Become Wordpress Professional - Your Ultimate Wordpress Guide

Thursday, 15 August 2013

17 Steps to Recover Hacked Wordpress Site

How to recover hacked wordpress site
Steps to Restore A Hacked Wordpress Site
Use of wordpress as a great content management system is growing day by day, so is the biggest challenge to protect it from hack attempts by taking several precautionary measures and improvement of the core file's security. Wordpress developers themselves perform a great job on strengthening the security of wordpress on every update but there might be some loose ends that might have get your site into cross-hair of hackers.

Unfortunately, thousands of wordpress sites become victim of hackers every day and therefore require fast recovery because a very negative impact takes place for that particular site in the vision of search engines, hence it can end up loosing it's identity and online reputation. Search Engine Bots such as google bot is very strict and can manage to spot an hacked site immediately, if the site is not fixed as soon as possible, chances are that it will loose the indexation of pages from the search engine.

Steps to Recover a hacked Wordpress Site

1) Upgrade to the latest version of Wordpress

Check to see if your Wordpress is of latest version, if you are running an older version of wordpress than the current official version, immediately upgrade to the latest version. You can get to know about the current latest version of wordpress being used by visiting the official wordpress site.

2) Install and Scan site with Antivirus Plugins

Install anti-virus/scanner plugin such as Bulletproof security plugin, Wordfence security plugin, 6Scan Wordpress security or Better WP Security plugin which will help you scan files and it will indicate suspicious and malicious security loop holes and will fix them for you. You can read about the Best wordpress security plugins in detail here 

3) Change MySQL Database password

Change the password of your MySQL database attached with your wordpress files.

4) Change Wordpress Login credentials

Change wordpress admin panel password as well as for all the users.

5) Check site Users

Check to see if there are some suspicious users added to your site, if you seem to find any, remove them immediately.

6) Download Backup of your wordpress website

Download a backup of your wordpress site files via FTP (file transfer protocol software such as filezilla).

7) File Matching

Go through the wordpress core files and match them with the official files of wordpress, if any file seem to be extra or if you think that it should not be there, delete it.

8) Htaccess Protection

Block directory and its browsing access to your wordpress core files via .htaccess

9) Search Database for something odd

Open up the MySQL database via pHpMyAdmin and check the tables of your database specially "wp_users" and "wp_posts" to see if you can find something odd there. (Warning: explore your site's database at your own risk and if you know what you are doing, any wrong action can end your site being nonfunctional).

10) MySQL Database Querying

Download the SQL database file to your computer and upload it to your localhost, then query the database to search for "bad words" (words that you think are cause of the hack). Your database will return all the results for the particular search query. Remove anything that seems suspicious/malicious from the results. Later on you can re upload the cleaned SQL file back to your online pHpMyAdmin.

11) Check Theme Files

Go through the theme files, generally most common cause of wordpress hacks are unlocked themes. Search each and every file individually, make sure none of the files contain base_64 code that looks like a alphabetical string containing random alphabets. If you find those strings, delete them. if you are having a large number of themes, then you can download all of them as a backup and then delete all the themes except the default wordpress theme (twenty twelve).

12) Change Hosting Password

Change the password for your hosting account

13) FTP Access Check

Change FTP Passwords, remove any unauthorized ftp account that exists.

14) Replace default wordpress table prefix 

Change the the default database table prefix. (Change "wp_" to something else like "ms_")

15) Update Security Keys

Update your wordpress nonces/salt keys inside wp-config.php file.

16) Set Proper File permissions

Verify that your file and folder permissions are set. You need to set the public rights be only viewable.

17) Harden your wordpress site

After making sure your site has been recovered , you can go through the process of Hardening your wordpress site to avoid future attacks


Post a Comment

Please Avoid Spamming. Comments will be moderated before they are published.