My WordPress site has been hacked

CMS Managers Malware Removal

My WordPress site has been hacked?

Your WordPress Site has been hacked, Now what? Once your Site has been hacked it is easy to panic. Let’s take a minute to relax, figure out how the hacker gained access, and repair your site as quickly as possible.

WordPress, an extremely popular Host and Prey

Protect Your WordPress Admin areaWordPress is an extremely popular host and prey. Boasting its popularity as the number one hosting site offering unlimited potential, this popularity has its negatives as it is also the most popular among hackers as well.

Looking to commit mass attacks on as many sites, Plug In’s, and themes with similar coding, Hackers target this similar coding-making WordPress both a great host and easy prey. It’s not unlikely that your site was hacked not in part to you being specifically targeted, but you were probably a victim of a Mass Attack.

While hackers don’t tend to linger on sites that have incorporated premium themes and quality plug ins, it is still not uncommon that they make some attempt to hack your WordPress Site. If you have been victim to an attack on your site, WordPress.Org can provide you with some common questions and possible solutions to restoring your site.

Fixing Your Hacked WordPress Site

All is not lost once your site has been hacked; fixing your WordPress Site after a hacker has claimed it is a time sensitive matter. For every second that the hacker has control of your site your customer data is in jeopardy, there is a chance your content could be damaged or destroyed, and while your site is inactive you lose money, credibility, and clients.

How WordPress Sites Fall Victim to Hackers

wordpress support and maintenence servicesCMS Managers has discussed the various ways a WordPress Site can fall victim to hackers before.  While WordPress Software is already pretty sturdy and can withstand basic attempts to hack your site, it is only as strong as its most recent update.

The fact that WordPress offers a variety of popular widgets, themes, and Plug Ins is another reason it is sometimes vulnerable to a hackers malicious attacks. These powerful, customizable features and creative Themes and Extensions expose your site to looming hackers for various types of attacks:

  • Script Injections: taking opportunities to expose gaps and glitches in your sites coding where you have incorporated aspects like forms (for commenting, log in, etc.) to steal information directly from the associated database. Once Script Injections have been applied, they will usually try to install some outside software to the Site Visitors phone, tablet, or other device by claiming to be a legitimate security program (known as Spoofing) protecting you from an impending attack or offering you some free get away or some extravagant cruise to get you to click on it.
  • Back Door Attacks: Targeting poorly coded themes and plug ins, hackers gain access to WordPress accounts by going after outdated installations. Back Doors are a immediate threat because they can lead a hacker directly to your Administration Dashboard for your WordPress Site. From there they can not only damage your site, delete your content, but also steal customer information with ease and spread malicious coding onto future visitors.
  • Re-Direct Attacks: While redirect attacks may seem harmless, they can cause quite a commotion. Causing confusion among your customers by redirecting them to another landing page or site can cause you to lose credibility with not just clientele but search engines. Since some redirects can lead to malicious sites scheming visitors out of their information, Re-Direct Attacks are often the cause of Site being back listed. These are a form of Back Door Attacks in the fact that a hacker has to infiltrate your WordPress Site through some vulnerability, alter the coding, and redirect the visitors to an alternate page.

What to do when you have been hacked

Figuring out what to do once your WordPress Site has been hacked, during this frantic time, getting everything under control and correcting your site, will consist of a lot of sourcing, editing, and repairs.

Let’s get your site back as quickly as possible and avoid losing any more time or money because of this sinister hacker. Here are a few steps you should take immediately after losing control of your WordPress Site.

Contact the VIPS

  1. Contact anyone who could be affected by the attack. This includes customers, employees, partner sites, and future visitors that your site has been hacked and that it is offline until further notice. Try using a Plain Text Banner or landing page to lessen the confusion and offer an alternate form of communication until this issue if repaired.
  2. Using a Secure Log in Process, try to retrieve to server log or access information to your site. If you are a WordPress Blogger using a free domain, try contacting support services to get information on how the hacker accessed your site.

Examine, Scan, and Clean

  1. If you want to further examine how the hacker affected your site make a back-up of the site on a separate drive for comparison to a previously backed up version.
  2. Scan and Clean your backed up WordPress Site with antivirus and Malware detection software like Sucuri.
  3. This may seem crazy, but uninstall every plug-in, widget, and even your theme. You want to start off fresh and these very functional features are being multi-purposed into weak points accessible by hackers.
  4. Install a clean copy of WordPress with a fresh directory made by you. If you used a one click installation process before, it may be required that you uninstall WordPress all together and begin again.
  5. This might be the most confusing time, but it doesn’t hurt to be extra thorough and sort through your coding. Using a Data Management System (DMS) Tool like PHPMyAdmin, Go over the existing Database Coding and be on the look-out for any unfamiliar phrasing of codes. For example: long strings of Hex-Code or “preg_replace(“/.*/e=” Again, it is not common for Premium Themes and Plug Ins to be under attack but an hasty hacker might be brazen enough to make the attempt.
  6. Ensure that your .htaccess file is undamaged and that there are no additional copies in the back-ups anywhere else.

Connecting Your Existing WordPress Database

  1. Now, connecting your existing Database with your new WordPress Installation, you can retrieve your content! Depending on whether or not your site was able to be restored, your hosting Providers Support team can walk you through the retrieval process. You may need to use your back-up, given that it has passed virus detection software.
  2. Create a new Administrative account, which will take control of all permissions and access rights from the current Administrative account, and delete the previous or current Administrative account. Be sure to use different Log in Information.
  3. Change Site permissions so that only the highest level accounts have secure access to your WordPress Database but it still allows for normal use by future visitors.
  4. Log into your New WordPress with the Default theme in place… Hold your breath, if content appears undamaged and there appears to be no trace of the hackers changes you can dig into your sites customizations and get everything back in order!

Complete Restoration of Your WordPress Site

  1. It is time to complete restoration of your WordPress Site. Since the old copies of your plug ins can contain the nasty coding, or the original theme could have been altered, take the time out to download and install fresh copies right from the WordPress Admin Dashboard.
  2. Continue restoration of any media and content lost by uploading back-ups of your old wordpress/uploads If you didn’t have very much digital media 9(pictures, videos, audio files, etc.) it is suggested that you simply upload them manually. It is not unheard of that a hacker has thought ahead and planted a bug in your WordPress Uploads Folder, in hopes that it would be overlooked upon site repairs.
  3. To avoid any backtracking hackers, head over to your Hosting Control Panel and disable any PHP files from executing in your /uploads folder. This is the only folder in WordPress Site Installs that requires write-enabling from the browser. Doing this will safe guard your site from future hacks trying to plant dirty coding.
  4. Keep accurate records of any hacks and the repairs needed to restore your site for future reference. This includes log in information, the hacks purpose, outcome, point of entry, and anything else regarding your previously hacked WordPress Site.
  5. Test and Review your newly restored WordPress Site. Watch its loading time; look for inconsistency in any Plug In activity; check that your Theme and Content both appear present and unharmed. If each aspect passes your inspection- Congratulations on restoring your hacked WordPress Site.


Getting help with your WordPress Site Restoration

These instructions, while simple, can be quite a task for some one short on time or lacking the tech skills to do so confidently. If you are not comfortable with handling your WordPress Sites restoration, most hosting providers have hands-on assistance plans for premium members. You could also reach out to WordPress Management Firms like CMS Managers to provide you with maintenance and restoration services to help you reclaim your Virtual Kingdom.

CMS Managers is always happy to share tips, tools, and advice to deal with greedy, inconsiderate hackers looking to plant malicious coding on your WordPress Site. Follow up with some suggestions on warding off hackers in the first place. By strengthening your WordPress Security and building the necessary firewalls to keep hackers out, we can provide you with one our Support and Maintenance Plans; packages starting at just $29.99! Contact us now to get your WordPress Site back and secure.


This entry has 0 replies

Comments open

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>