How to Resurrect / Recover Hacked WordPress Website?

This Article is incomplete. I Started writing this while returning from Kolkata After WCKolkata WordCamp. Here is the Video Recording of Session.

In this open world, Having attempts for hacking your website is extremely routine for every Webmaster out there.

Mostly the main purpose behind those attacks/attempts is to insert some code in your website which can be further monetized by inserting ads or redirecting your readers to some other website. the only logical reason is attackers are working on Medical or Adult Niche, where they have issue fetching traffic in an organic way thus the bad way. Commonly such code is referred to as Malicious code. which often has the capability of replicating itself on the server.

Myth: WordPress is not secure
For those who believe it, WordPress is as secure as your home, if you are keeping the door open for burglars then god bless you.

Oftenly Attacks are on various levels, not every time you can react on that. Levels are
– DNS
– DataCenter
– Application Layer : Apache / Nginx / PHP
– WordPress
– Themes / Plugins

Common ways of Getting Malicious code in your WordPress Website:
– Using some Pirated / Nulled version of theme or Plugins, you never check what’s in code of those resources.
– Using Old version of the theme, Plugin or WordPress Core:
New releases do not always feature updates, they do include security fixes. Make sure you use the latest version of Plugins, Themes and WordPress Core.
– Unsanitized File upload
Its often observed some websites have forms for uploading files like resumes or Photos, Try uploading PHP file instead of jpg, png, Docx, pdf files. if it gets uploaded, God bless that website. Luckily Form plugins in WordPress are sanitized, any form by form plugins is safe, but some custom landing page might be a Risk.
– If you are on shared Hosting, May God Bless you.
you have no access over whats going on Serverside, once someone else accounts on the same server get affected, all other accounts are on risk.

[Simpson Image here]

How do you know if your website is affected?
– Your Website Is Being Redirected to Hacked Sites
– Ads & Pop-ups Open When Visiting Your Website
– Google Chrome (or another browser) Shows A Warning When Visiting Your Website
– Google Search Console Sends A Message Saying Your Website Is Hacked Or Has Malware
– Your Hosting Company Disabled Your Website
– Your Website Becomes Very Slow And Shows Error Messages
– Unknown Code in your program Files
– You Find New Admin Users Or FTP Accounts Which You Haven’t Created

What to do

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.