How To Clean A Hacked Wordpress Website Or Blog
A bad dream of every website owner is a hacked wordpress website. A hacked wordpress website leads to less traffic, loss of revenue, damaged and stolen data, and brand reputation. Hacking of a website can be done via injecting malicious scripts, codes, and bots into the website via contact forms, search bars, and default pages.
Most of the website uses wordpress to develop it. Sometimes wordpress developers forgot to put security and failed to use security plugins, firewalls, and other security protocols. So that hackers take advantage of it.
So, all you have to do is use good quality best plugins that are genuine, maintain wordpress sites regularly, and increase wordpress security by using plugins and good antivirus software. If your site is hacked, then you can hire wordpress developer.
Here are some excellent tips to remove a hacked wordpress website and blog.
Scan Your Website Or Blog
You can use some of the genuine security tools to scan your website. Use premium tools and top plugin to prioritize scanning because free tools often do not scan properly.
- There are free wordpress plugins for scanning your website. Just install it on wordpress and scan the whole website for viruses, malware, and bots.
- You can use a remote or external scanner to scan your entire site.
- For example, you can use “Sucuri sitecheck.” It is a best plugin for security; it can scan your site remotely. You have to put your website link on the “Sucuri sitecheck” and scan it.
- If you have multiple wordpress servers and all are interconnected, then it’s recommendable to scan them all also.
Check Core Files Integrity
Most of the wordpress files are not editable and protected, but threats enter them by making a way. Most infections are found in wp-admin, wp-includes, and root folders.
- You can scan the integrity of a wordpress file by scanning it with the “diff command” in the terminal.
- You can manually check files via SFTP. Never use an FTP client because it is not secured. Use FTPS/SSH/SFTP clients. There are some wordpress security best plugins for core file security. You can use them to protect it.
Check Recently Changed/Modified Files
It is a good idea to check for any recent changes in the wordpress file system. You will get an idea of what was changed before website hacking.
- Manually Check Modified Files
- Login to the server using SSH or SFTP client. (never use FTP client)
- You can check modified files in the last 15 days using this command in SSH: “$ find ./ -type f -mtime -15”
- If you are using SFTP, sort files by the last modified date on the server
- Now, see for any files that have changed in the previous days.
- Check Recently Modified Files By Linux Terminal
- In terminal type: ‘’$ find /etc -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r .’’
- To view folders type: ‘’$ find /etc -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r .’’
- Here you will see modifications that happened from the last 7 to 30 days.
Check Google Transparency Report
If your website is blacklisted by security authorities or by Google, you can use tools to check the security status of your site.
- You can go to “https://transparencyreport.google.com/safe-browsing/search" and enter your website URL and search it.
- You can see details like malware, malicious redirects, spam, and downloads found by google scan.
- There are other tools you can use:
- Norton safe web
- Yandex webmaster
- Google Webmasters central
- Bing Webmaster tools
- You can hire wordpress developer if your site is blacklisted and want solutions to recover it.
Removing Malware From Website/Blog
Now, this is the central part of this article. If you read the above topic, you already know about the locations of viruses/malware. Now, you can restore your wordpress by removing malware. Malware/viruses will keep entering if you don’t care about wordpress security. You should always maintain wordpress site regularly.
Cleaning Damaged/Hacked Files From Wordpress
If malware is present in core wordpress files, you can manually remove it. Don’t just restore the only file that was infected but restore a full wordpress. You can backup wordpress before doing it for wordpress security. Here is how to do manual file restoration.
- Login to the server using SFTP or SSH. (don’t use FTP)
- Create a backup before doing anything
- Search and identify the files which are modified in the last few days
- Restore those files with original ones from the wordpress repository
- You can remove any malicious code written in the file by removing it
- Now, verify it and test it
Cleaning Hacked Database
You can remove a malware/virus infection from the wordpress database using “search-replace-DB or Adminer.”
- Login into admin panel
- Make a complete backup of the database before doing anything.
- Now, search for malicious/suspicious content like links, keywords, or other unknown things.
- Open the table and manually remove malicious content
- Now, verify it and test it
Closing Backdoors In Wordpress Site
Hackers always leave the backdoor behind to get in again on your site. Backdoor files are similarly named like wordpress core files, but they are malicious files. Hackers inject files like wp-config.php and other folders like wp-content/themes, wp-content/plugins, and few other ones.
Here are the common PHP functions backdoors use.
- System
- Exec
- Eval
- Gzuncompress
- str_rot13
- base64
- move_uploaded_file
- preg_replace (with /e/)
- stripslashes
- assert
Future-proofing Wordpress Site/Blog From Attacks
Never use outdated plugins, themes, or any other software, and regularly update your wordpress, plugins, and themes. Always use top plugins that are famous and genuine. Use good security software and scan your entire server regularly. Use a good firewall to restrict access.
Always change passwords for contributing users, admins and ask them to learn more about wordpress security. You can hire wordpress developer if you are new or got stuck with maintain wordpress sites.
Conclusion
It is always good to regularly update wordpress software, plugins, themes, and other files for security. Always use genuine themes, top plugin, and good security software. You should maintain wordpress site regularly to protect from hackers.
Day by day, attacks are increasing, so it is better to invest money on good developers who will help you maintain wordpress sites and improve wordpress security. You can contact us at Latitude Technolabs to hire wordpress developers to solve these problems permanently.
