Even the most secure websites on the internet are vulnerable to attacks and can be hacked. As a WordPress users there are some basic WordPress security settings that can prevent you from many commonly known threats. Advance users can further strengthen their WordPress security by adding more layers of security around their WordPress sites. However, lets assume that despite all these things your WordPress site gets hacked. In this post, we will discuss the things you can do to recover a hacked WordPress site. We also talk about tools and plugins you can use to clean up an infected site.
Change All Passwords Associated with Your WordPress Site
Each WordPress website uses several passwords. There are passwords for WordPress admin area, for your MySQL database, for your FTP/SSH access, your web hosting account, and most importantly passwords for email accounts associated with these logins. Even a single compromised password can give hackers full access to your entire WordPress site.
First thing you should do when your WordPress site is hacked, is to change all those passwords and even usernames if possible. Use unique and strong passwords for each account. If you are not already using a password management utility then start using one right away. This will allow you to use stronger passwords without remembering them.
Once you have changed all your passwords, you can move on to cleaning up and restoring your website. However, keep in mind that you will have to change all your passwords once again after you have restored your website.
Create a Backup of Your Infected Site
Yes, you heard us right. If you do not have a backup of your site before it got hacked or infected, then you should immediately create a complete backup of whatever you have left.
Most common WordPress infections simply inject malicious code, malware, and things like that into your WordPress files or database. Cleaning up those files or database can be difficult but can be done.
However, the first thing that you want to do is to save your data. If you have access to the admin area of your WordPress site then you can install a backup plugin. If you do not have access to the admin area then you will have to manually create backup of your WordPress site.
Restore from Backup
Most users don’t realize the importance of setting up WordPress backup solution until their site gets hacked. It is true, even we learnt the importance of backups the hard way.
If your WordPress site gets hacked, or someone injected malicious code into your site. Then restoring your site from the backup is the quickest and the safest way to get up and running again.
Finding The Backdoor in Hacked WordPress Site
A backdoor is a disguised executable file or code snippet uploaded by the hackers on your site. This file gives them remote access to your site. If you clean up infected files, and the backdoor is still there, then your files will get affected again.
Scanning Your WordPress Site
There are tools and plugins which will allow you to check the integrity of all WordPress files and database. However, before you run it, you will need to delete all plugins from your plugin folder and remove all inactive themes. This will allow scanning tools and plugins to show less false positives.
Check your WordPress uploads directory, and look for any php file there. Uploads directory is usually reserved for media files. If there is a php file there then delete it.
Exploit Scanner is a very powerful WordPress plugin that allows you to scan all your WordPress files, uploads directory, and database for suspicious files and malicious code. It is developed and maintained by a team of very talented and knowledgeable WordPress security experts.
Simply install and activate the plugin and run the scanner. The scanning process may take some time depending on your database size and installed plugins. It will show you three types of notices for severe, warning, and notes. You need to carefully examine those results.
One downside of the plugin is that it may show you false positives and you need to carefully examine results to be extra sure.
Sucuri is one of the leading website security companies. This free plugin allows you to run sucuri security scans on your website. This scan will check your website for file integrity, malicious code injection, and security auditing. The plugin will also recommend actions you can take to strengthen your site’s security. We mentioned many of these actions in our strengthening WordPress security for advanced users article.
Getting Help to Recover Your Hacked WordPress Site
The steps mentioned above would help you easily recover your WordPress site. However, in some rare cases you may find yourself in a much more difficult situation. For example, a hack would keep coming back, or you would be unable to locate malicious code in your database.
First you need to understand that whatever is happening to your site has already happened to thousands of websites. There are already solutions available for no matter how difficult your situation seems to be. The best place to get help with your hacked WordPress site is the official WordPress support forums. Describe your problem with as much detail as possible and you will get help from other users and even experts.
Apart from official WordPress forums you can try other web development communities for help. Stack Exchange site for WordPress is another great online community to get help and advice from experts.
Web is becoming more and more like real world. There are challenges and dangers lurking around the corner. Instead of being scared, you should be prepared and ready to take on those challenges. Together we can make the web a safer place where people from all over can freely conduct business, express opinions, and share cool stuff.