Hacked WordPress (Malware)
READING TIME: MIN
If you stumble across the situation to deal with compromised websites and malware present in your hosting then probably the best thing to do is to turn to a professional. This can either be an experienced WordPress developer or it can be a security company. However, if you decide that you can do it on your own you can give it a try and follow this basic plan.
1) Before you start it is recommended that you restrict access to your site and allow access only for your IP. This can be done via the .htaccess file and you need to add the lines at the top of the file:
deny from all
allow from IP_ADDRESS
Where IP_ADDRESS is the public IP that you will use to access the site.
2) Then create a backup of the current state of the website plus the database and download them locally on a device that you will conduct the cleaning. The easiest way to do that will be via FTP. Or you can also use tools such as scp, get, and rsync.
3) Once the website files are downloaded you can then scan them with your antivirus program or with another scan tool. There are also online scanners that allow you to upload and scan files. Most of the time the infected code is easily recognized as it is heavily obfuscated and nothing similar to the other code. It is also recommended that you take a look at your .htaccess file, the wp-config.php file, functions.php file, header.php file and look for any suspicious redirects and URLs set.
4) Reinstall and remove all the plugins. Then install them again with their latest versions.
5) Reinstall the theme and then re-install it again with the latest version.
6) Once you have cleaned the files run a local scan on them once again to make sure there are no more infected files. And you can then again re-upload the clean version plus the database into the document root of your server/hosting and do not forget to remove the deny rule from the .htaccess file that we set in point one.
Besides, it is very recommendable to consider the following actions:
– Scan your local computer for any malware;
– Reset all passwords related to your hosting account (including cPanel, FTP accounts, Email accounts);
– Use strong passwords;
– Remove any unnecessary data within your account – that includes scripts, media, plugins you are not using, and themes that you are not using;
– Double-check your permissions – with few exceptions, your data should have permissions 644 for files and 755 for directories;
– Update your WordPress and plugins/themes accordingly
– Make regular backups. Most hosting companies are making backups however it is also recommendable that you make backups on your own and store them locally or on another server. And always have at least one copy of your site that you know for certain is not infected.