GSS-Text-Proto-Light_Margin

Maritime Trades Department

Website Design & Development

Cyber Security Response: WordPress Website Malware Infection with Compromised Hosting

Website Recovery and Redesign

The AFL-CIO’s Maritime Trades Department (MTD) gives workers employed in the maritime industry and its allied trades a voice in shaping national policy. The MTD’s network of 21 port maritime councils has given maritime workers a formidable grassroots presence in port and coastal cities all across the nation.

Representing a wide array of workers, the councils have given the Department’s 23 affiliates a mechanism to pool their resources on a wide range of issues and projects.

GSS helped initially to recover an outdated and compromised website under emergency circumstances, securing it while a modernized version could be built.

GSS worked with MTD to bring a new face to the department with a robust and secure backend that is also user-friendly for editing and creating new content.

Having previously used a basic budget WordPress hosting provider, their website, which had become a critical communications tool, experienced a security breach that compromised its functionality and the integrity of its content. Gray Street Solutions, a leading Washington, DC based WordPress design and development agency, was enlisted to diagnose and resolve the issue.

Services

Website Recovery

Website Design

Ongoing Website Maintenance

Situation:

  1. As WordPress websites age, often their original themes are either not kept up to date or are abandoned by the original developer.
  2. Failing to maintain both the website’s frontend, backend and database leaves the door open to hacking via automated bots and manual intrusion.
  3. Website Hosting: You get what you pay for! Budget hosting providers often neglect best practices for security and do not enforce minimum standards for their server environments, leaving you open to attacks on other customers’ websites. Website hosting without active management leaves the door open to vulnerabilities being exploited – server environment updates are not enforced, and outdated / depreciated plugins are not updated or removed as needed. The level of maintenance needed is often unknown or underestimated by non-technical staff responsible for procurement.

Remediation Steps:

  1. Secure and patch legacy website; Deactivated and removed unused/unneeded plugins and those with known vulnerabilities
  2. Cleaned up hosting directory structure by removing redundant WordPress core files and installing directories
  3. Implement Cloudflare Security Firewall and WordPress EDGE Security Suite
  4. Analyze and Repair WordPress Database; Updated PHP from 5.5 to version 7.4 as versions 5.5, 5.6, 7.0, 7.2, and 7.3 are deprecated

Future-proofing Actions:

  1. Redesign and rebuild the website on a modern page builder (Elementor)
  2. Migrate to secure hosting via WP Engine
  3. Implement WordPress EDGE Security Suite and CloudFlare to limit full administrator access and block known bad actors
  4. Client Education and Training

Results:

  1. Website Visits: Prior to this, Google Analytics was not implemented. Since launching the redesigned website, search engine traffic and form conversions are measurable.
  2. Website Ease of Use: The website interface is now much more user friendly, making common day-to-day updates more efficient.

Notable Quirks:

  • The hosting provider did not force PHP Updates – As a result, the attacker likely exploited a PHP vulnerability (version 5.5)!
  • Backup files compromised- This is why Gray Street uses multiple redundant online and offline backups for WordPress website recovery.
  • Outdated and Compromised Theme: Website directory files installed multiple times
  • Fake WordPress Administrator Account had been created: “wpadminas”

Challenges Faced

Urgency and Downtime: MTD’s website is vital for disseminating information and resources to its stakeholders. The security breach made it impossible to continue updating the website, and the presence of malware led to search engines and corporate intranet firewalls preventing access, effectively blocking their ability to communicate with their audience.

Security Concerns: The WordPress hack resulted in malware infection, making the website vulnerable to further attacks and compromising the security of sensitive data such as supporter names and contact information.

Loss of Credibility: As the website was defaced and infected with malware, MTD risked losing credibility with its stakeholders.

Complexity of Hack: At their prior vendor’s suggestion, the client used an inadequate low-budget hosting reseller, “deluxe hosting,” which lacks basic security measures to prevent unauthorized access to the hosting account administration or to the server itself. An abandoned WordPress website theme and lack of proactive cyber defenses made this site a virtual ticking time bomb.

Solutions Implemented:

Immediate Containment: While it is sometimes necessary to take a compromised website offline, we were able to contain the malware and safeguard data with minimal downtime.

Diagnosis and Cleanup: GSS conducted a comprehensive scan to identify the source of the breach and the extent of malware infection. Upon identification, Gray Street cleaned up the infected files, removed malicious code, and restored the website’s content from a recent backup.

Security Enhancement: Gray Street Solutions upgraded WordPress to the latest version, updated all plugins and themes, and implemented our “WordPress EDGE Security Suite,” which includes maritime industry-specific firewall and brute force attack protections, as well as simplifying and securing the WordPress administrative interface.

Search Engine Reputation: To restore MTD’s credibility in search engines, we submitted requests to remove security warnings and reinstate the website’s original standing.

Monitoring and Reporting: GSS implemented continuous monitoring to detect any future attempts of unauthorized access or malware, and provided MTD with comprehensive reports about the breach and the steps taken to rectify the situation.

Outcomes:

Quick Recovery: MTD’s website was successfully restored in less than 72 hours with minimal damage to content and functionality.

Enhanced Security: The updated security measures provided by Gray Street Solutions’ WordPress EDGE Security Suite significantly strengthened the website’s resilience to future attacks.

Stakeholder Confidence Restored: By openly communicating the issue and how it was resolved, MTD was able to rebuild trust with its stakeholders.

Conclusion:

Gray Street Solutions’ rapid response and comprehensive approach to MTD’s website breach proved crucial in mitigating damages and restoring functionality and security. This case demonstrates the importance of timely, skilled intervention in the face of cyber-attacks, and the critical role that digital agencies play in protecting their clients’ online presence. Through the successful collaboration between Gray Street Solutions and MTD, a potential disaster was averted, with lessons learned for future vigilance and resilience.

New Website by GSS

Original Website

Contact Us

Timeline / Life of the Lead

See the rich history of your contacts interactions with you, your website and your marketing content on the Life of the Lead. The timeline shows all communication your team has had with the contact, including calls and emails, as well as engagement touchpoints such as web page views, emails opened or clicked, Social Media interactions and Chatbot conversations.

Activity Feed

Get real time updates on how leads are engaging with your sales process – Activity Feed provides insights into which leads are interacting with your sales activities and collateral. See filterable activities in a live feed including:

  • Email Opens & Clicks
  • Website Visits
  • Media Views
  • Incoming Emails to your mailbox
  • Forms submitted
  • Social Media interactions (including LinkedIn, Twitter & Facebook)