How I manually examined WordPress hack?

I am not very keen for using plugins and when it comes to performance, it adversely impacts the web-page load times. And this is being the main reasons I was not using threat spy plugins.

And suddenly one day I was stunned when I received an email from Google search console that my website is being hacked. I quickly ran search analysis to identify whether hacked content are indexed and I was surprised to see that 30% of my search results are converted into some Chinese jargon.

search console hacked

I quickly called my hosting provider to check for vulnerability and gradually the support call was converted into a sales pitch where I was offered to buy “Site Lock” so that it should not happen again in the future but what about the present?

I quickly realized that I will have to sort this out of my own.

Steps I did to make my website virus free

1. Through ftp I downloaded the files which were recently updated and changed
2. Simultaneously I also downloaded fresh wordpress file
3. I started comparing the fresh downloaded files with the files which were recently changed on my server.

error ftp

During the comparison I analyzed that

-there were approx. 15 unwanted new files which were recently created and they were loaded with suspicious php codes
-there were some files which were renamed as .jpeg and they had codes in it. (I was able to open this with notepad)
-WP-content files have suspicious logs which were recently created
– And file-size of my htaccess file was tremendously increased.

To get rid of I deleted these files and uploaded fresh by-default htaccess files.

Security measures I took to prevent further hacks

  1. I changed all website credentials including php-admin, wordpress admin etc and checked user information so that no one else should have access to login at my wordpress admin
  2. Updated all my plugins and removed all plugins which were not updated in last one year.
  3. I installed WPS Hide Login to change my WordPress admin url; and now my WordPress login url is not …/wp-admin
  4. And finally I installed Auditing, Malware Scanner and Hardening plugin to check for all possible attempts and changes at my account. Also check how to Enrich WordPress Website with higher level of Securities.

Few other things which are recommended-

1. Restrict for the multiple login attempts- There are plugins available which can restrict the multiple login attempts from same IP

2. Use long and strong password- You can utilize the WordPress feature of password generator to make your password highly secure

3. Disable php uploads of any files on your server; you just need to
add these codes and uload at your /wp-content/uploads/ and /wp-includes/ folder
<Files *.php>
deny from all
</Files>

4. Password protect directories- Your server cpanel has the options to password protect your folders.

Leave a Reply

Your email address will not be published. Required fields are marked *