WordPress is the most used content manager in the world. It is estimated that 30% of all websites are made on it! If on the one hand, they give us an idea of the potential of this platform, on the other they have to worry about their vulnerability since the more used a system it is, the more susceptible it is to these attacks, websites getting hacked has become a big nuisance!
There are so many searches termed “WordPress website hacked” identifying how big a problem it really is. Among the numerous measures that we point out, the most relevant are related to the passwords you use and the periodic updates of your installation and plugins to keep them up to date.
In this sense, developing custom themes will ensure a higher level of protection since the code behind it is not visible to everyone.
How to tell if you have been hacked?
Your WordPress may have been infected with malware, a malicious code that without our consent infiltrates the code of our software. There are several types of malware with different purposes (steal personal information from users, show publicity, hack our computer).
As a result, Google will mark your domain with a warning. This measure clearly has a catastrophic effect on your online presence, since many people will be alarmed with the warning and wouldn’t want to access your website. This will also have your site’s visitors opt for your competitors website instead.
In order to tackle this, you can use a server-level antivirus, to do so, contact your provider to see if they have one installed and that they analyze your website. But there are more ways in your web setting portal as well.
How to fix a hacked WordPress website?
- Delete the WordPress installation files, except the WP-CONTENT folder, HTACCESS and the WP-CONFIG.PHP file.
- Review the HTACCESS and WP-CONFIG.PHP files manually to ensure they have no code injected.
- Enter the WP-CONTENT folder and check the plugins in the PLUGINS folder that has the installation, take out a list of installed plugins, delete them in their entirety and download them again from the official repository versions.
- Perform the same procedure in point 3 with the themes, THEMES folder, making sure to do it with all the installed themes, not just the active theme.
- Delete the content of WP-CONTENT except for the THEMES, PLUGINS and UPLOADS folders. Enter the UPLOADS folder, do a search and delete PHP files.
- Copy the WordPress files back to the installation folder, downloaded from the official repository.
- Re-publish the site on the hosting server, making sure to remove the infected site in its entirety.
- Use a security tool such as Wordfence to generate a heuristic analysis of the UPLOADS folder, to ensure that there are no hidden PHP files in image format.
After performing this procedure, the installation of WordPress will be clean in the files part, of course, it is worth checking the database through SQL queries you can validate if injections have been submitted.
Once we have detected the malicious code and to avoid major problems to the users who visit our site, what we can do is put the website in “maintenance mode” showing a message warning of the situation, or creating in the file. htaccess a new rule that blocks access to the portal.
Now that we have located the files that have been infected, the question is: how do we do this?
The answer, in this case, varies depending on the type of hacking we have suffered, but the main idea is to delete or clean files from malicious code.
The first step we must do is delete any file that has been infected, that is suspicious, or that is not part of the WordPress installation, installed plugins or template used and that has not been uploaded by us. If you have any questions, we can perform an Internet search to see if this file is really part of the CMS programming or not.
The problem may appear when a file that is part of WordPress, a plugin or theme has been marked as a potentially dangerous file. In this case, we have two options:
1. Replace infected files with new clean malware files
2. Edit those files with malicious code and delete that code
In other cases, the second option can be complicated, especially for those who are not experts in programming. Of all, it can serve as a clue that this type of code injected into the files attackers often use the base64_decode and eval directives, although we can always find false positives, so we must be very careful with what we eliminate.
Ensuring better security of your website
To ensure greater security of our CMS, it is advisable to carry out a series of practices to strengthen our site. Among these practices, we can highlight:
- Make regular backup copies of both the files that are part of the website and the site database
- Minimize the number of plugins used and eliminate those that we do not use
- Make use of robust passwords both for access to the administration, as for the FTP account and database
- Apply extra protection using .htaccess file directives
- Keep the WordPress core, plugins and theme used, updated to the latest stable version available
- Download plugins and themes from trusted sites
We have to be clear that any platform we use, such as a content management system or CMS for its acronym in English (WordPress, Joomla, Drupal, Magento, PrestaShop, among others), can be hacked or hacked.
Security is a priority, and even more so for online businesses. For this reason, it is important to have a good hosting provider. If our possibilities are limited, we could use a managed WordPress hosting like BionicWP, which holds quite a reputation in the market.