WordPress is unquestionably the world's most popular content management system used for creating blogs. The use of plugins have allowed WordPress to be used to create stunning websites for companies, online shops, social networks and a lot more.' But WordPress has come under intense attack and has been hacked quite often due to certain vulnerabilities associated with bad plugins and outdated versions. Never mind, we all have come under attack before and have suffered hacks so we will teach you from our experience.
You will also want to read:
Automatic Update in WordPress
7 Security Tips for a WordPress Website
In this article, we look at the basic steps a beginner should take to recover a hacked WordPress site.
First and foremost, no matter which platform you're using, WordPress, Drupal, Joomla, etc - any site can be hacked!.
When your WordPress site is hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn or other bad neighborhood websites, and worst lose your entire site data.
If your website is a business, then security should be one of your top priorities. That's why it's crucial that you have a good WordPress hosting company. If you can afford it, then absolutely use managed WordPress hosting.
Make sure that you always have a good WordPress backup solution such as BackupBuddy in place.
Last but probably the most important, have a robust web application firewall such as Sucuri.
Let's take a look at the step by step guide on how to fix your hacked WordPress site.
Step 1: Have a Professional Do it for You
Security is a serious matter, and if you're not comfortable dealing with codes and servers, then it's almost always better to have a professional do it. This is because hackers hide their scripts in multiple locations allowing for hacks to come back over and over again.
Although we will show you how to find and remove them later in this article, you can have a peace of mind when an expert clean your website.
Now, simply follow the steps below to clean up your hacked WordPress site.
Step 1. Identify the Hack
First, try to remain calm and write down everything that you can about the hack. Below is a good checklist to run down through.
Can you login to your WordPress admin panel?
Is your WordPress site redirecting to another website?
Does your WordPress site contain illegitimate links?&
Is Google marking your website as insecure?
Write down the list because this will help you as you talk with your hosting company or even as you go down the steps below to fix your site.
Note: You will need to change your passwords before you start the clean up. You will also need to change your passwords, when you're done cleaning the hack.
Step 2. Check with your Hosting Company
Start by contacting your web host and follow their instructions. Most good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better.
Sometimes the hack may have affected more than just your site, specially if you are on shared hosting. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc. You may even get lucky and the host might clean up the hack for you.
How to create a simple portfolio website with WordPress
How to update your WordPress installation
Step 3. Restore from Backup
If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn't hacked. If you can do this, then you're good to go clean and take additional security measures to avoid a further hack.
If you don't have a backup, or your website had been hacked for a long time, and you don't want to lose the content, then you can manually remove the hack.
Step 4. Malware Scanning and Removal
;Look at your WordPress site and delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.
Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing. This allows them to regain access even after you find and remove the exploited plugin.
Once you have done that, now go ahead and scan your website for the hacks.
You should install the following free plugins on your website: Sucuri WordPress Auditing and Theme Authenticity Checker (TAC).
When you set these up, the Sucuri scanner will tell you the integrity status of all your core WordPress files. In other words, it shows you where the hack is hiding. The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.
Next run the Theme Authenticity Checker, and it will display your results
If theme authenticity checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.
You have two options for fixing the hack here. You can either manually remove the code, or you can replace that file with the original file.
For example, if they modified your core WordPress files, then re-upload brand new WordPress files from a fresh download or all WordPress files for that matter to override any affected files.
Same goes for your theme files. Download a fresh copy and override the corrupted files with the new ones. Remember do this only if you didn't make changes in your WordPress theme codes otherwise you'll lose the changes or custom codes.
Repeat this step for any affected plugins as well.
You also want to make sure that your theme and plugin folder matches the original ones. Sometimes hackers add additional files that look like the plugin file name, and are easy to ignore such as: hell0.php, Adm1n.php etc.
Keep repeating this step until the hack is gone.
Step 5. Check User Permissions
If you see a suspicious user there, then delete them.
Step 6. Change Your Secret Keys
Since WordPress 3.1, WordPress generates a set of security keys which encrypts your passwords. Now if a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.
Step 7. Change Your Passwords AGAIN
Yes, you changed the passwords in step 1. Now do it again!
You need to update your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used this password.
If you have a lot of users on your site, then you may want to force a password reset for all of them.
Moving Forward - Strengthening your WordPress site.
Miantain a desktop backup for your site. Aside from that, here are some more things you can do to better protect your site - these are not in order and you should do as many as you can!
Setup a Website Firewall and Monitoring System - Sucuri is a good one here
Switch to Managed WordPress Hosting - Most managed WordPress hosting companies go to extra lengths to keeping your site secure.
Disable Theme and Plugin Editors - It's a best practice.
Limit Login Attempts in WordPress
Password Protect your Admin Directory - Add an additional layer of password to your WordPress admin area.
Disable PHP Execution in certain directories - Adds additional layer of security.
And whatever you do, always keep your WordPress core, plugins, and themes up to date!
Managing WordPress Security Plugin Vulnerabilities
The vast majority of the vulnerabilities that have prompted a WordPress hack have been connected to plugins. WordPress has a substantial developer community which is the power behind the tremendous measure of plugins available in WordPress. Some of the time, some plugins are not upgraded to be compatible with current WordPress versions and sometimes, the plugins themselves do have security shortcomings.
For instance, past forms of the WP Super Cache plugin were affected by a cross-site scripting (XSS) defenselessness that could furnish potential assailants with access to your site. Also, a couple of sites made the news subsequent to being hacked by individuals from Islamic State sympathizers by means of a vulnerability in the FancyBox plugin. Another plugin, Yoast, was defenseless against visually impaired SQL infusion assaults, which can prompt database breaches of classified data.
Despite the fact that the plugin developers rapidly came up with a fix, it conveyed the truth and security dangers connected with plugins, because of their tendency and distinctive coding principles, they do come with security issues. At the point when outsider plugins interface with WordPress, vulnerabilities are regularly created that can permit an variety of assaults, similar to buffer overflow exploits or SQL infusions.
Since Vulnerable WordPress plugins are basic, it's essential to take safety measures as could reasonably be expected with standard security measures, taking a look at what security plugins you have introduced, furthermore by and large maintaining your plugins in a standard way.
Prescribed WordPress Security Tips
Keep plugins frequently updated. Redesigns for plugins frequently contain fixes for found vulnerabilities and upgrading them is a simple approach to secure your site.
Utilize Our Recommended WordPress Security Plugins. Click for details
The right security plugins can shield your site from numerous sorts of vindictive exercises. There are even plugins, for example, WordFence, that will examine your site for changes to both your WordPress core files and your plugins' source code
Adopt the Safe Plugin Responsibility Practice
One pivotal part of safe plugin obligation is general updates.The first piece of plugin obligation is to overhaul, upgrade, update! Enabling automatic update for WordPress Core will permit it to naturally upgrade at whatever point another release is available, minimizing the danger of vulnerabilities. Obviously, we've specified utilizing upgraded plugins and subjects to minimize hazard. It might likewise help to consistently check this upgraded rundown of known WordPress vulnerabilities to keep you mindful of any known issues. In conclusion, rehearsing appropriate plugin obligation implies just downloading plugins from trustworthy sources or with high client appraisals, and erasing any unused plugins from your WordPress. Code from latent plugins can even now be hacked!
While outsider plugins accompany a sure measure of danger, these basic steps will offer you some assistance with protecting your site from attacks.