When you find that your WordPress website is hacked, keep calm and see what you can do to retrieve it. Do not panic as if this is the end of the world. Try to see how you can clean the hacked website.
This blog is about how to find ways to keep your website clean from any malware and how to enhance the security of the website. Before, you read further, let’s assume you have the back-up of the website with you.
How do you know if your WordPress Site is hacked?
Less Traffic – If suddenly one fine morning you see that the website traffic has gone down by a huge size, then it could be a sign that somebody has infringed on your site.
Unethical Links – This is probably the most obvious one as it is clearly visible on the homepage of your website. Most hacking attempts do not deface your site’s home page because they want to remain unnoticed for as long as possible. Your home page may not be much affected, because hackers will not deface the main page so that they notice, and if done they will try to extort money from the website owners.
Unable to login – When the admin is not able to login to his homepage, there are chances that hackers might have changed your credentials, and you would not be able to reset the password.
Unauthorized Users – If you enter the website and happen to see unauthorized account being created in the WordPress account, then be sure your site is hacked.
Slow Website – All websites can become victims because the hacker connects the hacked computers and servers from all over the world using fake IPs. They are actively trying to break into your website as they send too many requests to your server.
Unusual activity noted – Check for server logs which are plain text, these files will keep a record of the logs and errors on the server as well on the internet traffic. This can be done from the cPanel under statistics.
Non-receipt of the email – The server that is hacked is normally used for spam by the hackers. Check if you are able to send and receive an email from this account if not, they probably your website is hacked.
Doubtful task scheduler – The web server allows you to set a schedule for the different task you intended to, and if you happen to see any unwanted or unscheduled task on the server, be careful. Hackers can schedule a different post without your knowing it.
Strange Search Results – If you happen to see different search results for your website, please have a look at the title and Meta description; if it is different change it because it is a sign that your website is hacked.
Unwanted Pop-ups – The most unusual thing on the website is to see Popups or Pop-Under ads, these are done just to swindle off your website for you and make money. The hacker will try to divert the website to a different area showing them spam ads.
How to clean your Hacked WordPress website?
Your web host company will normally delete the website if it comes to their knowledge that the website is hacked, so do not approach your host with this issue as the first step.
Look for somebody who has the technical knowledge of the website and how to clean the stuff manually.
If you do not find anybody it is better to approach a professional to clean the mess.
Sanitize the Site
Now, you have to isolate the virus and kick it out of your website. First, you want to remove all of the (installed, but) inactive plugins and themes from your WordPress code base because they are the easiest target for hackers.
Remove all the plugins and themes from your WordPress code base, as the first step towards removing unwanted or code from the website. Download Sucuri or WordFence and follow the instruction to completely wipe out the malicious code. There is another tool called VirusTotal that remotely scans the file, it also helps you find hacked files on your website. If you find the tool is not deleting the malicious code but only reporting it, then the best solution is to reinstall a fresh copy of the plugin/theme. Once the malware is cleaned you can inform the hosting company.
Keep a tight lid on your website after you have cleaned and got rid of the malicious codes. Now you want to make sure such things don’t happen again. Follow this quick step.
Change your password and secure all your WordPress accounts, your cPanel logins, FTP logins with strong passwords. Use password management tools such as LastPass too.
Once you have cleaned the malware and improved WordPress website you can use a security plugin for malware scan. Make sure you take all the necessary steps to improve the security of your website.
Guest article written by: Julia is a security geek with almost 5+ years of experience, writes on various topics pertaining to network security.