugins/query-monitor/

    – Optimize and repairing the databases may help, especially with slow dashboard performance: https://www.a2hosting.com/kb/cpanel/cpanel-database-features/optimizing-and-repairing-mysql-databases-with-phpmyadmin

    Feel free to reply if you have any additional questions or concerns.

    Best Regards,

    ==============================================

    Ben P.

    Support Specialist

    A2 Hosting – Our Speed, Your Success!

    +1.888.546.8946

    https://www.a2hosting.com/support


    Thank you Ash for any help I can get on this.

    Have a great day

    Bart

  • Bart
    • WPMU DEV Initiate

    Hello Ash,

    There was further development today.

    I reach out to our hosting provider over the phone (A2Hosting)

    They seem to think it is an easy fix. Please see attached Text File.

    I already did the login URL Masking at the Defender. Could you do the rest as i am not sure or too afraid to screw it up.

  • Nithin
    • Support Wizard

    Hi Bart,

    Sorry for the delay in getting back to you. I’m afraid the file didn’t get attached in any of your previous replies.

    Could you please use Google Drive, or Dropbox etc to share the link to the attached text file in your next reply, so that we could have a better idea what your host had to say about the fix too.

    Please do let us know so that we could help get you sorted asap.

    Regards,

    Nithin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.