AGP was approached by a nonprofit organization about a potential security concern with their WordPress website that utilized the WooCommerce plugin in conjunction with custom code integrating with a 3rd party CRM vendor. The organization discovered that their WordPress website had been hacked, and malware was injected into several plugins, database, and core WordPress files.
AGP had worked with this client for a number of years to help build and manage another one of their websites. Since then, they have expanded their services to assist with their digital and direct response fundraising efforts. It was because of this established relationship that this client enlisted AGP’s help to diagnose the issue and create a plan for bringing the site back online in the safest way possible.
Lines of communication were setup between executives, 3rd party vendors, operations, senior engineers, user experience, and project leads. AGP conducted an assessment of the damage, performed a WordPress rebuild, and successfully re-deployed the site.
Performing a Comprehensive Audit of the Hacked WebsiteÂ
Working with the client’s project and IT teams, AGP developers quickly ramped up on the site and documented how it used to work in preparation for forensics. AGP initiated an air-gapped review of the hacked code, database, and files. A comprehensive and detailed report was created showing timeline, code samples, and clear evidence of malware injection within WordPress. These report findings were instrumental in getting client cyber insurance approval and creating a blueprint for the site’s rebuild.Â
Key findings from forensic analysis:
- When did the hack start?Â
- When was the hack identified?Â
- What file and database changes show proof of the hack?Â
- Any sensitive user data present?Â
- Any sensitive client data present?Â
- Did the hack spread into or through 3rd party integrations?Â
The Rebuild Â
AGP put together a comprehensive plan to rebuild the WordPress website. This required AGP and the client’s IT team to work closely together on a weekly basis to restore the website to the same level of features and functionality from before the hack.Â
Â
This included:Â
- Fresh WordPress buildÂ
- Fresh WordPress plugins with licensesÂ
- Configuring WooCommerceÂ
- Hardening 3rd party integrationsÂ
- Creating and configuring custom post types and taxonomyÂ
- Hardening the CMS, theme and custom codeÂ
- Remigrating content to the fresh buildÂ
- Collaborative testing and QAÂ
- Getting client approvalÂ
- Launching the websiteÂ
- Continuous monitoring of the website post launchÂ
The Value of Ongoing Website Maintenance and SecurityÂ
Following the successful launch of the new website, AGP onboarded the client to their ongoing maintenance program. Services in this program include automated backups, web application firewall rules, WordPress plugin, and security updates. Â
 AGP follows a well-tested process for deploying code and plugin updates on your WordPress website. In addition, we recommend using cloud services such as Cloudflare as a first line defense against malicious actors trying to break into your site.Â
Take steps to protect your website: Â
Your organization should consider partnering with an agency with the experience and expertise to keep your website secure.  It’s important to follow a maintenance plan that includes the following:Â
- Make sure you have access to the domain registration and DNS providersÂ
- Make sure you have access to your hosting portalÂ
- Make sure you retain all WordPress paid plugin licensesÂ
- Install security monitoring services (Wordfence)Â
- Make sure you have automated backups with multi-week retentionÂ
- Make sure all custom code is in version control, and you can access itÂ
- Verify WordPress security updates are applied regularly or are automatedÂ
- Apply automated security testing to the website and custom codeÂ
- Make sure your hosting provider employs a Web Application Firewall, or get your own Cloudflare account setupÂ
Why work with AGP:
AGP is a trusted partner who works with clients to empower them. Beyond implementing technical best practices, it is also our policy to ensure client business continuity, making sure clients own their accounts, their licenses, and have access to their code and backups. We provide ongoing support to ensure their websites and users are well protected.
WordPress runs over 40% of the internet’s websites. It’s a big target. Bad actors use automated hacking tools that are quick to deploy and can exploit WordPress vulnerabilities in minutes. Make sure you have the ongoing support of experienced and skilled experts at your service.