Methods To Revive A Hacked WordPress Site:
Is your WordPress website being redirected to a malicious website?
Is your WordPress website blacklisted on Google?
Is your WordPress website being flagged by AntiVirus software?
Are you getting authentication failures in WP admin?
Did you notice any unauthorized user creation or plugins/posts?
Does the website behave oddly?
Are any files/links missing?
Did you notice too many emails being sent out from WordPress?
Does website analytics show more traffic than expected?
If the answer to any of the above questions is YES, you are HACKED. So don’t wait, ACT ASAP.
Where should I start?
The first thing you need to do is, take a backup. This includes Web Files and WP Database. This might sound foolish for a hacked website. It’s done just to make sure that we have something in hand with which we can rebuild the website, in case the hack is too destructive resulting in the wipeout of the entire live website before you could clean it up.
The most common reason is ignoring security updates. It is important to update WordPress core, plugins, and themes. It is recommended to keep an eye on the files that get created on your website.
So what’s the action plan?
You are lucky if you know exactly when the oddity occurred.
- Change all the passwords before starting the clean-up.
- Do check for files/directories other than that of WordPress/Plugin on your website. A quick check can be done using ‘find’ command to get the list of newly created files/directories. They are generally seen under themes, plugins, wp-uploads, and wp-includes. But it is always safe to go through each and every directory/file as timestamps may not be correct most of the time. To remove the malicious code from the listed files.
- You have to use a malware file scanner like maldet, or CXS to identify the vulnerable files, and remove the malicious code from the listed files.
- Next thing to check would be the website’s access_log. It should give you a clue on when the hack attempt was made, and how was the new plugins or files created. It can show you which plugin/file is vulnerable, resulting in the hack. Do note the IPs that accessed such files/plugins and block them on the server.
access_log for a hacked WP domain
N.B. You can use a WordPress plugin like Sucuri Security to track more vulnerable files.
- If a database table is hacked, connect to the DB server using phpMyAdmin, and edit the table to fix it.
- Unless you have a customized version of theme or plugin it would be a straightforward easy job to perform the WordPress upgrade. For customized ones, you may need to contact your programmer so that the customizations can be integrated to a newer version.
Lastly, a few things that can help prevent future hacks:
Delete Inactive Themes/Plugins
Enable 2-step authentication
Limit the number of login failures
Restrict WP admin login for single IP
Password-protect WP Admin page
Use strong passwords
After the clean-up process, change the password again. Now you are good to go!
Thanks for dropping by. Ready for the next blog?