First a bit of definition. According to the www.wpbeginner.com website, WordPress is software used to create any kind of website. It is free which means you are free to download, install, use and modify it. WordPress is used by millions of people to create their first website. People quickly adapt to WordPress because it is fairly easy to use.
However local website developers are frequently contacted by companies who need assistance because their WordPress website was hacked. Typical symptoms are:
- The WordPress website is not showing up
- Text and links have been maliciously added or the content has been replaced on the website.
- The home page is now redirected to a page announcing to the world that the site is hacked.
- Phishing / pharming pages have been installed into the website.
Recommended Steps to Fix your Hacked WordPress Site:
Before you make that reactionary phone call to your hosting provider, we recommend you follow these steps. If you do a restore from backups prior to doing your homework, you may remove the evidence you need to track down what the source of the compromise was. This could lead to your site being compromised again.
Step 1: Clean up your local machine(s)
Many website compromises come as a result of your administrator or FTP login credentials being harvested right from your local PC through some form of virus, spyware, Trojan, etc. Your first step should be to make sure the local workstations that you use to edit the website are secure.
- Stay current with your operating system patches (i.e. Windows & Mac updates).
- Make sure the web browser you use is up to date with the latest version.
- Keep your anti-virus definitions up to date and regularly do full system scans.
- Don't install software from untrusted sources onto your local machines.
- Don't click on any links in emails that you were not expecting.
Step 2: See if other sites on your server are compromised
You may need to contact your hosting provider to find this out. When you are on a shared server, it may be that your site was accessed as a result of someone gaining access through a different website. Identifying files that were compromised provides clues as to which WordPress plugin was the source of the compromise.
Step 3: Change all passwords
At this point you need to assume all passwords have been compromised. Make sure the following passwords are changed at a minimum:
- FTP login credentials
- All WordPress login credentials with administrator level
- WordPress database login credentials
- Any other application logins you may have in this domain
Step 4: Secure WordPress
WordPress makes it easy for novice users to create websites, and it is easy to find and install plugins. The problem is there are many plugins developed with known vulnerabilities, which attract hackers.
Secure WordPress with the following steps:
- Change your WordPress encryption (hashing salt) keys and use the online WordPress generator to make them secure.
- Make sure WordPress version is up to date (and keep it up to date).
- Make sure all plugins are upgraded with the latest version.
- Review any plugins that you can eliminate and remove them.
Step 5: Contact Sucuri (Determine where the vulnerability is)
Contact Sucuri.net and have them scan your website. They will scan your website and clean malicious files. The price you pay them also provides you with 1 year of daily scanning.
When you first setup your WordPress website, we strongly recommend you consider the security steps outlined in this article. In doing these steps, you will save time, money and frustration.