As I began to use WordPress as my primary platform for development I was able to produce projects much faster and provide my clients with more features at a lower rate. Because of its reliability and ease I continue to use it for most my projects, but also began to look into its hacks and security issues.
I recently began working on recovering a site that had been brought down by goddady because of reported phishing attacks. We were told that we needed to remove a list of files and a specific theme in order for them to bring the site back up. After taking the necessary procedures I contact them and informed them that all files had been removed. When I asked if they will re-scan our site for malicious files I was told no.
I was told that there are lots of small anti-phishing organizations that work with larger cyber security organizations to protect banks and other big businesses. Also that one of these organizations had contacted and informed them that this site was in violation of phishing scams and that it had to be brought down immediately. They were also told that if they did not remove the content that was in violation that this site could not be brought back up. What surprised me most was that the only reason they audited this site was because of the notification that they had received.
I was also informed about a file called timthumb.php which is where the exploit is at, and was advised to avoid using any theme that included this file. Since our theme was dependent of this file I needed to find an alternative solution and avoid completely replacing it.
Apparently many popular themes such as WooThemes, Vilisya, and Bombax are dependent of this file and because of that are prone to this exploit. It also became clear to me that this problem had only recently been discovered and because of that not to many people were aware of it.
Luckily there is a easy solution where all you have to do is ftp and replace the file on your server.
For detailed instructions on how to solve this problem and protect your site click on the link below.