Is WordPress prone to malware?

I've had two websites that were infected with malware recently. Both run on WordPress and have generated randomized password protection. One website is custom made with basic WordPress added to it and the other is using a bought template with multiple plugins.

My question is if WordPress sites need some sort of Malware defence plugin? If not, what is the best I can do in this scenario? It's already gotten back once after I've loaded a backup for one of the domains and I'm scared it will come back again. I've gotten multiple mails from the Netcraft Takedown Service about webshells.

4 Comments
  1. Install Wordfence and do a malware scan. It’ll also point out security issues that may be causing the reinfection. Won’t cost you a cent. I’m the founder and CTO.

  2. Only if you’re using poorly coded plugins/themes, or nulled plugins/themes, or you don’t keep your plugins/themes updated regularly enough.

    If you’ve been hacked before, and didn’t properly clean the site, 99% of the time it will keep happening until you find the entry point.

    +1 for Wordfence.

  3. Out of the box with Hello World WordPress is pretty safe. It’s powering 40% of the web. The problem is too often people are cheap and used nulled plugins or don’t update their legit themes and plugins. It’s like one pager is $50, I’ll sell you 3 pagers for $50. It’s like a poisoned supply with these nulled plugins. They are bound to blow up in your face. If there is a shell running you probably got a zombie bot machine attacking hospitals and pizza shops and the girl scouts.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer