Does Your WordPress Site Have a Virus?

I recently discovered that two of my clients had viruses on their WordPress sites. Each had a different virus, and both viruses were ‘Backdoor Trojan’ type, rated Severe. These viruses can change or delete your settings and can steal credit card info, email addresses etc. from you or your customers.

I found the viruses because my client’s websites are backed up to my hard drive as part of the monthly maintenance program I offer. My personal virus detector caught them.

I Googled “how can my website get a virus” to find out how this could have happened. The answers indicated that a virus within your website comes through someone who has your admin ID and password. This most likely does not mean your password has been stolen. However, it could mean you infected the site yourself, if your hard drive had a virus which attached itself to content you added to your blog or other pages.

It could also come from someone who was authorized by you to work on your site. I know many people who hire through Fiverr (or other companies) to get special plugins installed. I’m not pointing fingers here… there are many fine freelancers and they provide great services.

Besides, placing blame and living in fear will not keep us protected. Here are the important things to keep in mind:

1) Your website needs to be backed up on a regular basis. Don’t rely on your hosting company to do it for you.

2) Your website files need to be scanned for viruses too… it’s not just for your hard drive.

The virus detection program I use is Microsoft Security Essentials. It’s free, and it runs nicely in the background without slowing down my system. I also have it set to do a deep scan in the middle of the night. Here’s the link if you would like to download it

If you would like to have us take care of your site so you can take care of your business, feel free to contact me at



Does Your WordPress Site Have a Virus? — 2 Comments

  1. Hi Bonnie. One of the best free plugins I’ve found to protect a blog is BulletProof Security and can be found via the Add New plugin panel in the WordPress dashboard. It creates htaccess files for all the major entry points use by hackers including the WP Admin folder. It will notify you of any attempts to access your site and also has a backup process for all your htaccess files. Well worth checking out. I see you on Facebook in WordPress groups and enjoy sharing your posts. Bye ~ Dennis

Leave a Reply

Your email address will not be published. Required fields are marked *