What to do when your WordPress site has been hacked

Posted OnMar 19, 2015     CategoryUsers & Security     CommentsNo comment

Most likely you’ve been told “WordPress is Easy! Anyone can do it!”.

What no one tells you is that are some steps you need to take to prevent or greatly reduce the chance of your site being hacked and what to do if this happens.

This guide will cover both areas.

Preventing a Hack

Step 1) Create a back-up on a regular basis of both the WordPress files and accompanying database. There are a number of plugins available (free and paid versions) that can assist with this task. If your site was hacked, you can always revert to a back-up.

Step 2) Navigate to the Users area of the Dashboard and review the list of registered users. If there are users you do not recognize, you should investigate this and delete the User(s), if necessary.

Step 3) Make sure each user has a strong password assigned. To create a strong password, click here. Passwords should be a minimum of 15 characters in length, contain symbols and numbers and be changed on a regular basis.

Step 4) Add a plugin that stops a hacker from continually trying to login. For example, Wordfence. This plugin records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

Step 5) Login to your Control Panel (cPanel) or server and remove the following files from the root folder of WordPress:

  • readme.html
  • wp-config-sample.php
  • wp-signup.php – (delete or rename – hackers can use this to gain access to your site)

These files contain information that may give a hacker a way to access your site. After this, download WordPress fresh from http://wordpress.org and extract the zip file, then replace the deleted files with the fresh copies.

Step 6) Many hackers like to add code to the header file so that it displays on each page of your site. To prevent this, navigate to the active theme folder of the WordPress files. Locate the header.php file in the appropriate theme folder. Right mouse-click over the header.php file and change the permissions to read-only.

Step 7) Install a malware plugin that, if set up properly, will continually scan and prevent possible attacks.

In a nutshell, the best defensive is a good offense. There are a number of plugins that are available to prevent and monitor suspicious behavior. For example, Wordfence.

When your site has been hacked

Over the years, we have dealt with websites that have been hacked and the stress that the webmaster is put under to get the site back up and running.

Below are some tips we offer:

Step 1) Perform a malware and anti-virus scan of your environment. The issue may have come directly from your local computer.

Step 2) If you are able to log in to the Dashboard, install a security plugin, such as Wordfence. Setup and and run this plugin. This will give you a list of issues with the site to work through.

Step 3) If you are not able to log in to the Dashboard, you can try Resetting the Password OR log in to the the database directly, open the users table and change the password from there.

Step 4) Change all passwords.

Step 5) Change any secret keys.

If you do not have a back-up, download the same WordPress version as you are currently running. Install this to your local computer in a separate folder. Replace the modified file(s) on the server with appropriate file(s) from the fresh installation.

After you have re-stored your, site we recommend you upgrade to the latest version of WordPress, upgrade all plugins and make a back-up of the WordPress files and database.

Is Your Site Blacklisted?

Once you have corrected the issue(s), log in to your Google Webmaster Tools Account.

A message will display to the right of the thumbnail picture of your site indicating that malware has been detected.

Click the View Details hyperlink for additional details.

Complete the Ask for Review text area and outline the steps you took to remove the malware.

Most of the time, Google will get back to you in 24 hours either giving your site the ok or providing details on what needs to be fixed.


Leave a Reply

Your email address will not be published. Required fields are marked *

Send this to friend