How to Resurrect / Recover Hacked WordPress Website?

This Article is incomplete. I Started writing this while returning from Kolkata After WCKolkata WordCamp. Here is the Video Recording of Session.

In this open world, Having attempts for hacking your website is extremely routine for every Webmaster out there.

Mostly the main purpose behind those attacks/attempts is to insert some code in your website which can be further monetized by inserting ads or redirecting your readers to some other website. the only logical reason is attackers are working on Medical or Adult Niche, where they have issue fetching traffic in an organic way thus the bad way. Commonly such code is referred to as Malicious code. which often has the capability of replicating itself on the server.

Myth: WordPress is not secure
For those who believe it, WordPress is as secure as your home, if you are keeping the door open for burglars then god bless you.

Oftenly Attacks are on various levels, not every time you can react on that. Levels are
– DNS
– DataCenter
– Application Layer : Apache / Nginx / PHP
– WordPress
– Themes / Plugins

Common ways of Getting Malicious code in your WordPress Website:
– Using some Pirated / Nulled version of theme or Plugins, you never check what’s in code of those resources.
– Using Old version of the theme, Plugin or WordPress Core:
New releases do not always feature updates, they do include security fixes. Make sure you use the latest version of Plugins, Themes and WordPress Core.
– Unsanitized File upload
Its often observed some websites have forms for uploading files like resumes or Photos, Try uploading PHP file instead of jpg, png, Docx, pdf files. if it gets uploaded, God bless that website. Luckily Form plugins in WordPress are sanitized, any form by form plugins is safe, but some custom landing page might be a Risk.
– If you are on shared Hosting, May God Bless you.
you have no access over whats going on Serverside, once someone else accounts on the same server get affected, all other accounts are on risk.

[Simpson Image here]

How do you know if your website is affected?
– Your Website Is Being Redirected to Hacked Sites
– Ads & Pop-ups Open When Visiting Your Website
– Google Chrome (or another browser) Shows A Warning When Visiting Your Website
– Google Search Console Sends A Message Saying Your Website Is Hacked Or Has Malware
– Your Hosting Company Disabled Your Website
– Your Website Becomes Very Slow And Shows Error Messages
– Unknown Code in your program Files
– You Find New Admin Users Or FTP Accounts Which You Haven’t Created

What to do

My Take on Ban using Chinese Apps

Disclaimer: The thoughts expressed in this post are personal. It has nothing to do with the organizations I’m associated with. If you disagree with these thoughts, It’s fine.

Hello Reader,

It’s has been more than a week, we are receiving forward message with Headlines like “Ban Using Chinese Products / Applications”.

I have some questions:

  • How do we define which app to remove as it’s so-called “made by china”?
  • If Google is banned in China, how come Chinese Devs publish app in Google Play store?

The following might be an explanation:

  • We have companies in India who are funded by Chinese conglomerate to run the show. Will we stop using them?
  • Some companies in China outsource their development, translation, design jobs to Indian markets. If we stop using these apps, we are affecting our economy.

Let us take an Example of TikTok

  • TikTok has Good Entertaining Quotient.
  • Publishers & Viewers are huge in numbers.
  • More the content, more the resources TikTok operations team put-in.
  • More resources mean more the investment to run the show.
  • Now let us think about how an app developer is making Money. It has to be from Data & Advertisements.
  • Your Data is already sold out. So you want to ban something then Ban putting ads.
  • For Application of that scale, there must be a local team managing infra/operations.
  • Stop using that app will remove the need of the local team affecting our economy. Keep them in “THE SHOW MUST GO ON!” mode

If you want to attack some tech giant, use the free things they are giving. Do not pay by any modes like In-app purchases or putting Ads. As user Enjoy what you get for Free.

Now you might be saying we are Marketing team. We have a new product that will help our team sustain the pandemic situation. We need Advertising outreach. I’m not against that at all. Everyone is trying their best to survive. Take an extra step and reach out to publishers directly. Half of them don’t even know their asking rate. You can Grab a better deal.

Conspiracy thought:

Always thinking about who could be benefited by such forwards?

  • Indian Devs who are publishing clones of these apps? Naah. Bas Behti Ganga me hath dho rahe hai. They have no idea where it’s gonna lead.
  • Current Ruling Party? Maybe, nowadays all we have is “keep the devil occupied” Policy.
  • Internet Service Providers? Maybe. We all know the current internet situation is not that great. Reducing Users from Apps like TikTok or PUBG can save bandwidth. Net Neutrality & ISP ranting for Infra cost is the topic for another day.

That’s all, that’s just a thought. If you have some other thoughts, I’m a good listener. Feel free to drop-in Comment or wherever we Encountered this Topic.

Have a great day ahead.

[Solved][AMP Error] The tag ‘link rel=canonical’ appears more than once in the document.

We received a sudden rise of errors in Search Console with Error
“The tag ‘link rel=canonical’ appears more than once in the document”.
We are using the following two plugins:

This Error arose because both plugins were adding canonical to AMP Code. Removing one is the only solutions.

As Canonical from Yoast was wrong, we decided to remove Yoast’s Canonical. Thanks to Yoast team for the canonical documentation & wpseo_canonical Filter. Following Code is what we used to remove Canonical from AMP Output.

// Remove canonical from better-amp output.
add_filter( 'wpseo_canonical', 'remove_canonical_from_bamp' );
function remove_canonical_from_bamp( $canonical ) {
  if(is_better_amp()){ 
      return false;
  }
  return $canonical; /* Do not remove this line. */
}

Above code will work only if you are having Better AMP plugin in use.
Happy Publishing!

[Update] Based on Comments, Please Paste that function in your Theme’s Functions.php or if you are not sure how to edit Functions.php or use Code Snippets Plugin.