How to recover hacked WordPress website justlearnwp.com

Page 1

JustLearnWP.com WordPress & Blogging Tutorials

How To Recover Hacked WordPress Website?

Do you want to know how to recover hacked WordPress website. WordPress is most popular and powerful Content Management System to create websites, that’s why it is heavily targeted by hackers, because of its popularity WordPress is target of hackers looking to “take over” pieces of your site for their own benefit. There are a lot of people who wants to know how to recover hacked WordPress website and this article will help you to make your WordPress make websites more secure and safe. WordPress itself is a secure CMS and security updates are rolled out automatically whenever a major security vulnerability is spotted but even the most secure websites on the Internet are vulnerable to attacks and can be hacked. If you areShares a4WordPress users there are some basic WordPress security settings that can 2

1

prevent you from many commonly known threats. A strong user name and password,


latest WordPress version, Themes and plugins from trusted developers, regular backups and security plugins can help you to make your website more secure and safe. WordPress is now powering almost %25 of websites, and hackers target thousand of WordPress website daily. So many websites are hacked successfully, so many WordPress users are successfully targeted because a lot of people have the “it won’t happen to me” or “i will do it later” syndrome. So many people don’t expect it to happen and then suddenly their website gets hacked.

Why WordPress Website Are Hacked Successfully There are many different reason and every case is not same but there are some common mistake. If you will avoid these mistakes your website will be more secure and safe. Here is a list of many possible reasons why a site is hacked. Out dated WordPress version This one is a big problem since W3Techs found that over 15.8% of WordPress sites are not up-to-date (Using WordPress version 3 or older), meaning recent security patches won’t mean a thing for these folks and their sites are open to attack. In many cases, people got hacked because a site, hosted on VPS or shared host was not regularly updated. Out dated WordPress version can be really dangerous, Always delete out dated, test website or update to latest version, other wise it can end up affecting your several other sites on your server. The hacker can easily use compromised site to gain entry into a couple of your other sites, hosted on the same server. Out dated or malicious plugins and themes

keep in mind that hacker will often target widely installed plugins or themes with known security vulnerabilities. In most cases, your WordPress website won’t be


targeted specifically, but will be hacked because of some vulnerability in a plugin or theme installed on your site. The top security vulnerability has been with WordPress plugins and custom scripts. Weak user names and Passwords Never use admin as your default user name and weak password. can be very successful when people use passwords like ‘123456’ and usernames like ‘admin.’. Local environment (Laptops or Desktop) The first place you should start with is your local environment. In many cases, the source of the attack / infection begins in your local computer. Make sure you run a full anti-virus and malware scan on your local computer.

How To Make Your Website Secure Make sure your local environment is safe House your site with a trusted hosting provide Always use Latest WordPress version Always update plugins and theme Download themes plugins from trusted developers Install a security plugins : it can help you to quickly detected the exploit limit login attempts : Prevent Brute Force attacks Install a back up plugin Use strong Passwords for WordPress, hosting control panel etc Never use “Admin” as WordPress user name


How To Recover Hacked WordPress Website Here are few step to recover a hacked WordPress website. Scan your local machine : Don’t panic, you need to stay calm. because a clear, focused mind is the key to efficiently responding to any security breach. It is really important. Make sure you run a full anti-virus/malware scan on your local machine. Change all passwords : This is a must. Change all Server control panel, Hosting account center, SSH, FTP, database usernames and passwords. investigate Upon discovering that one of your sites is hacked, take a few moments and check any other site that you may have, especially if they are on the same server. If one site is hacked, it’s likely that other sites on the same server are hacked as well. Backup If you have back up of your website, it is great. because you can quickly fix the issues. otherwise create a back up of your website. Even though you have been hacked, there could be valuable information on your website that you may need to recover later. Keep in mind that many hosting providers may shut down or even delete your site immediately after finding out your site has been compromised, especially on shared hosting plans. contact your hosting provider as they may have detected malware, viruses or similar issues with your site then blocked it to protect others on the server. Scan Your Files If you have a back up, use this clean back up to restore your website. otherwise backup your compromised site. Once you have backed up your entire compromised site, you’re ready to Scan your website.

WordPress Security Plugins If you can access your website, Log Into Your WordPress Admin Panel, install a security plug to scan all files. is a free Auditing, Malware Scanner and Security Hardening plugin


is a free Auditing, Malware Scanner and Security Hardening plugin is another free popular plugin. : Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers. Find and remove the hack : If you cannot access your website, your host has deleted all files, use your back up files. Check all WordPress files and delete the known suspected files, make a list of all suspected files. See if there are any .exe files and delete them. Compare hacked files against known clean backups : there are various types of symptoms and they affect your website and it’s visitors. For instance, malicious redirects can often be found in files like .htaccess, and index.php at the root of your website. While others will focus on the wp-content/themes directory targeting index.php, header.php, footer.php and functions.php.

Websites That Provide Free Scans For Hacked Files Sucuri Site Scan : is a free service for comprehensive site scan, it also lets you know if your site has been blacklisted. Unmask Parasites : Lets you know if your site has been hacked. This is a great first step in determining whether there is a problem Norton Safe Web : Lets you quickly find out if there are any threats associated with your site. Quttera : Scans your site for malware. VirusTotal : You can scan your website or IP address for common viruses, trojans, malware and the like. It uses over 50 different scanners to get more accurate results.

Clean Up WordPress


Once you find what the code is and what it is doing, now it is time to remove it from your site. If you have a clean back up of your website it is easy to restore your website. Once you’ve secured your website, use your most recent backup. If you restore from a known clean backup of your WordPress Database, and re-upload your backed up WordPress plugin and theme files through FTP or SFTP, that will ensure that all those bits are clean of malicious code are gone. Change all passwords Restore everything using the most recent backups possible Reinstall WordPress from scratch or Replace the core WordPress files with latest version Must change your secret keys : re-import database (make sure it is safe) reinstall themes and plugins from scratch. Install security and back up plugins Scan your website again to make sure it is safe Contact your web host to remove you from the blacklist Work with Google and your host to get the site removed from their blacklist

Resources I hope now you know how you can make your website more secure and how to recover a hacked WordPress site. Here are 2 good resources. How to Clean a Hacked WordPress Site using Wordfence If your site is infected : Google


Download Free eBook: Cheat sheet to increase Blog Traffic, Subscribers and Earning.

Share This:

Related:

WordPress Two Step Authentication : 11 Tutorials In "WordPress Tutorials"

can you build Websites for banks with WordPress: Matt Mullenweg Explains In "WordPress"


5 Best WordPress Tutorials of the Week : Upcoming posts previews, Security, SSL & more In "WordPress Tutorials"

Tahir Taous /

JustLearnWP.com /

/ Articles, WordPress / WordPress Plugins, WordPress Security /


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.