- WordPress website administrators are encouraged to carefully inspect both website and event logs for signs of infection using the indicators of compromise in the Sucuri blog post.
- Regularly monitor and check for backdoor code and the addition of any admin accounts.
- Keep all website themes, plugins, and other software up to date, remove unused plugins and themes, and utilize a web application firewall.
- Inspect, clean, and protect all websites hosted under the same server account.
- Isolate important websites with separate server accounts to prevent malware propagation from neighboring websites.
- Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes.
