Last Updated on December 1, 2011 by Dan Nedelko
In the last few days the Gumblar malware injection attack has been making the rounds and hopefully you’ve taken preventitive measures to ensure that you are as safe as you can be from this annoying injection attack.
Just so you’re aware the reason for this attack is Blackhat SEO spammers are attempting to insert a hidden link on your site for the purposes of link building. The problem is it’s not only illegal, it’s incredibly lame.
Here’s another scenario, let’s assume for a second that your site did in fact get hijacked. Likely what you will be left with is an annoying script in a tond of your WordPress site pages. Not just in your theme but in anything beneath wp-content that they could inject.
This might include:
- Your theme files.
- Your plug-ins (a very good case for limiting and auditing new plugins you add).
- Your wp-admin files (this is extremely annoying as well).
Your only solution at that point is to reinstall WP (thus over writing the compromised files), re uploading your theme (backup!) and reinstalling all of your plugins. That would then get every file restored.
Now that’s a time consuming and lengthy pain in the ass process to be honest. So let’s be a bit proactive and add some functionality to your WordPress site that will automate some of these things for you.
Here’s a list of trusted management, backup and resoration plugins I use on all my sites:
- WP-DBManager – this is a great plugin by the prolific Lester Chan (one of my favorite plugin authors). It will let you do database work and backups directly from your WordPress Admin. Very handy.
- WordPress Backup – this is also a highly recommended plug in that will backup more than just your post data. Run it regularly and better yet, automate it. My rule of thumb is that if it can be forgotten it will be forgotten. I’m the worst case of that.
- WP-DBBackup – this will help you automate that process and keep a nice fresh copy of your database on hand for that disasterous moment.
- eFiles Backup – this is a good one for a smaller site. In general any injection attack won’t hurt your database, just the content files. This little guy puts your files on eFiles.com – I haven’t tested it but I might actually give it a whirl.
- WordPress Automatic Online Backup – this is another promising service which I have not tried out but am thinking of giving a whirl. Like I said automation is key.
In general people do not like to think about things like backups. It’s not a very sexy subject to say the least. But from my experience there is nothing worse than having to weed through a mass of files, downtime, and just the frustration of repairing things.
These backups can make a bad experience like getting injected relatively painless. It’s a bit of a “set it and forget it” scenario.
If this is your first visit here you might want to have a look at my other WordPress Security and SEO Posts
All the best,
Dan
In

 
		
I like the plug-ins and think they are really useful. But in my case I usually use the back-up tools from the CPanel of my site to do the data back-up. Aside from that, I always make sure that my WP site is updated every time WordPress announces it. I also make sure that my local PC is free from any spyware or virus to prevent future infections like the gumblar. Luckily, I was not hit by this but some of my friend’s site were really hit badly by this.
I agree, a manual data backup (or even automating it using a Cron job) from CPanel is a good way to go. The real intention of the post is for those who want a wordpress integrated solution. Good points overall.
Awesome blog mate! regards from BlackhatGuide let me know if you want to partner up with my blog as well! =]
Hey Dan, that WP-DBBackup is certainly easy and handy too. Been using it for a while ^_^
Hey Justin,
Yeah it’s a fantastic plugin – it’s saved me a few times 🙂
Awesome blog mate! regards from BlackhatGuide let me know if you want to partner up with my blog as well! =]
thanks
installing these ‘back up’ plug in will just eat up space lol why bother? I mean, if you’re on a hosted site they got this back up button ready for backing up in just a click 😀
Well for a couple of reasons:
1. The ability to backup directly from the admin panel (good for clients and one step backups).
2. The backup utility provided by hosting companies is not generally automated and scheduled.
3. Backup utilities provided by shared hosts (if that’s what you are referring to) generally do not backup your database and webroot at the same time. If you use WordPress (or any CMS) you are missing half the equation.
4. These plugins backup everything you need for WordPress, wp-content and it’s children and the database.
So yeah. Also keep in mind that these tools are intended for either clients or people who want to be assured their sites are backed up easily and automatically.
Nuff said (I think).
Thank you for this useful information, I usually backup my site manually cause I’m not good in technical things, this plugins information help me so much, I will try it. Thanks for the sharing.
Having the ability to manage backups jobs from the Admin panel saves me from having to log into my server. Every little convenience helps.
This is a life saver the old methods always were a pain to do. More so because i was backing up multiple sites biweekly.