Preventing Microsoft Word Macro Viruses

Although our focus is on WordPress… we often get questions from our clients about non-WordPress virus and hack issues.

Here are some thoughts on common questions we get about MS Word viruses.

Microsoft Word malware rarely makes the news these days but unfortunately it exists. Word files received from other computers or a network carry a risk. Just because you have an anti-virus program installed on your computer doesn’t mean you’re a 100% safe. They can’t do anything until an update comes with a patch to fix the problem.

To protect yourself from a Word macro virus you first need to know what is.

What is a Word Macro Virus?

Word has a powerful feature which lets you create Visual Basic for Applications (VBA) programs– also known as macros. Macro viruses use this feature to copy the virus’s code to other files. VBA programs are stored in the Word document and template files.

The virus duplicates the code automatically to another file, usually Normal.dot, which is what Word loads with every file. So whenever you open or close the Word file or Microsoft Word itself, the virus copies itself.

Microsoft Word Macro Virus

Prevention

  • Document all files in the Word file’s startup folder and macros (if you don’t know how to find Word’s startup folder, use this quick tutorial). Write down the list of files and macros somewhere or take a screenshot and save it in a memorable place on your hard drive.
  • If you think you’ve caught a macro virus, then you can then check for viruses manually. Go to Tools> Macro> Macros in Word’s menu and a list of macros will be displayed. Compare these against the list you created earlier. Pay extra attention to any macros named AutoExec, AutoOpen, AutoClose, FileExit, FileNew, FileOpen, FileSave, FileSaveAs, and ToolsMacro.
  • In Word 97, you need to manually enable virus protection against macros. In the Word menu, go to Tools> Options, click on the General tab, and check the box for Macro virus protection (it might already by checked).
  • In Word 2000, you can set the security setting by going to Tools> Macro> Security and setting the security level to medium. It will automatically warn you if you are opening a file that contains a macro.

Malware & Virus Cleanup: Why?

One of the most important aspects of what WPSOS does is to clean up malware, viruses, and hacked websites.

In case you’re wondering why we do this, it’s because we’re committed to our mission: to remove all WordPress malware and viruses from WordPress websites.

It is a tall order — but someone needs to do it. If not, the bad guys win.

In other words: this is more than a job or a company for us. It is a calling. Good vs evil. We are dedicating ourselves to the good guys winning.

What is so bad about malware, viruses, and hackers? A few things.

First, they put software on your server without your permission. Anything on your server should have your permission!

Secondly, almost always, these are used for nefarious purposes — such as, sending out spam.

Third, since Google among others tracks how healthy your server is, if it is doing something bad such as sending out spam, Google will punish your server. Hence the famous “This site may be hacked” warning on some search results.

Fourth, the hacks could lead to you losing information on your server.

Conclusion: for not only practical reasons, but for profoundly moral ones — it is your server so you should do what you want with it! — we are leading the fight against the bad guys.

I feel like some inspirational music should be playing in the background while you are reading this!

-morgan

Security Warning: Increased Brute Force Login Attempts

There’s been a lot of noise in the WordPress security community the last days about the increased XML-RPC attacks. Here at WPSOS we’ve noticed the same and can confirm the various reports on it.

However, we’ve also noticed an increase in brute force login attempts. These are robotic algorithms that every x seconds guess a username (often ‘admin’ or just the username that posted a blog post) and then cycles through common passwords (“12345678”, “asdf1234”, etc) until it eventually gets a hit… or is banned.

Although WordPress itself is taking various measures to try to limit this — the latest version, for example, forces the creation of substantially harder to guess passwords — the hackers are often one step ahead.

The brute force attacks are getting increasingly brutal. We’d definitely recommend stronger measures to protect your login pages.

But what measures in particular?

Our two favorite methods are:

  • Use the .htaccess file to protect the login pages
  • Change the URL of the login pages

This is in addition to – obviously – the more basic anti-brute force protections that are essential: long, complex, unique passwords that you don’t write on paper or email or share openly with anyone and don’t re-use, for example.

But more on that common sense in another post. As they say: common sense isn’t that common!

morgan

WordPress Plugin: Stop Gravity Forms From Disappearing

Stop Gravity Forms From Disappearing is a simple plugin for ensuring that Gravity Forms never disappear.

The plugin solves the problem of Gravity Forms just not displaying on your page.

It’s a common issue with Gravity Forms: all is configured, everything is ready, the form published… but it doesn’t appear on the page. It’s just blank.

Note that this issue is most likely caused in case your used theme or another plugin is causing a JavaScript error, and the best way to resolve this issue is to fix the JavaScript errors. (See the comments below to see what Gravity Form’s suggestion is to fix the issue.)

Stop Gravity Forms From Disappearing forces the form to be displayed.

The installation and use is very straightforward. You should:

1. Upload the folder ‘stop-gravity-forms-from-disappearing’ to the ‘/wp-content/plugins/’ directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

If you have any suggestions, please let us know! You can contact us via http://wpsos.io/.