My guess is that some bloggers are as ignorant as I was of what to do. In fact, if I weren’t fortunate enough to get some help, I would’ve been doomed.So I thought I’d share what I did, along with tips for what to do if your blog ever gets hacked.
Fixing a website “hack” is actually a fairly heavy technical thing to do. Most bloggers are not webmasters. They are not really technical people. They’re probably people who simply purchased a web hosting account, maybe set up WordPress using a one-click install, and started blogging.
Often I find that the emails/posts I see that read “help me my site was hacked what do I do” or similar don’t get a lot of help. There’s a reason for this. People who are asking this question are not usually the type of people who are technically capable of actually fixing the problem.
This article will guide you through the steps involved in cleaning a hacked WordPress website. identifying the source of the hack, identifying the infection, cleaning the code, regaining control of your WordPress website or blog.
But, Before we begin,
Is Your Hacked WordPress Website Really Hacked?
Before you start the analysis and WordPress clean-up process, confirm that your WordPress have been hacked. We do receive a lot of false alarms; panicked WordPress administrators can confuse a spam message, or a broken down WordPress website with a hacked website.
What are the compromised websites used for?
Hosting phishing, spam pages, pornography
Other content or activity
Sending back link to hackers website
Find Out If your Website is Hacked?
Below are the common signs to lookout for in your wordpress website.
Displaying popups that you didn’t implement
Displaying odd text in your footer or in the “View Source”
Links to othersites or auto-linking of keywords that you didn’t create links for
Seeing obfuscated / encoded text in plugins
Website redirecting (immediately or after a short length of time) to another URL
Any mischievous or unusual activity or spikes in traffic or bandwidth usage
Other indicators of a hack include:
Website is blacklisted by Google, Bing, etc..
Host has disabled your website
Website has been flagged for distributing malware
Readers complaining that their desktop AV's are flagging your site
Contacted that your website is being used to attack other sites
Notice behavior that was not authorized (i.e., creation of new users, etc...)
You can visibly see that your site has been hacked when you open it in the browser
One of the great features is their email notifications when they detect bad activity (i.e. hacked!) on your site.
Scans your internet browser for security vulnerabilities, including outdated computer software and browser plugins like Java, Adobe Flash, Adobe Reader, and Microsoft Silverlight.
Google Safe Browsing diagnostics
(google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN ) See how does google sees it.
It will scan your Wordpress website for penetration attacks from a 360 degree view, to ensure complete analysis of potential issues. This deep scanner performs a through analysis to check for signs of infection, backdoors, trojans, suspicious code and other security issues.
Will scan your website for malware, trojans, backdoors, worms, viruses, whether your website is blacklisted by Google and other blacklisting authorities.
Runs a Complete Scan to automatically remove known security threats and backdoor scripts. Upgrades vulnerable versions of timthumb scripts.
Scans for the HeartBleed vulnerability - included in the free scan for all users. Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
It is a free virus, malware and URL online scanning service. File checking is done with more than 40 antivirus solutions
A malware scannerIt also runs its own searches for malicious or suspicious iframes, scripts, downloads, redirections, and other items.
check to see if your site is cloaked to GoogleBot, has spammy links, funny redirects, or otherwise appears to be hacked. do multiple checks, from detecting spam links, hidden text, up to sophisticated cloaking.
Above are telltale signs that you’ll be able to identify the hack.
Before we head over to steps to how to cleanup Wordpress. Have a look at this info-graphic given below about how to keep your wordpress security, A must follow wordpress security tips cheat sheet for all wordpress users.
Some of the important steps to consider if your wordpress is hacked and how to cleanup Wordpress.
Make a Backup
Identify How WordPress Got Hacked
Audit Logs and Web Server and FTP Server Logs
Non Used and Not Updated WordPress Plugins and Themes
Old WordPress Code and Installations
WordPress Users and Roles
Shared Hosting Providers
Check Other Point of Entries
Finding the WordPress Infection & Malicious Code
Check Which Files Modified in the Last Few Days
Check All HTML Files
Search for Infection Text
Reset your website admin password with phpMyAdmin
Update applications, extensions, plugins and themes
Remove your website from blacklists
Get help from google
Google has an 8-step program for unhacking your site, which include basics like identifying the vulnerability that was used to compromise your site, as well as how to request a review so Google will remove the dreaded “this site has been compromised” message from its search results.
For more info and all the details on what to do if you’ve been hacked, check out the new Help for Hacked Sites section of Google’s Webmaster Tools.
If you’ve ever had a site hacked or helped someone else resolve their hack issues, please share what worked best for you. Now is the time for “the fish wasthis big” stories.