Last weekend, my blog was hacked. Within a few hours, everything was back to normal. But it was scary. And I didn’t know what to do.
My guess is that some bloggers are as ignorant as I was of what to do. In fact, if I weren’t fortunate enough to get some help, I would’ve been doomed. So I thought I’d share what I did, along with tips for what to do if your blog ever gets hacked.
Fixing a website “hack” is actually a fairly heavy technical thing to do. Most bloggers are not webmasters. They are not really technical people. They’re probably people who simply purchased a web hosting account, maybe set up WordPress using a one-click install, and started blogging.
Often I find that the emails/posts I see that read “help me my site was hacked what do I do” or similar don’t get a lot of help. There’s a reason for this. People who are asking this question are not usually the type of people who are technically capable of actually fixing the problem.
This article will guide you through the steps involved in cleaning a hacked WordPress website. identifying the source of the hack, identifying the infection, cleaning the code, regaining control of your WordPress website or blog.
Before you start the analysis and WordPress clean-up process, confirm that your WordPress have been hacked. We do receive a lot of false alarms; panicked WordPress administrators can confuse a spam message, or a broken down WordPress website with a hacked website.
- Hosting malware
- URL redirect
- Hosting phishing, spam pages, pornography
- Other content or activity
- Sending back link to hackers website
Below are the common signs to lookout for in your wordpress website.
- Displaying popups that you didn’t implement
- Displaying odd text in your footer or in the “View Source”
- Links to other sites or auto-linking of keywords that you didn’t create links for
- Seeing obfuscated / encoded text in plugins
- Website redirecting (immediately or after a short length of time) to another URL
- Any mischievous or unusual activity or spikes in traffic or bandwidth usage
Other indicators of a hack include:
- Website is blacklisted by Google, Bing, etc..
- Host has disabled your website
- Website has been flagged for distributing malware
- Readers complaining that their desktop AV’s are flagging your site
- Contacted that your website is being used to attack other sites
- Notice behavior that was not authorized (i.e., creation of new users, etc…)
- You can visibly see that your site has been hacked when you open it in the browser
One of the great features is their email notifications when they detect bad activity (i.e. hacked!) on your site.
Scans your internet browser for security vulnerabilities, including outdated computer software and browser plugins like Java, Adobe Flash, Adobe Reader, and Microsoft Silverlight.
- Google Safe Browsing diagnostics
(google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN ) See how does google sees it.
It will scan your WordPress website for penetration attacks from a 360 degree view, to ensure complete analysis of potential issues. This deep scanner performs a through analysis to check for signs of infection, backdoors, trojans, suspicious code and other security issues.
Will scan your website for malware, trojans, backdoors, worms, viruses, whether your website is blacklisted by Google and other blacklisting authorities.
Runs a Complete Scan to automatically remove known security threats and backdoor scripts. Upgrades vulnerable versions of timthumb scripts.
Scans for the HeartBleed vulnerability – included in the free scan for all users. Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
It is a free virus, malware and URL online scanning service. File checking is done with more than 40 antivirus solutions
A malware scanner It also runs its own searches for malicious or suspicious iframes, scripts, downloads, redirections, and other items.
check to see if your site is cloaked to GoogleBot, has spammy links, funny redirects, or otherwise appears to be hacked. do multiple checks, from detecting spam links, hidden text, up to sophisticated cloaking.
Above are telltale signs that you’ll be able to identify the hack.
Before we head over to steps to how to cleanup WordPress. Have a look at this info-graphic given below about how to keep your wordpress security, A must follow wordpress security tips cheat sheet for all wordpress users.
- Make a Backup
- Identify How WordPress Got Hacked
- Audit Logs and Web Server and FTP Server Logs
- Non Used and Not Updated WordPress Plugins and Themes
- Old WordPress Code and Installations
- WordPress Users and Roles
- Shared Hosting Providers
- .htaccess Files
- Check Other Point of Entries
- Finding the WordPress Infection & Malicious Code
- Check Which Files Modified in the Last Few Days
- Check All HTML Files
- Search for Infection Text
- Reset your website admin password with phpMyAdmin
- Update applications, extensions, plugins and themes
- Remove your website from blacklists
Google has an 8-step program for unhacking your site, which include basics like identifying the vulnerability that was used to compromise your site, as well as how to request a review so Google will remove the dreaded “this site has been compromised” message from its search results.
For more info and all the details on what to do if you’ve been hacked, check out the new Help for Hacked Sites section of Google’s Webmaster Tools.
If you’ve ever had a site hacked or helped someone else resolve their hack issues, please share what worked best for you. Now is the time for “the fish was this big” stories.