September 26, 2022 | Posted in WordPress
Unfortunately, websites are occasionally susceptible to being hacked. Having hacked our WordPress site many times, we know the stress involved. Not to mention the effect on your company and audience. In the previous several years, we have assisted hundreds of users, including several well-known corporations, in recovering their compromised WordPress websites. This post will provide step-by-step instructions for repairing a compromised WordPress site.
When a website is hacked, you are under a great deal of stress. Stay calm and record as much information as possible about the breach.
The following is an excellent checklist to review:
This list will assist you in communicating with your hosting provider and completing the procedures below to repair your website.
Additionally, it would be best to change your passwords before beginning the cleanup. Once you have eliminated the attack, you should update your passwords.
Most reputable hosting companies are really helpful in these circumstances. They have a team with expertise dealing with these issues regularly, and since they are familiar with their hosting environment, they can advise you more effectively. Contact your site host and adhere to their directions.
Occasionally, the breach may have harmed more than just your website, particularly if you use shared hosting. Your hosting company may also be able to supply you with more details regarding the hack, such as its origin, the location of the backdoor, etc. Our experience has shown that HostGator and Siteground are incredibly helpful when anything like this occurs.
You could even get fortunate and have the host remove the hack.
If you have backups of your WordPress site, restoring from a time before the site was compromised may be advisable. If you can do this, you’re in the clear.
However, if your blog is updated regularly, you risk losing blog articles, new comments, etc. In such situations, consider the advantages and downsides.
Manual deletion of the hack is your only option in the worst-case scenario if you do not have a backup or your website has been hacked for a long period, and you do not want to lose your material.
Examine your WordPress website and remove any inactive themes and plugins. This is often where hackers conceal their back door.
A backdoor is a technique for circumventing standard authentication and getting remote access to a server without being discovered. The majority of intelligent hackers always upload the backdoor first. This enables them to recover access even after removing the abused plugin.
After you have done so, proceed to examine your website for hackers.
You should install the free Sucuri WordPress Auditing and Theme Authenticity Checker plugins on your website (TAC).
When you configure them, the Sucuri scanner will report the status of the integrity of all your essential WordPress files. In other words, it reveals the location of the hack.
If the theme authenticity checker detects suspicious or harmful code in your themes, it will display a details button next to the theme concerning the infected theme file. It will also display any harmful code it discovers.
Here, you have two choices for repairing the hack. You may either delete the code manually or replace the file with its original version.
For instance, if someone edited your WordPress core files, you should re-upload brand new WordPress files from a fresh download or all WordPress files to replace any damaged files.
Likewise, with your theme files. Download a new copy and replace the damaged files with the new one. Remember only to do this if you haven’t modified your WordPress theme’s source code; otherwise, you’ll lose these modifications.
Repeat this process for each impacted plugin.
Additionally, you must ensure that your theme and plugin folders match the originals. Sometimes, hackers install new files with filenames that resemble those of plugins but are simple to ignore, such as hell0.php, Adm1n.php, etc.
Verify in the WordPress users area that only you and your trusted team members have administrator privileges.
If you discover a suspect user, remove them.
Since version 3.1, WordPress has produced a collection of security keys that encrypt your passwords. If a person steals your password and is still signed in, they will stay logged in since their cookies are still valid. To deactivate cookies, a fresh set of secret keys must be generated.
Now do it again! It would be best if you changed your WordPress, cPanel, FTP, and MySQL passwords and wherever else you used this password. We strongly suggest using a secure password.
If your website has a large number of users, you may wish to demand a password reset for everyone.