Fix & Protect Your Hacked WordPress Site

Fix & Protect Your Hacked WordPress Site

– Original article by Hristian, via TSOHOST – Edited


Websites get “hacked” all the time, and the symptoms a site experiences as a result differs from case to case. Your website might redirect to a website you have never seen before, it might get flagged as malicious by Google, or it might have even developed a keen interest in improving your visitors’ sexual life through medicaments and dating websites.

No matter what your site’s symptoms, there’s almost always a cure. Let’s explore how to identify and remove malicious content, and the steps you can take to make sure your site does not surrender to hackers again.

A ‘403 Forbidden’ Error

If a ‘403 Forbidden’ error displays when you visit your website, it’s safe to assume that your hosting provider has identified malicious activity and has gone ahead and disabled your site. Hosting providers usually disable your site to help protect other sites on the server, your brand, and to reduce the likelihood of the malicious content affecting your Google ranking.

To rid your site of malicious content, firstly, you will need to grant your computer access to your website. In order to do this, you will need your computer’s IP (the unique number that your computer identifies with on the internet). You can find out your device’s IP simply by visiting www.whatismyip.com

The underlined number is your IP. Take note of it as you will need to reference it later on.

tsohost-blog-whatismyip

Allowing Your IP Access:

To allow your IP to access your site you need to make a small change to your site’s ‘.htaccess’ file. Locate your ‘File Manager’ in your hosting account’s control panel; open your ‘public_html’ folder and then open your ‘.htaccess’ file. Once open, you should see a text file just like the one below:

tsohost-blog-allowingip

The ‘deny from all’ line, is what is blocking users from visiting your site. To grant yourself access, add ‘allow from *enter your IP*’, below ‘deny from all’:

tsohost-blog-denyfromall

Once saved, you and only you will be able to access your WordPress admin panel from this single device.

Identifying Malicious Content

Now you have access to your admin panel, you can take steps to identifying and removing the malicious content from your site. To do this, it’s recommended that you install the Wordfence plugin, an excellent anti-malware solution that scans your site for issues.

tsohost-blog-identifyingmaliciouscontent

Once installation is complete, Wordfence will appear in the left-hand side bar of your WordPress admin panel. Click ‘Wordfence’ then ‘Scan.’ All your websites files will now be scanned for any content that could be malicious. All identified issues will be highlighted with ‘next step’ suggestions.

Additional Measures

If Wordfence doesn’t locate the malicious content, you can run your site through a second scan using Sucuri, an excellent third-party company that specialises in malware detection.

Also, you can always contact your hosting provider to check for you, too, or to restore the website from a backup generated when it was clean (if that is a service your hosting package includes).

How to Prevent Future Exploits

Keep WordPress and all your plugins updated

More often than not, one outdated plugin is all it takes for someone to exploit your website. Every single plugin and WordPress update introduces security fixes which, if not applied, leave your site open to known vulnerabilities. It’s strongly advised that you only use plugins from established developers, and, when an update becomes available, do run it as soon as possible.

Make sure that your devices are clean

Sometimes a sneaky file might go through with a regular application that you are installing leaving access to your computer open. Common viruses include keyloggers, which send all your usernames and passwords to someone as you type, and Trojans, which leave your password file visible to hackers. Run antivirus scans on all the devices you have used to access your website and as an extra precaution reset all related passwords.

Avoid plugins with known exploits

If you are about to install a new plugin, hold back for just 5 minutes. Before you go ahead and install it, carry out a simple Google search to uncover any known exploits – it could save you a lot of hassle. Take extra care to ensure that you do not download anything ‘nullified’ or from an unofficial source.

Reactivating Your Website

If you are sure your site is free from malicious content, you can now reactivate global access to your website.

This involves returning to the ‘.htacess’ file in your’ public_html’ folder and removing the ‘deny from all’ line. A default WordPress .htaccess looks like the following (please note that some of your plugins might have added some content to the .htaccess file which is legitimate. This applies mostly for caching plugins):

tsohost-blog-reactivateyoursite

Once the ‘deny from all’ rule is removed, your website will be visible to everyone.

If you have taken the preventive measures above, the likelihood of these or any other issues reoccurring is fairly slim, so reward yourself with a cup of tea or a pint. It’s not every day you fix a hacked website!


(Via www.tsohost.com– Edited from source: tsohost.com/blog/fix-and-protect-you-hacked-wordpress-site)

About the Author