How to Clean a Hacked WordPress Website
Is your WordPress website secure? No matter how secure your website is you cannot eliminate the smallest chance of it getting hacked. Studies show that 15-20,000 websites are hacked every day, that’s more than one website every 5 seconds. If your website is one of them this can be stressful damage your broad, all the hard work put into keeping your website updated can be lost within a few seconds. The following article will help you to undrestand how to clean a hacked wordpress website.
Importance of Having a Secure WordPress Website
Nothing can undermine the importance of having a secure WordPress website. A hacked website causes a lot of problems that can hamper your business. Your hard-earned ranking on search engines take a beating, your readers can become susceptible to viruses, your reputation nosedives because of automatic redirects to certain websites and all of your website data can be lost. Hence, security of your website should be the number one priority for every website owner. Having a reliable WordPress hosting provider becomes a prime important factor in this context.
What Are the Signs of a Hacked Website?
It often happens that users panic that their site is hacked if it does not respond or gets Spam comments. There could be some technical issues that also can give rise to problems which the users think otherwise. Following are some signs that indicate your site has been hacked:
- Appearance of unwanted pop-ups which you had nothing to do with
- Redirecting of your site to spammy websites for no reason whatsoever
- Continuous freezing of your website
- Unwarranted text being shown at the header or footer which was not incorporated by you
- Your keywords being automatically linked to outsider websites
- Receipt of a notice regarding malicious work undertaken by you from your web host
- Inability to login to the WordPress administration section.
Steps to Clean Your Hacked WordPress Website
Doing the cleanup of a hacked site is not as easy as one thinks and sometimes it is best to get it done by a professional. However, for the tech-savvy person following is a step by step guide that will help you to clean up your website. Before you begin it’s essential to reset your hosting admin and ftp passwords, if possible log into WordPress and re-set all admin passwords. Be sure to use the passwords provided by WordPress as they use highly complex passwords that hare had to decipher.
Check for Support from Your Web Hosting Provider
Selecting a good hosting service provider ensures high security for your site and also makes available support in case your site gets hacked. Before you embark on the cleanup it is wise to get an insight from your website host and follow any suggestions that they provide. Most of website hosts have professionals equipped with sophisticated website scanning tools. If the origin of the hack is the server of your hosting company then they can definitely help you to retrieve your website.
Reinstate Your WordPress Backup (if you have one, if not go onto the next section)
Keeping a daily backup of your WordPress site is a good habit that comes of great use at such times. This backup can be restored if your site gets hacked. However, all the files that are restored will have the backup date. This implies that changes if any made after this date will be lost; however, this remains a better option in view of your hacked website. Use the single-click installer in web hosting control panel and reinstate WordPress in its original location, say, the public_html directory or a sub-directory.
Once restoration is complete, any problematic theme or plug-in or any file can be manually removed. In cases where you don’t have a backup, or you don’t want to lose important content then you will be required to remove the hack manually.
Weather you have a backup of not, go onto the following, both backed up or existing hacked website.
Conduct a Website Scan with a Security Plugging/Tool
Regular updates of your WordPress plug-ins or themes are extremely essential as otherwise outdated files become the means for hackers to gain entry into your WordPress website. Therefore, inactive WordPress plug-ins or themes, if any, should to be deleted. Otherwise as stated above they offer an easy way for hackers to use as back-doors for quick access to your website. Back doors provide hackers easy accessibility to your website without the need for login information and thus they go on undetected.
Next do a full website scan to find out if there are any malicious scripts installed. The importance of a good WordPress security plugin is realised here as it enables the tracking of changes your site may have undergone in real-time. Choose a security plug-in that offers many features like web application firewall, measuring traffic in real-time, malware scanner, country blocking and lot others. The most commonly found hiding places for your hack are plugin and theme directories, WP-includes directory, uploads directory, wp-config.php and htaccess file. We suggest WordFence fully paid version.
Running the Theme Authenticity Checker follows next. If any malicious or suspicious code is found in the themes then the details including the codes that are malicious will be shown. There are two ways available to you to fix the hack. The code can be deleted manually or swap the infected file with original file. This applies to all your WordPress core files, theme files and also infected plugins. Ensure that the plugin and theme folder are exactly similar to the original ones.
Finally, if you have a hosting account that uses cPanel, log into your account and do a full virus scan of your server, in most cases a maldet scan is performed which can find files that other extensions done find.
Verify Your User’ Permissions
Verify your WordPress’ users section and ensure that the site’s administrator access rests with you and known team members. Any suspicious or unknown name appearing there needs to be deleted right away. Checking user’ permission all over again is the wisest thing to be done at such times. Some good practices to be followed in this regard are:
- The ‘admin’ username should never feature on the website. Common usernames that can be easily guessed should be avoided.
- Unapproved access of your website can be prevented by using a two-factor authentication.
- Your login forms should have ‘CAPTCHA’ feature integrated as this will eliminate the possibility of automated scripts or bots to access your website.
Modify WordPress Security Keys
The WordPress automatically adds a group of security keys to its wp-config.php file. It is necessary to modify this set of keys as they get auto-logged once you do it, which is what you want at this point of time. This is one of the safe actions that have to be taken in case your password has been stolen by the user who is yet logged into your website. The modification will cause all website users to be auto-logged out.
Modify Passwords Again
You had modified your passwords earlier and now it has to be done again. This is how you go: Update the password, cPanel/FTP/MySQL password of the WordPress. Do this at all places where the password is used and ensure that you adopt a strong one. If there are a number of users you will be required to reset the password for each one of them.
Going to the Cause of the Hack
Knowing the cause of the hack is essential to prevent you from making the mistake all over again. Your website is susceptible to two kinds of vulnerabilities that can be taken advantage of by hackers. They are the Common vulnerabilities and the Security vulnerabilities.
The source of Common vulnerabilities is your local machine or that of the hosting service provider. If your local network or PC is unable to operate optimally then this problem can occur. Hackers can gain access to your network and then make your website their easy target leading to a hacked WordPress site. Using an anti-malware or anti-virus scanning tool is a good idea. Your router should also be protected with effective firmware. For avoiding problems originating from hosting service provider it is better to opt for a reliable and secure hosting provider.
There are many Security vulnerabilities that can lead to a hacked WordPress site. A weak password combination or a username is one of the easiest ways for hackers to gain access. Usage of pirated plugins or themes is another sure way of compromising your site. What may be obtained free initially may prove very costly in the long run. Usage of outdated WP versions, plugins, themes are yet another cause for occurrence of breaches leading to hacks in websites. Most of the updates have some element of improvement, whether it is in the performance or security of your website. Hence, it is essential to update your plugins, themes and website as and when they are offered.
Tips to Avoid Your WordPress Site from Being Hacked
There can be no substitute to having a reliable backup solution for a strong WordPress site. The system should take a daily backup of your site to be on a safer side in case of an occurrence of hacking. In addition to this following are listed a few tips that offer protection to your site.
- Incorporate a website monitoring and firewall system
- Go for a Managed WordPress hosting
- Disable plugin and theme Editors
- Restrict login attempts in WordPress
- Admin directory to be password protected
- Disabling PHP execution in specific directories
- Ensure that your WordPress core, themes, plugins are kept up-to-date.
- Installation of a local antivirus program
Having your WordPress website hacked is a very discouraging experience and the major cause of a hacked WordPress website is the lack of keeping it updated and security used. Always make sure that you keep WordPress, plug-ins and themes updated, ensure that your passwords are strong and were possible organise monthly back ups of your website. Having a paid version WordFence is highly recommended especially when your site has been hacked into and if you find that you don't have the time to do this pay someone that will look after it for you.