Hosting

It comes with a powerful free version and the pro version is very reasonable.

Check out the free plugin here

Has your WordPress-hosted website been hacked despite all your security measures? unfortunately, this is the hard reality of this age that despite all the technology and WordPress security features, no website is completely safe from being hacked by professional hackers.

But, did you know as a website owner, you can take steps that can fix or clean your hacked WordPress site or determine if your site has indeed been hacked? Here is how…

Sure Signs of Hacked WordPress Site

There are several signs, both visible and less visible, which you can use to confirm if your WordPress has been hacked and compromised. Some of the common signs of a hacked WordPress site include:

  • Defacing of the website home page, which is the most visible sign. However, home page defacing may be avoided if the hackers want to remain undetected for a longer duration.
  • Injection of data or bad links to your website (example, your website footer), commonly done through the creation of a backdoor on the WordPress website.
  • A sudden drop or spike in the website traffic, as indicated by Google Analytics reports.
  • Inability to log in to your WordPress account as the admin, which suggests that your WordPress admin account may have been deleted by the hacker.
  • Creation of spam user accounts in the WordPress account, including those with admin user rights.
  • Addition of unknown files and scripts on your web server folder (commonly in the wp-content folder).
  • Slow or unresponsive website caused due to an overload of HTTP requests sent to your web server.
  • Inability to send or receive emails using WordPress, generally caused due to the hacking of the WordPress mail server.
  • Addition of unscheduled tasks to your web server by the hacker.
  • Browser warning about security risks when the user tries to access a compromised or hacked website, due to the detection of suspicious code or scripts running on the site.
  • The traffic to your website being redirected to another URL address.

Here are the steps to Fix a Hacked WordPress Site.

Here are the steps to follow to fix your compromised site:

1. Identify the Type of Hack

This can be done by using scanning tools, which can locate malicious codes. Additionally, check for any core vulnerabilities in the WordPress core files, located in the wp-admin, wp-includes, and other root folders.

You can also check the Google’s Transparency Report to use their diagnostic tools, which can indicate the current security status of your website.

2. Remove the Hack

  • Cleaning the Hacked WordPress Files: You can perform a manual fix on any core infected files such as the wp-config.php file or the wp-content folder.
  •  
  • Other infected custom files can be cleaned either using a backup file or a fresh downloaded copy.
  •  
  • Cleaning the Hacked Database Tables: This is required to remove any infected malware files from your database tables.
  •  
  • You can also use database search to locate any of the typical malicious PHP functions such as eval, base64_decode, or preg_replace.

Once you have identified the location of the malware files, you can compare them with a recent backup version of the data to see

what has changed. Removing the hack typically comprises of:

Fixing and restore your website can be achieved by any of the following methods, which are discussed in detail in the following sections:

  • Removing Backdoors: Another method that hackers use to gain illegal entry into your website is by backdoor PHP functions that are injected into files such as wp-config.php along with directories such as /themes, /plugins/, or /uploads. Common PHP functions such as base64, eval, exec, and preg_replace are used for backdoors and legitimate use by most WordPress plugins. Hence, along with avoiding any site breaking, backdoors must be properly cleaned to avoid any reinfection of the website.
  • Manual Clean-ups
  • Use of WordPress Security Solutions

 

Conclusion

Make Your WordPress Website much Faster.

Host it now on Cloudways Managed Cloud Hosting platform.

With the increasing number of websites being hacked or compromised, website owners must learn to stay calm and complete the entire process of website cleaning and restoration to prevent another security lapse in the future. If you have any questions on a hacked WordPress site, comment below.

  • Install a WordPress firewall plugin to provide protection for your website and lower the possibility of a future hack.
  •  
  • Additional steps include checking the user permissions for the WordPress admin rights, disabling of user cookies on the WordPress admin to prevent future hacks, and updating your WordPress account password.
  •  
  • Update all the installed WordPress plugins and themes. As the majority of the WordPress hacks occur due to vulnerabilities in third-party plugins and themes, it is important to report it to the plugin development team, who can develop and release a security patch. If you are not using certain plugins, remove them from your site.
  •  
  • Use the latest updates on all software on your WordPress site, as most vulnerabilities arise due to outdated versions of software tools.

Fixing the Vulnerability of Your WordPress Website

Along with repairing and restoring your hacked website, it is equally vital to fix the security flaws of the site that caused the hacking in the first place. Most hackers can exploit the security-related loopholes even after the compromised website has been cleaned and restored. Listed below are the points to remember to remove the security loopholes in your WordPress site:

This is among the fastest methods of restoring your hacked WordPress site back to running mode. This method can be implemented only if you have taken regular backups of your site and if the backup themselves have not been hacked. However, if your website has daily content changes and user comments, restoring your website using the backup method can make you lose valuable data.

Another limitation of backup restore method is that it does not work in the removal of any new infected files or folders added by the hackers to enable them to compromise a website repeatedly.

  • Cleaning to fix and clean the located malware. While WordPress security solutions such as MalCare offers auto-cleaning facilities, Theme Authenticity Checker (or TAC) checks for any malicious code in the installed themes and offers two modes of implementing the fix, namely either manual removal of the infected code or replacement of the infected file with the original clean file.

WordPress security solutions such as MalCare and SecuPress implement the best of security practices such as blocking of PHP execution in untrusted folders and changing the security keys. Most of the available security solutions fix the hacked website by performing the following steps, namely:

  • Scanning to determine the location of the malware and the infected files. Popular WordPress plugins such as Sucuri WordPress Auditing indicates the security status of your core WordPress files, along with showing the location of hacked files.
  • Manual removal of all infected files with new WordPress files (available through download) or replacement all the WordPress files (including the infected ones) with the downloaded files.

A primary indicator of a hacked website is the presence of malicious code inserted into the eval (base64_decode) code function, which is located in the wp-config.php file. Most hackers add and hide their malicious code within this function, which becomes difficult to ascertain from the normal code.

Alternatively, hackers can hide the malicious code in other vulnerable PHP functions such as file, preg_replace. Overall, manualclean-ups are challenging to implement as it involves identifying the malicious hacker code, which can be inserted in different code combinations and patterns.

WordPress Security Solutions

If you do not have the technical know-how to implement a manual clean-up, it is best to apply a practical WordPress security solution. Additionally, most professional hackers hide their malicious scripts in different folder location of WordPress, which enable repeated hacking and are difficult to scan and remove.

  • Website Backup Restore

Manual Clean-ups

A hacked WordPress website can be manually cleaned using either of the following options:

  • Manual replacement of the infected files with the downloaded copy.
  •  

Preventing your WordPress site from getting hacked


We use and recommend using wordfence for WordPress since it comes with so many awesome features for free.

It comes with a powerful free version and the pro version is very reasonable.

Check out the free plugin here

Get an SSL certificate next!

If you are looking to get a very affordable (less than $10) SSL certificate we highly recommend using gogetssl.

We use gogetssl exclusively for our SSL certs because of the price and ease of use.

With Gogetssl we have been able to order and secure a sight fully within MINUTES. check out a super affordable comodo SSL certificate HERE

Once you have installed your certificates or want to test it out simply go to the SSL checker and test out your confiugration.

3