Repair hacked wordpress website can be some of the most vulnerable for getting hacked because of the popularity of the platform. Usually when people reach out for help, it is because their site was hacked once, they fixed it–and then it was hacked again.
“Why did my WordPress website get hacked again when i fixed it?”
Whenever your WordPress site gets hacked for another time, it’s usually because of backdoor developed by the hacker. This backdoor allows the hacker to bypass the normal procedures for getting into your site, getting authentication without you realizing. In this posting, I’ll explain how to locate the backdoor and fix it in your WordPress website.
So, what’s a backdoor?
A “backdoor” is really a term referring to the technique of bypassing normal authentication to get into your site, thereby accessing your site remotely without you even realizing. If a hacker is smart, this can be a very first thing that gets uploaded when your site is attacked. This enables the hacker to have access again down the road even after you discover the malware and take it off. Unfortunately, backdoors usually survive site upgrades, therefore the site is vulnerable and soon you clean it completely.
Backdoors could be simple, allowing a user and then create a hidden admin user account. Others tend to be more complex, allowing the hacker to execute codes sent from the browser. Others have an entire interface (a “UI”) that provides them the ability to send emails from your own server, create SQL queries, etc.
Where is the backdoor located?
For WordPress websites, backdoors are generally located in the following places:
1. Plugins – Plugins, especially out-dated ones, are an excellent place for hackers to cover up code. Why? Firstly, because people often don’t believe to log to their site to check on updates. Two, even though they do, people can’t stand upgrading plugins, since it takes time. Additionally, it may sometimes break functionality on a niche site. Thirdly, because you can find tens of thousands of free plugins, some of them are easy to hack into in the first place.
2. Themes – It’s not so much the active theme you’re using but the other ones stored in your Themes folder that may open your website to vulnerabilities. Hackers can plant a backdoor in one of the themes in your directory.
3. Media Uploads Directories – Most people have their media files set to the default, to generate directories for image files predicated on months and years. This creates a variety of folders for images to be uploaded to–and many opportunities for hackers in order to plant something within those folders. Because you’d rarely ever check through all of those folders, you wouldn’t find the suspicious malware.
4. wp-config.php File – that is among the default files installed with WordPress. It’s among the first places to look when you’ve had an attack, because it’s just about the most common files to be hit by hackers.
5. The Includes folder – Another common directory because it’s automatically installed with WordPress, but who checks this folder regularly?
Hackers also sometimes plant backups with their backdoors. So while you may clean out one backdoor… there may be others living on your server, nested away safely in a directory you won’t ever look at. Smart hackers also disguise the backdoor to check just like a regular WordPress file.
So what can you do to completely clean up a hacked WordPress site?
After reading this, you may guess that WordPress is the most insecure type of website you might have. Actually, the most recent version of WordPress has no known vulnerabilities. WordPress is constantly updating their software, largely because of fixing vulnerabilities whenever a hacker finds a means in. So, by keeping your version of WordPress up to date, you can help prevent it from being hacked.
Next, you can try these steps:
1. You can install malware scanner WordPress plugins, either free or paid plugins. That can be done a seek out “malware scanner WordPress plugin” to get several options. A few of the free ones can scan and generate false positives, so that it can be hard to know what’s actually suspicious unless you’re the developer of the plugin itself.
2. Delete inactive themes. Eliminate any inactive themes you are not using, for reasons mentioned above.
3. Delete all plugins and reinstall them. This is often time-consuming, but it wipes out any vulnerabilities in the plugins folders. It’s a good idea to first develop a backup of your site (there are free and paid backup plugins for WordPress) before you start deleting and reinstalling.
4. Develop a fresh .htaccess file. Sometimes a hacker will plant redirect codes in the .htaccess file. It is possible to delete the file, and it will recreate itself. If it doesn’t recreate itself, you can manually do that by going to the WordPress admin panel and clicking Settings >> Permalinks. Once you save the permalinks settings, it’ll recreate the .htaccess file.
5. Download a brand new copy of WordPress and compare the wp-config.php file from the fresh version to the main one in your directory. If there’s anything suspicious in your present version, delete it.
6. Lastly, to be completely sure your website has no hack (outside of using paid monitoring services), it is possible to delete your website and restore it to a romantic date that the hack wasn’t there from your hosting control panel. This will delete any updates you’ve made to your site after that date, so it’s not just a great option for everyone. But at the very least it cleans you out and peace of mind.
In the future, you can:
1. Update your admin account. Create a new user with Administrator capabilities, then delete the old one you were using.
2. Use a plugin to limit login attempts. This will keep someone locked out following a certain amount of attempts to get in.
3. Password protect the WP-admin directory. This might be done during your internet hosting control panel. If your webhost uses cPanel, this is easily done with a couple of clicks. Contact your host to figure out how exactly to password-protect a directory or do a search for it on your own hosting company’s website.
4. Create regular backups. By backing up your site regularly, you know you will have a copy to restore the site with if it would get hacked. There are free and paid plugins available to help with this particular, or you might be able to develop a backup of the complete account from your own hosting control panel. Or, though slower but nonetheless an option, you can download the complete site via FTP software.
When it comes to security, it can help to go on it seriously. Backing up your website is among the best things to do, because your hosting company may not do that for you personally. Some may offer backups/restore features in the event that you activate them, plus some may create random backups every couple of weeks. But you don’t want to rely on the host because this isn’t within their scope of services. To be more certain, you should use paid malware monitoring services and plugins in order to watch your site which means you need not worry about it.