Hacked a site on WordPress?

Cases of hacking sites on WordPress are not uncommon. More often than not, it is the simple negligence of the user or the unfairness of the programmer. In this article, we’ll look at the basic actions for quickly eliminating the consequences of hacking and talk about methods of prevention. About everything in order:

Elimination of consequences

So, you were hacked, fact accomplished and fact unpleasant. Often after this site does not work at all or does not work correctly. The faster we eliminate the consequences, the better for users and search engines. Let’s start with cleaning. After hacking into the folder with WordPress a virus is injected, new redirects are assigned, or fake sites are uploaded. You need to find and destroy everything.

1. We remove superfluous
Through ftp we connect to the hosting and download the site to the computer. Copy on the server – delete.
In the downloaded version of the site, delete all but the following files and folders:

  • wp-content — main folder with custom themes, plugins and photos
  • wp-config.php — a file with connection settings
  • .htaccess — additional server configuration file for your site

All other files and folders do not affect the operation of your site and can be replaced from a fresh WordPress distribution.

2. Remove viruses
Finding them is not so easy, they often masquerade as system files. We use the help of antivirus systems. Often they are already in your hosting control panel, for example, in the popular cPanel is the ClamAV utility, or we check it with a regular antivirus. Most often, the viruses are inserted into the wp-includes folder, which we deleted in the previous step, in the remaining wp-content folder, first check the plugins. In most cases, malicious neighbors masquerade as plug-ins.

3. Remove third-party scripts
In addition to viruses, third-party scripts and html documents may be added to your folder, which will be indexed with your site. They will have to be searched manually. Carefully wool the wp-content folder for suspicious content. Here the antivirus does not help, it all depends on you.

4. Remove redirects
After hacking, your site begins to redirect the user to third-party resources, most often this is observed when entering from mobile devices. So we need htaccess. First, make sure that you have only one file and that you are in the root directory, all the rest – safely delete. The rest is downloaded and opened with the help of a convenient editor (Notepad ++, Notepad2, AkelPad), delete all unnecessary, or simply replace all content with the standard code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

5. Clean the theme files
Most likely the malicious code will appear in the files of your WordPress theme. Here you need to be careful and remove the code without damaging the structure of html. Favorite places to insert the code: files index.php, header.php, footer.php in the folder with your theme.

6. Gathering a clean site

Download the latest distribution of WordPress from the server and unpack it to your desktop. Remove the folder wp-content and wp-config and htaccess files from it and replace it with ours. Download the downloaded distribution to the server instead of the infected one. In most cases, the site should earn, but there are situations when the server used the old version of WordPress, and then it’s better to download from the official site exactly the version that was, with the new one there may be problems.

Prevention of hacking

So, the site has earned! But what can we do to prevent such a situation in the future?

1. Make copies. Regularly create backup copies of the folder with the site and the database.
2. Change the password and administrator login. The more difficult, the better.
3. Use only reliable and frequently updated plug-ins.
4. Regularly update the WordPress itself
5. Thoroughly hide passwords from the site, ftp and control panel from prying eyes

In the next article we will consider several technical ways to protect your site on WordPress from hacking. We hope that this information was useful to you.

Требуется подобная доработка? Напишите нам.