A bug has been going around the Internet that’s kind of nasty. Suddenly you see gobble-de-gook coming up when you attempt to share a link from one of your posts in Facebook and it has mentions of male enhancement drugs or shoddy loan sites. This is called the Pharma Virus. It’s a nasty bug and you don’t want to catch it. It’s tricky to get rid of, but can be prevented.
I was asked by a new client to go in and update her site because it hadn’t been updated in a while and her feed to Facebook was looking hacked. Her web designer had apparently gone AWOL and she couldn’t get a hold of her to keep her web site up to date. Her WordPress version was 3.1 and the current version (as of this writing) is 3.8.1. Lots of bug fixes have gone on since 3.1. It’s a perfect example of why you want to keep your site updated for WordPress, plugins and themes.
I checked out her feed at http://feedvalidator.org/ and saw the malicious code but couldn’t find it on the site. It looked like this:
After going through most of her files online, without seeing the bug, I called up GoDaddy, her host, to find out what was going on. I’d already installed a plugin called WordFence that finds and repairs malware and virus’s in WordPress. It’s a pretty nifty plugin. Although it found some other issues that I cleaned up, it didn’t catch the virus. The technician on the phone at GoDaddy told me it was the Pharma Virus and said it usually gets in through the theme files. This particular site has a custom coded theme that was designed from scratch, as far as I know. It wasn’t a premium theme that was customized such as my favorite themes at StudioPress or WooThemes.
I’m seriously beginning to hate custom themes. It’s not that there’s anything particularly wrong with them, but if the designer leaves and doesn’t keep the theme up to speed then you have to be pretty techie to figure out how to fix problems without the chance of breaking the theme. WordPress.org doesn’t give any advice for custom themes if you run into a problem. They only support WordPress themes on their site, and Premium themes support their own themes. I consider myself to be mildly techie, but am not a coder and have no wish to be one. I’m at the age where that’s not a priority for me. I have other goals in life that are much more fun.
I had to tell the client, at the recommendation of the guy at GoDaddy, to find her web designer, rebuild her site where it will be free of bugs, or hire a person who specializes in getting rid of this bug. She had spent about $3,000 to have her site designed and was not happy to hear this news.
The moral of the story is to keep your WordPress site up to date.
If you don’t want to learn to do it yourself, get someone to do it for you.
I offer a monthly WordPress maintenance package that includes 1 hour of my time per month at ½ my hourly rate and WordPress updates. You simply subscribe using my Paypal link. I would then need to have you give me login info to be able to backup and update your site. You get the ½ off rate only if you do the monthly subscription or you can simply pay me for 1 hour (at my normal rate) when updates are needed.
Updating WordPress is much easier than it has been in the past. However, you need to follow certain protocols to make sure your site doesn’t take a dump during the process. That includes making a backup of the site.
Bluehost, the host that I prefer, has a Site Backup and Restore Pro Service that’s only $19.95 per year. It does daily, weekly and monthly backups and will restore your site with one click if you make a boo boo. With Pro Backup, you really don’t need a backup plugin. It’s well worth it and the fewer plugins the better.
WordPress has also implemented auto updates for minor bug fixes. The major updates such as 3.8 – 3-9 are still done manually by clicking on the update button in the WordPress dashboard. Minor ones such as 3.8.1 are done without having to go in and do them yourself. I like this feature personally, although I’ve found that some sites, like mine, don’t always update right away and sometimes I have to go and do them. Other sites I work on, update immediately. I’m not sure yet why some do and some don’t yet.
Make sure to have SPAM protection as well on your site. Most WordPress sites come with the Akismet plugin already installed but many times the owner hasn’t gone in to create an Akismet account to activate it. This catches tons of Ccomment spam. Empty your Spam folder often and if any comments look fishy move them into the Spam folder. You can also use WordFence, Anti Virus, Growmap Anti-SpamBot and other plugins to keep your site secure.
If your site isn’t at 3.8.1 or whatever the current version is, make sure to get it and all your plugins updated. If your theme has updates as the good premium themes do, that needs to be done too. Don’t take the chance of losing your site, or having to pay big bucks, because the Pharma virus or other bugs have come in through a leak and messed it up.
To subscribe to my monthly maintenance service CLICK HERE.