NOOBWarrior

Digital Marketing Blog

You are here: Home / Internet Marketing / Increasing Wordpress Site Security: Hacked!

By 1 Comment

Increasing WordPress Site Security: Hacked!

Increasing WordPress Site Security: Hacked!

I just wanted to write a quick post about the importance of securing WordPress sites with the appropriate plugins. Plus keeping things up-to-date, including back-ups and themes.

Recently I had gotten lazy recently and neglected the security of some of my sites. Because of this I have just wasted the best part of a day cleaning up ones infected by malware…

One I had identified as being compromised when I found it redirecting traffic from Firefox Google SERPS to spam sites. It had begun to lose its ranking from stable #2 slot to #6 and dropping.

The second was another high traffic site that started doing the same yesterday, but I caught in time before it had an effect on rankings.

The other two sites were much older and more experimental. They had been left alone for almost a year. The damage was much more severe.

Upon closer inspection, one had the WP database completely removed, so was kind of decapitated and the other refused to talk with the db so I couldn’t access the WP-Admin.

Annoyingly, I ignored a Google Webmaster Tool alert saying one of my sites couldn’t be crawled a couple of weeks back.

GWT Googlebot no access

The Common Theme?

All infected sites were all using very popular themes or frameworks and had exploits that had been found and, er, exploited.

Some were on the older Thesis 1.85 framework and other on the newer Genesis 2.0 framework.

The sites that were not effected were running very uncommon, weird-ass themes.

How To Avoid WordPress Security Issues: Good Habits

  1. On every install of WordPress, before you do anything else, install the Bulletproof plugin. Make it your first plugin on every fresh install.
  2. Note that it will overwrite the .htaccess so make sure you save any redirects or custom code and add it back via the Bulletproof options
  3. Install “Limit Login Attempt” – This will prevent brute force access to the WP-Admin area.
  4. Take regular back ups of your site
  5. Keep all plugins, themes and WordPress installs updated. This will minimize exploits.
  6. Change passwords regularly. Don’t use the same ones for everything (Note to self).

How To Check Your WordPress Sites For Malware

  1. Use the free scan from Sucuri.net
  2. If you are clean, good news!
  3. If not, first block people from accessing the site via the .htaccess and just allow your IP through
  4. Then install the anti-malware plugin from GOTMLS, register and update it, then perform a full scan.
  5. Hopefully this will pick up the infected files and clean them up.
  6. Once done, rerun.
  7. If still clean install the Sucuri.Net plugin and run their internal scan
  8. If all clean then run the main Sucuri.net scan again. Note it may be cached.
  9. If clean, install Bulletproof plugin, update all plugins and breath a sigh of relief.
  10. Important: Check the site again in a few days using  Sucuri.net again. Some malware can hide and repopulate when it thinks the coast is clear.

What To Do If You Cannot Access The Site Anymore

Cry. No, wait, dig out the back up. What backup?! Go ahead, cry.

Sometimes a site is just too far gone to save and you may not have a decent backup to work with (like me). It may have a db issue or the code is so  screwed you can’t access the Worpress CMS anymore. Unless you are a good PHP developer or you want to pay someone to fix it, sometimes the quickest thing to do is save what you can and start again.

If the database is still intact, then use PHPMyAdmin via your hosting cPanel or equivalent to export the database from the site before you start the cleanup. Follow this guide.

This database has all the valuable posts and pages and comments in it.

The actual .php WordPress  files are not that valuable. The theme, plugins and styling can all be re-installed and the chances are you still have your images saved locally. If not, images are stored in the site files and rarely become infected so you can reuse.

They are found in /wp-content/uploads.

Either way the content is the valuable asset you are trying to save here.

You must remove all the old site files from the server. Use an FTP client like Filezilla. Back up what you want to keep locally like images. Then do a fresh install of WordPress.

If you like me, one of the sites had lost its MySQL database, then the only other thing you can do is resort to WayBackMachine and pray they have some archives of the content.

Once you have a fresh WP install, you can go about rebuilding the site from the content saved in the old database.

Using PHP MyAdmin:

  1. Import the saved WP database
  2. Access “Posts”
  3. Copy the “published” posts and start to paste into the new site posts one by one.
  4. Use the “Text” Option as their will HTML in there.

There will be a way to marry up the old WP db to the new install. But I don’t know how to do that. This option is worth pursuing if you have a larger site, in which case you should be getting some pro help anyway.

If you have any questions or advice to add let me know.

About Nick Joelson

Nick Joelson is an online marketeer with over 10 years in the business. Works with large organisations to design and implement their digital marketing strategies. In his spare time likes to get his hands dirty with some real IM work...

Comments

  1. Laurie says

    Been there done that…only with a client’s site. Had to spend a weekend fixing it because of course they only get hacked on Friday nights.

    Reply

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Affiliate Disclaimer

Online marketing is my passion and this website was born from a place of wanting to pass on the knowledge that I have learned to my peers.

The reviews and recommendations for products on this site are there because I believe in them and use them in my business and they are making me money.

I receive a small commission for some of these products.

Follow me around