Setting up anti-hacking protection for the Memory website

Client information

Memory is a company specializing in the organization of international transportation of the deceased and the provision of a full range of funeral services. The project solves complex and sensitive problems related to the need to repatriate bodies and conduct burials, especially when this requires crossing borders and coordinating various authorities.

CUSTOMER REQUEST

A client approached us with a critical problem: his website was broken. The main task was to quickly identify the reasons for the hack, eliminate the consequences of harmful activity and restore the full and safe operation of the resource. The client expected not only to correct the current situation, but also to take measures to prevent similar incidents in the future.

Input data

Market:

Ukraine

Niche:

Transportation of the deceased and funeral services

Progress of work

After receiving a request from a client about the hack of the Memory website, our team immediately began a comprehensive analysis to identify the source and scale of the incident. The first step was to conduct a deep diagnostic of the entire system, covering the inspection of the file structure, databases, server logs and configuration files. We looked for types of web application vulnerabilities that could be exploited by attackers, as well as the presence of malicious code or hidden backdoors.

The analysis showed that the site was broken due to discovered security weaknesses that allowed attackers to access the file system. This emphasized the need not only to eliminate the current consequences, but also to create a reliable mechanism to protect the site from hacking in the future.

Based on the data obtained, we developed and implemented a multi-layered security system, including both proactive and reactive measures.

1. Developing a plugin for monitoring file integrity: We have created a specialized plugin, which is our own solution for protecting WordPress from hacking. This plugin constantly monitors the integrity of site files. Its main functionality is as follows:

Integrity check: The plugin regularly scans all site files, comparing their current hash sums with reference “healthy” copies saved in a safe place. This allows you to identify any unauthorized changes.
Automatic comparison and recovery: When any changes in files are detected, the plugin automatically compares the modified files with their “healthy” versions. If a discrepancy is detected, the plugin automatically overwrites damaged or modified files with the original, unmodified versions. This ensures quick recovery after an attack, minimizing site downtime.
Notification system: For a prompt response to potential threats, the plugin is integrated with a Telegram bot. In case of detection of any changes or suspicious activity, the site administrator receives an immediate notification in Telegram, which allows you to quickly assess the situation and take additional measures if necessary. This mechanism is the most important element of WordPress site security.

Setting up anti-hacking protection for the Memory 2 website

2. Strengthening the security of the administrative panel: One of the most common types of web application vulnerabilities is unauthorized access to the administrative panel. To avoid this, we have introduced strict security measures:

IP address access restriction: We set up a security plugin that allows access to the site’s admin panel only from a predefined list of allowed IP addresses. Any attempt to log in from an unauthorized IP address is automatically blocked. This makes it much more difficult to hack the site using brute force or other attacks.
Blocking after an unsuccessful attempt: After the first unsuccessful attempt to enter a password, the user and their IP address are automatically blocked. This effectively counteracts password guessing and makes unauthorized access attempts virtually impossible.
Changing the URL of the admin panel: The default address for entering the admin panel (/wp-admin or /wp-login.php) is a known point of attack. We changed it to a unique, complex link consisting of a chaotic set of characters. This means that attackers will first have to guess the correct URL for entry before they can even try to guess the password. This is a powerful barrier to protecting WordPress from hacking.

Setting up anti-hacking protection for the Memory 4 website

The result obtained

As a result of the work performed, the functionality of the Memory-Rityal website was fully restored, and all identified vulnerabilities were eliminated. Thanks to the implemented methods of web application protection, the client received not just a restored, but a significantly more protected resource.

Key achievements:

Reliable protection against repeated attacks: Thanks to the developed file integrity monitoring module, the site now automatically detects and corrects any unauthorized changes, acting as a permanent shield against malicious interference. This ensures continuous security of the WordPress site.
Increased resistance to brute force attacks: Setting up a security plugin and changing the URL of the admin panel have significantly complicated access to the admin panel for unauthorized persons. It is now almost impossible for intruders to guess the password or even find the entry point.
Prompt notification of threats: The notification system via the Telegram bot provides instant notification of administrators about any suspicious activity, allowing them to quickly respond to potential threats.
Risk reduction: Thanks to a comprehensive strategy that includes both proactive (file monitoring, IP restrictions) and reactive (automatic recovery) measures, the risk of hacking the Memory-Rityal site has been significantly reduced.

The implemented solutions not only solved the current problem of the site hacking, but also ensured long-term security of the WordPress site, giving the client confidence in the stable and secure operation of his online resource. This case demonstrates the effectiveness of our methods for protecting web applications and the ability to protect a WordPress site from complex cyberattacks. We are confident that these steps are the foundation for further safe operation and development of the client’s web resource, minimizing the risks associated with types of vulnerabilities in web applications.

Do you want reliable protection for your website?

Let’s make your website impregnable! We specialize in comprehensive protection of web resources from hacking, using advanced technologies and individual solutions. Contact us to ensure reliable security and uninterrupted operation of your online project.

Setting up anti-hacking protection for the Memory website