Case Study: Bergland.bg (Natural Cosmetics)
Bergland.bg is a WooCommerce-based e-shop for Natural Cosmetics that we helped set up, protect from malware and speed up. The owner of this project is one of our dream customers: she is willing to learn, experiment and improve on her own, and follows instructions very diligently.
How It Started
When we first talked to our customer about 9 months ago, she was using a SaaS platform to host her web store and was already feeling the limitations imposed by that service, but at the same time she felt reluctant to switch to a self-made platform on her own, as she did not think herself knowledgeable enough to make a design that suited her.
We explained to her how easy to use WordPress is and discussed at length the advantages of WooCommerce. We then did what we usually do with prospective customers: we offered to set her up with a clean installation of a WordPress+WooCommerce on our staging server, where she could see for herself how things worked — no strings attached.
Unlike other customers however, she did not take us on our offer but instead set herself up with a local development environment to try things out. She chose the Astra theme and Elementor Pro, and within a month or so she felt comfortable enough with the results she was achieving that she closed her SaaS account and with a little help from us she moved her website to an inexpensive local hosting company.
WordPress Malware Cleanup
Three months or later our customer contacted us in distress because her website appeared to have had been hacked. Unfortunately, she had fallen victim to a couple of vulnerabilities for Elementor that caught many unsuspecting website owners by surprise in early May 2020.
She first tried to contact her hosting support, but they weren’t particularly helpful. A support tech extracted an earlier backup and found it to be infected, too, and shrugged (to be fair, we wouldn’t expect much more from a $3.50/mo shared hosting service anyway). At this point our customer asked us to take over and fix things. Here is what we did to recover her website from the malware and how we made sure this doesn’t happen again.
For cases like this one, we rely on a very important service that is part of our toolbox — our Virusdie agency account. Virusdie offers a combination of three services rolled into one: (1) an anti-virus/malware scanner service that is specifically designed to catch and remove malware on popular PHP-based CMS systems such as WordPress, Magento, Drupal Joomla and many others; (2) a Web Application Firewall that blocks all common infection vectors and safeguards against future intrusions, including zero-day exploits and (3) a Blacklist monitor which regularly checks whether a website has been included in over 60 popular black lists.
We put the customer on our plan with Virusdie and installed their scanner on her website. It quickly identified several hundred infected files which were summarily repaired (when they belonged to WordPress core or a 3rd party plugin) or quarantined, subject to deletion (when generated by the malware). We then upgraded all plugins within the website to their latest versions and cross-checked the source code of the repaired files against the known good copies at WordPress.org just to be sure everything was fine.
We then had a talk with our client to teach her about the importance of keeping WordPress core and all plugins updated at all times, especially when minor or bugfix versions become released.
Automating WordPress Safety
Keeping one or more websites up to date can be a chore and in order to make things easier for our customer, we set her up with another tool that we use to manage our own WordPress sites, and the websites of customers that we actively manage on subscription basis. This tool, called InfiniteWP, is a free, self hosted control panel that communicates with WordPress website(s) via a client plugin that the user installs from the WordPress plugin repository (see the InfiniteWP client).
Once installed, InfiniteWP allows the user to set up automated scans and to send themselves reminder emails once daily when there are updates that need to be installed. It also has other abilities that might come in handy, like making local backups (helpful when one is unsure whether a theme or plugin update may break something), show server configuration or even posting remotely to the blog, if needed.
By putting this whole system in place, we made sure our customer was well-protected from malware. As we write this project summary, bergland.bg is kept safe by several layers of security:
- The Virusdie WAF takes care of most common attacks and blocks them in advance;
- The InfiniteWP service makes sure the customer applies patches and updates at least once daily;
- The Virusdie scanner service runs once daily as well and alerts both us and our customers when it detects something out of the ordinary, including the cases when a vulnerability for a plugin has been announced and the local version is not yet updated.
The website is no longer a low-hanging fruit and is now better-equipped to withstand future attacks. But it turned out we still had some stuff to do…
WordPress Speed Optimization
To be continued…