Content Management Systems (CMS) are very high targets of malicious attacks. To help you in identifying and resolving the issue, we’ve prepared a short guide below. Our Technical Support team should also be able to guide you in the right direction – simply Submit an eTicket.
Common causes of compromised websites
- The use of an outdated version for a platform such as WordPress, Joomla! or Magento.
- Using outdated plugins, themes, or add-ons/modules.
- Insecure or identical passwords being used for administrative areas such as the platform dashboard, cPanel and/or FTP (this includes using the same password for these services as you do for other websites).
What can I do to resolve this issue?
- Address the common causes. Make sure your platform and anything you’re using with it (plugins/themes/add-ons/modules) are all up to date and are still actively being developed. You may also like to reset your cPanel/FTP login details as a precaution. VIPControl can automatically generate a strong password for you, if you prefer.
- Engage a developer and/or website security company (we recommend Sucuri).
- Install a security plugin. For WordPress, a very popular choice is Wordfence. To help combat comment spam (on WordPress, Joomla! and Drupal), a good plugin to use is Disqus.
- Restore your website from a backup. We take disaster recovery backups on a daily and weekly basis for accounts under 10GB on our Legacy Economy and WHM Multi hosting services. As a last resort, you may wish to request the manual restoration of one of these (though do keep in mind there is a $49.95 fee for this to be done). On our new Reseller, Shared and legacy Business plans we offer free R1Soft backups.
We always recommend that customers take their own backups, so if you have your own backup file, we’ll happily restore this for you, free of charge.
Please note: Restoring from a backup could potentially re-open the vulnerabilities on your website. Please make sure to investigate the issue and make any necessary adjustments such as patching or adjusting passwords.