WordPress Hacked: AnonymousFox

Modified: February 19, 2022

Anonymousfox WordPress hack

I am hired to clean and secure hacked WordPress sites on a regular basis. People hire me to identify if their site is infected, then clean them and properly secure them and maintain them ongoing.

Recently I dealt with a particularly ugly infection identified as Anonymousfox. There was a security vulnerability on the hosting account that enabled this to infect more than 2 dozen websites.

What is AnonymousFox.co?

Anonymousfox is a group that creates/shares/sells hacking tools to exploit and infect malware in website environments. This malware is complex and automates finding websites and web hosting environments that are not maintained by keeping code updated and patching vulnerabilities as they are identified. (Hackers keep on top of when vulnerablities are found , that is why it is so important for YOU to stay one step ahead of them and patch vulnerable WordPress code as soon as it’s made public.)

Anonymousfox infects code

Anonymousfox doesn’t only infect WordPress, it also targets other popular open source website software like Joomla and Opencart. Since WordPress is the most popular CMS on the Internet, you hear about it being infected more often.

Anonymousfox infects cPanel

Once the attacker sneaks in through WordPress, it then attacks the web hosting account control panel cPanel. They change the account email address to then reset the password. Then their fun really begins by infecting all of the website accounts it can.

With the site I cleaned up, the infection was particularly bad because the hosting account had FollowSymlinks enabled. This is a big security flaw in the default configuration (having symlink protection disabled) that give the hacker access to move through the websites on the account and infect them all. It may create email accounts on the website account to then sell to spammers. This can create more headaches for you by getting your domain blacklisted as a spam threat. It will change the main admin username in WordPress and often add additional administrator user accounts.

Website Security Consultant

I have cleaned and secured hundreds of infected websites. Most of them are built with WordPress. I can’t stress enough how important it is to keep your WordPress code updated all the time and regularly review your website for security vulnerabilities. If you don’t know how to do this, or don’t have the time, hire a professional website security consultant that can maintain it for you. If your business website is an integral part of your business, this is a no brainer.

Cleaning this website infection was very time consuming and very expensive to clean up. The minor cost of ongoing WordPress maintenance services outweigh the level of stress this created for the client, including downtime of their websites on top of the many hours I had to put into it on an emergency basis (Emergency basis meaning I had to drop all of my other scheduled client work to spend several days getting dozens of infected websites cleaned and secured.)

More Advice

Migrating a WordPress Site to a New Host

Migrating WordPress WordPress migration can be a complex process requiring planning and preparation to get

Monthly WordPress Maintenance Services – Is it worth it?

I’ve built and worked on hundreds of WordPress sites. Every quote I provide includes an

Why is my WordPress site so slow?

Reasons Why WordPress is Slow There are lots of possible reasons why websites run slow.

Should I disable WordPress automatic updates?

Automatic updates sound great. They just happen. You don’t have to think about it. There are some significant downsides to enabling automatic updates though.

Free Estimate

Do you need help with your website?

Get answers to your questions about hiring a web developer online to outsource website development, WordPress, maintenance and website support.

Working with a Freelancer Online

How to Hire a Freelance Web Developer

It’s easy with following these simple steps.

Communicate

Clearly email me specific details about the goal of your site and how it should function.

Quote

I will provide a proposal with a solid quote that explains exactly what will be done.

Agree

You agree to terms, sign agreement, send deposit and provide needed logins.

Review/Test

I deliver the finished code to you to review and test the website functions as we defined it.

Deploy

When you sign off that all is good, I send a final invoice and the new website is moved live.

Web Design & Development in the USA

Outsource web development remotely from Virginia Beach, Virginia to a professional & experienced web developer that actually delivers what they commit to.

Get help creating and growing your business on the Internet.

Web development consulting services including design & development to maintenance & support, hosting & SEO.

Development

Support

Get Website Help

Take the stress out of building, maintaining and managing your website by working with a “doer” – committed to delivering what we agree to and solving just about any website issues you may have.

Why hire a Freelance Programmer?

Hire a freelancer when you need help with your website, but don’t need a full time web developer.

With 25+ years experience, I’ve helped hundreds of small businesses build and maintain websites.