cassininazir
commented
7 years ago Excellent work.
Let me know what we need to do for the SSL and cost.
Closed duncangallagher closed 7 years ago
cassininazir
commented
7 years ago Excellent work.
Let me know what we need to do for the SSL and cost.
duncangallagher
commented
7 years ago UPDATE: After examining cpanel I noticed that we already have SSL certificates for almost all (if not all) sites on that server, including artscilab.atec.io. However, by default, Wordpress was serving the site over HTTP instead of HTTPS, so it appeared to visitors as though we did not have one. This has been corrected, so the site should be automatically served over HTTPS now.
On a related note: upon correcting that issue, we started getting a console warning that an asset on our site was insecure: the ArtSciLab wordmark header image.
I think this is probably a simple fix, and will see how to load the resource over HTTPS correctly.
cassininazir
commented
7 years ago Links in the source attribute of anchor tags should begin with // instead of http:// or https://, allowing the browser to handle the correct protocol. So
Bad <a href="http://go.com">
Good <a href="//go.com">
cassininazir
commented
7 years ago Thanks @duncangallagher for fixing with such speed. You may close.
duncangallagher
commented
7 years ago No problem, wanted to also correct the 'Mixed Content' warning before closing. That has been fixed now also, so I'll close.
Google has been displaying a "This site might be hacked" message next to the search result URL of the main ArtSciLab website.
According to the information Google provides via the search console for the site, they believe the following pages were created or altered via URL injection:
This creates three tasks: 1) Examine the site to see if a hack has indeed taken place, and if so, how it happened and what was changed 2) Resolve the issue and have Google remove the message from our search result, so that users aren't afraid to visit the website 3) Take measures to prevent against future attacks, such as installing WordPress security plugins and altering some of the default WordPress code the site uses
Measures have been taken to complete these tasks, and I've documented these measures below for posterity.
1) To examine the site for altered or injected content, I've both visually scanned the HTML source files and used Chrome's developer tools. I have not found any unknown scripts or resources in the source files, and have not encountered any unknown sources in the network reports or resources of the site when using dev tools. This does not mean that a hack has not taken place, but I haven't found any content on these pages that is not meant to be there.
2) I also ran the pages through Google's Search Console "Fetch as Google' tool to see if any content was being cloaked (i.e., if Googlebot's crawling algorithm was seeing content on the page that we or our users are not seeing). The pages that Google rendered came back identical to the ones that we see, meaning that it is unlikely there is any hidden content on the page. After conducting these tests on all the pages Google thought might be hacked and finding no unknown content, I requested for Google to re-index these pages, so that Googlebot is aware of their existence and does not register them as spam. After doing this, I also sent a request to Google conveying these findings and asking for them to remove the "This site may have been hacked" message from our site. It will probably take a few days for them to get back to us.
3) Finally, we examined several WordPress security plugins to help prevent against future attacks. After installing and running a security test with Security Ninja, several measures were taken to increase the general security of the site:
We can also make the following changes as well, but I was unsure how often these features get used and didn't want to disable them without consultation:
I also installed the Google (XML) Sitemaps Generator for WordPress, which creates an xml sitemap for the site. This is used to communicate the existence and location of all the pages on the website, which makes it less likely that Google will label any of our pages as spam.
It might also be worth investigating if we can get an SSL certificate for the site.