A cWatch blog in June 2018 revealed that third-party WordPress Themes with from WordPress.org still contain malware which can cause your server IP to be blacklisted, site front page to be blank or the site to be broken when attempted to delete the files. It also allows additional malware to be installed. The malware is hard to detect because of its complexity and encryption, but a threat assessment can help identify it.
cWatch recommends the following for “Dealing with this level of sophistication requires a multifaceted approach.
- Utilize a more complicated pre-moderation of plugins and themes on popular portals such as wordpress.org.
- Before implementing any themes and plugin, scan them with a reliable AV scanner. This will help to identify any malicious code.
- Back up – Back up – Back up your website before implementing any new code.
Ultimately the best way to mitigate this type of infection is to choose any third-party code wisely. In addition, having comprehensive cybersecurity knowledge remains critical in protecting websites and users alike. Having security analysts as a resource to inspect and investigate all code would be ideal.”
Duffy Compliance Services can help identify and address such risks. https://duffycompliance.com/