Problem Description:

Obox and Themeforest take security and code quality very seriously. Our files are always scanned before they are made publicly available. If you find evidence of malware inside a zipped theme downloaded directly from us or themeforest, please notify us immediately.  In all other cases, the attack likely happened at your host level, or the file you have came from an unauthorized source.

 

Answer:

 If you have been hacked:

  1. If your host was hacked, consider changing hosts or signing up for Obox Instant
  2. Contact your host to ask what they can help you with. In most cases, hosts can scan your web space for viruses or malware and ensure the server you are on has not been affected. Most importantly, they can tell you if the database has been infected or not.
  3. Connect to your web space via FTP and download any backups to your hard-disk. Be very selective in downloading anything else, and choose critical files you can’t live without. Know that any theme files cannot be restored later, so only back them up for reference if you have made changes.
    • Obox Instant customers can access FTP credentials via their Obox Dashboard. You may also access automatic backups, some of which may be clean prior to the attack, on your hosting control panel.
  4. Delete the entire contents of your web space, including your WordPress install.
  5. In your hosting control panel, create a new database. If you only have one database install available, delete the existing and recreate it. If you are unable to do this, at least reset the database password to something new and complicated.
    • A full phrase is the most secure.
    • Make note of the username, password and address.
  6. Download a fresh copy of WordPress from wordpress.org and upload the content of the file to your web space. Follow WordPress install instructions for setting it up OR if your host offers 1-click installs, you may opt to use that instead.
  7. Continue with your theme’s documentation for setting up your theme. If you have a backup export of your content, you may import it once WooCommerce is reconfigured under Tools > Import.
  8. Install some security plugins to help keep your site secure in the future. A few we can recommend are:

Preventing Hacks and Attacks

Reduce your chances of facing a do-over by hardening WordPress and following these simple steps:

  1. Never download themes from an unauthorized source, library or torrent site. Obox themes are only authorized for download on ThemeForest and our own site for Obox direct customers.
  2. Use difficult passwords for your database, hosting control panel and WordPress
  3. Always perform updates to themes, plugins and WordPress when available
  4. Check your comments and users are regularly and delete any spam or suspicious activity
  5. Install a security plugin and consider an anti-spam plugin such as Akismet, User Spam Remover or Spam Free WordPress
  6. Backup your site! WordPress has several plugins to help automate backups, such as WP-DB-Backup, WP-DB-Manager and even a WordPress backup to Dropbox. Check out your options under Plugins > Add New. (Search for “Backup”).
    • *Obox Instant sites are backed up automatically