About Why Not Weekend
Why Not Weekend is a Miami-based tour & travel website that provides hotel packages, concerts, nightlife events bookings, and more at one place. It has a WordPress-based online platform that was running on version 5.6.
The Why Not Weekend WordPress website (version 5.6) encountered a serious malware attack, malicious HTTP redirection, and traffic hijack. It was experiencing an unusual repetitive website redirection issue to an unknown URL. This severely affected their online business and day-to-day revenue.
They commissioned Tech9logy Creators for the purpose to restore and repair the malware attack.
Services We Provided
Challenges & Solution
1. Restore: Immediate Hack Recovery by Malware Removal –
We immediately recovered the website from the security breach by actively responding to the alarm. Clearing malware was our primary task; we scanned website data and removed the malware manually. The website was recovered from the hack within 5 hours. Below are the detailed steps:
- We scanned the website to identify & clear all unknown folders & files.
- We identified & removed a malicious plugin, Diamba, that was installed by the hacker.
- We removed all unknown scripts in header files.
2. Repair: Thorough Website Scanning to Identify Loophole & prevent bounce attacks
The website was experiencing extreme bounce attacks. While responding actively was the immediate need, preventing bounce attacks was the real challenge. So, we scanned the website to identify the cause of the security breach and provide a permanent solution. One of the key issues we came across was the lack of website maintenance. Following are the steps we undertook to secure their website against future attacks:
- Updating to the latest WordPress 5.6.1 version
- Removing unnecessary plugins, database & files
- Updating the existing plugins & themes
3. Security: Additional Security Measures to keep the platform Safe & Secure Against Future Attacks
Further, our experts assisted clients in securing the platform and preventing future attacks. This included:
- Installing WP iTheme Security Plugin that suited the organization’s requirement.
- Updating credentials for admin, service & hosting.
- Adding another security layer with Google RECAPTCHA.
- Regularly checking for contact form RECAPTCHA details.
- Adding 2FA (Two Factor Authentication).