WordPress is the most popular Content Management System in the world, and a significant percentage of the sites on the Internet use it. That popularity is well-deserved, but it also makes WordPress an irresistible target for hackers who want to spread malware.

How to Tell if Your Site’s been Hacked

Sometimes it is obvious that your site has been hacked. Occasionally hackers will simply redirect the site to a different server, so that visitors to your domain end up at a site infected by malware, a site displaying advertising the hacker can profit from, or a porn site. But often hackers add malware or spam links to a site which they want to remain undetected for as long as possible. Having a hacked site can infect your visitors with malware, and it will almost certainly result in a huge hit to your SERP rankings, or even blocking by search engines, so it’s important to be vigilant. There are a number of tools available to webmasters to determine whether a site is vulnerable and whether it has been hacked.

WP  Security Scan

The WP Security Scan extension won’t tell you whether your site has been hacked, but it will check for possible attack vectors and vulnerabilities, and offer suggestions for fixes. Of course, often the vulnerabilities will not be in WordPress itself, but in some other part of the software stack. The best way to ensure that there are no known exploits that hackers can use is to keep your software as up-to-date as possible.

Google’s Safe Browsing Diagnostic

Google has a service that enables webmasters to see whether they consider a site to be dangerous to visit. Copy the following URL into your browser address bar and replace the part following ‘?site=’ with your site’s URL.

http://www.google.com/safebrowsing/diagnostic?site=google.com/

Sucuri

Sucuri offers a free site scanning service that will catch major problems, and a paid for monitoring and cleanup service that can help if you are hacked.

Using these tools together can help you ensure that your site remains safe.

What Should You do If You’ve Been Hacked

Unless you are an experienced and expert developer or website administrator, cleaning a site with any level of confidence by yourself is almost impossible. Even if you think you have found all the malicious files and removed all the spam links, the files that make up WordPress itself may have been altered so that they reinfect a site after an attempted cleanup.

Contact your hosting provider and let them know you’ve been hacked. You might not be the only victim and the host provider’s sysadmins may already be taking action.

Securi, as mentioned above is an excellent tool, and it will attempt to auto-clean your WordPress installation. Should you choose not to use Securi, or hire a professional to clean your site, then the next best option is to delete the site and restore it from backups.

Hopefully, your site is hosted with a provider that offers a comprehensive backup service, in which case restoring the site to a previous version should be very simple. If not, we are going to assume that you have been making regular backups of your WordPress database.

Download a fresh install file from WordPress.org, to replace any files that may have been altered during the attack. Do not use the same passwords on the new install as you used on the hacked site.

After you have installed a fresh version of WordPress you can restore the WordPress database from a backup that you know to be clean.

Since you know that your site has been hacked once, and that there were vulnerabilities that malicious parties were able to exploit, if possible, it may be best to completely reinstall the server and restore from backups. At the least very scan the server with an anti-malware tool. If you are reasonably sure that the infection was limited to WordPress, then you should update all of your software to the most recent versions, to close vulnerabilities. If you’re using shared hosting your provider should take care of this for you.

If you haven’t been taking database backups, it may be possible that the WordPress database has not been breached, and that a fresh install of WordPress using the existing database is enough, but in that case be extra vigilant of alterations, follow the rest of the above advice, and start taking regular backups!

About Daniel Page — Daniel is the Director of Business Developement for ASEOhosting, a leading provider in SEO hosting and multiple IP hosting. Follow ASEOhosting on Twitter at @aseohosting.

The above article was contributed by a member of the WPHacks community. If you are interested in participating, you can find our guidelines for contributing an article here.

  1. Randy says:

    I have cleaned up many hacked sites and you should always change ALL your passwords after you verify the site is clean on Sucuri. Make sure the admin user has a very hardened password for sure.

    BTW – Most of the hacks I see are from weak passwords where the intruder simply installed a malicious plugin once they were in.

    Also, now(as in, “before you get hacked”) would be a good time to sign up for google webmaster tools and verify your site if you have not already. If your site is blacklisted, you will need this for a quick re-review to remove the warnings on your site.

    I second your good advice to seek help if you are not comfortable with fixing your hacked site. Simply re-installing WP and even cleaning your theme will not always fix it.

  2. Hillary Bost says:

    Great tips. I was hacked before and it wasn’t fun. It took a couple days to get everything back to the way it was prior to being hacked.

  3. Never ever use a pirated copy of theme/plugin or tweak codes from un-trusted sites. These are the main things that cause wordpress hacks. Also don’t fall for cheap ad networks, the code that you place can be easily hacked.

  4. Varun says:

    Nice tips, Better WP security is another nice plugin for WordPress that can help you to better protect your Website and as you have said Sucuri is must to use tool for scanning websites.

  5. Michael Crossone says:

    I also try to hacked my blogs it takes time to recover my blogs.

  6. It’s scary the number of hacked WP sites I find where the owner has no idea they were ever hacked. Fortunately the hackers usually just want to inject some backlinks to their website, but it’s still no fun to fix. So keep your install up-to-date and take regular back ups!

  7. Jim says:

    HackRepair.com is an option as well if you find you are unable to resolve the issue on your own.

Trackbacks/Pingbacks »

Leave a Reply