Is there a bigger nightmare for a website owner than to see his online presentation being hacked. When cybercriminals take over someone’s website they use it for various purposes of which each one has terrible consequences to website owners.
In most cases, they deface your website or take it offline, send spam emails, make malicious redirection, phishing, etc. In the worst-case scenario, they will steal all user’s data.
How Do You Know Your Website Is Hacked?
You can’t log in even after resetting your password.
It has visually changed but you had nothing to do with it.
It’s redirecting to another website.
Browser warns you when you try to access your website.
There are several ways to prevent your website from being hacked. If your website gets infected, the key question you’d have is – how to clean it from malware? The answer is simple and devastating – no way.
But before you think that you’re in a hopeless situation, there’s good news – even though malware is very difficult to clean, there’s another solution. But first, let’s take a look at how cyber criminals infect websites at all. There are two common ways they intrude on a website.
The first way is when you leave your WordPress installation not updated for months or years. WordPress is very complex in its structure, although it may not seem that to those who are unacquainted with web programming, and amateur developers often make a mistake.
These glitches are usually fixed as soon as they are discovered and if you regularly update WordPress and its plugins then you have nothing to worry about. But in case you don’t update your WordPress and plugins, these omissions will continue to exist on your website.
continuously dig through all the websites and check for any kind of glitches.
When they find a glitch, they insert their script into your website, and then
your misery begins.
Also, never use cheap hosting if you want to avoid your website being taken down. Yet, there’s an option that’s highly acceptable in this case and still has the characteristics of being affordable – MySQL hosting.
Some MySQL hosts aren’t budget-friendly if you want them to include advanced security measures but the best ones provide a balance between features and prices. Just like any other open-source database solution, MySQL server faces numerous security challenges. Given that MySQL databases, who are behind every WordPress site, hold sensitive personal information, they’re often targeted by hackers.
But, as we mentioned, if you choose the right hosting service, it will successfully protect your website from hacking attacks despite being cheap compared to some other hosting solutions.
The other way cybercriminals intrude on the website is through null plugins and themes. These themes and plugins are commercial and you have to pay to have them but, whoever made your website may have downloaded them for free on a warez website (websites of software resellers), i.e. you didn’t purchase them.
All these paid themes and plugins that you download for free aren’t really that free – you’ll get the “bill” a little bit later from cybercriminals. Soon, cybercriminals add malicious software to almost all of these null plugins and themes that allow them to intrude on a website that has a null theme or plugin installed.
Globally, the most common ways to hack your WordPress website are through plugins, brute force attacks, poor hosting, file permissions, etc.
Why is it so difficult to clean up malware? First of all, it’s generally well hidden. It’s often located in the middle of a PHP file and looks like a legitimate piece of code, as an integral part of a plugin or theme.
In order for cybercriminals to create a backdoor to enter your website, they usually only need one line of PHP code so it’s more difficult to spot something like that. Secondly, once they enter the website, they make sure to put the backdoor in several other places on the website.
They infect several randomly selected PHP files in any folder and set a few more upload scripts in completely legitimate WordPress folders.
This is where the main problem emerges – if your website is infected, be sure that it isn’t only infected in one place but at least in several more. Cybercriminals do this deliberately to secure control of the website because if you detect their malware in one place and remove it, they can enter through a dozen more holes.
You will spend hours finding malware, you’ll find it in one place, you’ll clean it, but they have inserted so many malicious lines so they can re-enter the website again in a few hours. It won’t even help you to override the entire WordPress installation with the most recent WordPress files since malware is often inserted as a separate file. WordPress itself doesn’t contain that file and, logically, there will be nothing to override that file.
Also, there’s no way for antivirus software to detect malicious software with certainty. That’s because hackers can write their own malicious PHP code and use legitimate PHP functions that won’t be suspicious of antivirus software at all.
Not even the effort of the server administrator to sort all the files by the modification date, that would locate the modified or newly uploaded files, wouldn’t help if the hole is made in the plugin or theme.
[su_note note_color=”#f40058″ text_color=”#ffffff” radius=”3″ class=””] Also Like Paladin Tier List [/su_note]
Steps to Perform in Case of a Hacked
advantage of the first moment when you’re able to log in and put your website
into maintenance mode – don’t let your visitors be aware that you are hacked.
website can be the solution, but again there is a problem – you have no idea
when the website was actually infected. Cybercriminals could’ve infected it months
ago, or a year ago, without performing any activities during that time so you
had no idea that the website was infected. Their attack starts suddenly. To
you, it looks like the website was hacked yesterday and you restore files from
a backup from a month ago… Sorry to tell you but that backup contains malware,
right decision is a radical cut, and its essence is to delete all PHP files
from your website via FTP and leave only uploaded images and a configuration
file to connect to the database (wp-config.php in WordPress). Follow these
Via FTP, delete all files from the website except the
wp-config.php file and the /wp-content/uploads/ folder. Don’t delete uploaded
Using FTP, open a wp-config.php file in an editor such as Notepad
++ and make sure there isn’t any code that looks like a bunch of letters or PHP
code that you’re sure is not part of WordPress and that’s malware. If you see
malware, delete the whole part that contains it. Turn on Word Wrap in the
editor so that you don’t skip the malware if it’s placed behind some faraway
character in the line, behind the visible field (in Notepad ++ it is in the
menu View -> Word wrap). If you aren’t sure what’s what in that file and how the normal wp-config.php file looks like, you can re-generate a
brand new wp-config.php file for your website by entering MySQL login
Via FTP, enter the /wp-content/uploads/ folder and then look into
each of its subfolders, as well as subfolders of subfolders. Sort the files by
file type, that is, by extension and make sure that there’s no .php file in any
of the subfolders. If you notice some, delete it immediately because it’s,
Download a fresh WordPress installation from
https://wordpress.org/download/ and upload it using FTP.
Log in to your website in /wp-admin/, install the same theme,
previously download the latest version of the theme (never use the old one) and
install the same plugins you had before deleting.
Change the WordPress admin password in /wp-admin/.
Delete all other admin users in /wp-admin/.
Change the FTP password. This is, generally, also the password of
the hosting account so in most cases, you can do so in the hosting cPanel.
Change the MySQL password. This can also be done in the cPanel.
Then, via FTP, enter the new MySQL password in the wp-config.php file.
In case of a
hacking attack, your website will be red-flagged by search engines. That’s
because, during a hacking attack, sitemap.xml file is compromised. Regenerate
your sitemap using SEO plugin that came with the WordPress and then inform
Google, by adding your website to Google Search Console and submitting a
sitemaps report, that you cleaned your website.
must-do when owning WordPress website: Update WordPress and plugins on a
regular basis because, as we said, it often happens that omissions in plugins
are detected and sometimes in WordPress itself. If you don’t update them, the
hackers will surely take advantage of these gaps and intrude on your website.
WibiData Provides Tech Reviews and Tech News to its readers and Gets the latest gadgets news and analysis on AI, How To, and Gaming.