Panic. That’s the feeling you get when you discover that your website, blog or e-commerce have been hacked. You may have detected a backdoor, malware or infection, or maybe you have seen more obvious evidences of a hacked WordPress. As a Google’s message.
What to do if I have a Hacked WordPress?
The steps we recommend you to follow are:
1- First of all, make a backup of your site files and your database. Especially if you are not really sure of the steps to fix the problem and you have not removed malware on your WordPress before. Yes, that backup will be infected, but this will prevent you to lose data in your WordPress in case of removing something valuable. Ideally, you should have a backup that is not infected.
2- The first to analyze are core files of your WordPress CMS, wp includes and wp admin. If you doubt if they are infected, you can download WordPress again and compare the files to detect if you must delete something that should not be there.
3- The next would be the theme files. It is one of the top targets to inject malware as hackers or attackers seek to infect as many users as possible. Using these files they reach directly to the users that interact with your pages or posts. You can start with common files, index and the rest. If you have any doubt, as in the case of the core files, you can re-download the WordPress theme and install the files that you are not very sure of. You can try installing updated versions of the theme, scan again and if it’s clean, there was malware in the theme. Problem solved.
4- Plugins. The main target in which attackers or hackers hide malware or backdoors. To avoid this means to:
- Don’t install pirated software
- Delete the WordPress plugins that you do not use
- Continually update the ones that you do.
- Remember that there is something called Fake Plugins. Everything looks normal, has the appearance of a plugin, but is actually the focus of all your problems. Be sure of what you install on your site or check continuously to keep your site healthy.
5- Database: if the results in Google searches are warnings about your hacked WordPress, it is very likely that there is malware in your database. They may have injected links, for example. Analyze and clean everything you see that does not correspond to your database.
6- .htaccess file: it is true that some plugins can modify the htaccess file lawfully. Although this is where a hacker can write redirects to other sites. Websites we do not want. If you detect suspicious links, remove them.
7- Server: less common, but maybe the server has been hacked. Something we already discussed in the post about shared hosting. If the attacker has left backdoors there, probably a long time ago, even if you fix your web and restore the backup from yesterday or last week, the backdoor is still there. So it is best to look at the logs of your server. Analyze if there are unknown IPs in your logs.
What to do after a hack to avoid reinfection?
Once you have recovered the service on your WordPress, it’s time to prioritize WordPress security. You must carry out actions to prevent it from being hacked or infected again.
- Update it all: WordPress CMS, theme, plugins.
- Change all your passwords. All, with no exception.
- Check who has access to your site There are websites that have many, many, ‘administrators’, try to have only those that are really necessary.
- Clean your website: remove old themes, plugins, versions or back ups.
- Scan your laptop or workstation to make sure there are no Trojans or any type of virus. Remember never to manage your website from a public computer.
- Do back ups, remember, if you do not have 3 you do not have any.
- Think about designing your website, blog or e-commerce in a secure way. Separating all the elements, database, backup, logs, etc. to diversify the risk.
- Disable execution of PHP files from /images/wp-content /uploads
- Make sure you have logs
- Disable files edition in wp-config.php
If you have a WordPress site and you need a step by step guide to clean up your site, we have a good one. And remember there are services that help you in the analysis, cleaning and recovery of your website.
0 Comments Leave a comment