Hardening WordPress/DreamHost and Cleaning Infected Sites

Hi all,

I am frequently having issues with my WordPress sites getting hijacked. I have DreamHost accounts with a couple different clients and it isn’t just one of them. I frequently change passwords to “strong” ones, and change FTP/MySQL/WordPress ones to all different ones.

I am familiar with cleaning sites. It seems the fastest method is to restore the currently installed WordPress code, disable (by renaming) plugins that throw PHP errors, and then install a WordPress Anti-Malware scanner plugin and run that to clean it all.

Are there any tools out there that can run on an ENTIRE DreamHost login/FTP account and clean multiple sites simultaneously, without having a working WordPress site?

I use Wordfence and it did a great job on a site of mine that got hit. Since then, I use Cloudflare (free and paid plans) and rarely see attacks.

That being said, my first thought is the attack vector is WordPress. Plugins throwing errors is certainly a bad sign.

The following article has some suggestions:

Things I’d do:
Make sure each domain runs under its own user
Set DreamHost user to SFTP only
Give above user super hard password
Use SSH key for above user (https://help.dreamhost.com/hc/en-us/articles/216499537-How-to-configure-passwordless-login-in-Mac-OS-X-and-Linux)
Make sure your fully hosted domain is running Enhanced Security option in DH panel Manage Domains (edit your domain)
Run PHP 5.6 or newer

Run Wordfence scan on Wordpress installation

In addition to WordFence, it may be useful to put wp-login behind httpasswd to fence off the dumbest bots (the vast majority). Check https://codex.wordpress.org/Brute_Force_Attacks