In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

How to Fix a Hacked WordPress Site: A Step-by-Step Guide on Identifying and Removing Malware

How to Fix a Hacked WordPress Site: A Step-by-Step Guide on Identifying and Removing Malware

by Adriana Cacoveanu on Jun 19 2018

“Mysterious” pop-ups that you did not initiate, inexplicable auto-linking keywords, frequent freezing of your website... These are all but clear signs that your WordPress site has been hacked! Now what? Where should you look for the “infection”? Here's a step-by-step guide on how to fix a hacked WordPress site.

And it goes without saying that the very first step to take is to:

Keep calm!

Next, you'll need to figure out how precisely that malicious individual has found his/her way into your site. What security vulnerability has he detected and exploited?

Once you've determined how your WordPress website's got hacked, figuring out how to remove the malware is already a half-solved problem.

So, let's dig in before this hypothetical infection has spread out throughout your entire website:

 

Step 1: Identify the Hacked Files (and Change Your Password)

Remember what we've already agreed upon, that the very first step to take is precisely not to panic?

So, while keeping your cool, start your “investigations” by asking yourself 3 key questions  — this, of course, after you've already asked yourself “How to remove malware from my WordPress site?”:

 

  • Are you able to access your admin panel?
  • Is your site already marked as insecure (by Google)?
  • Is your site redirecting automatically to another website once you log yourself in?

     

At this point, I also strongly recommend that you changed your password, as well. And this before you jump to the next step of your investigation.

Note: remember to change it again after you've cleaned up your website, as well.

 

1.1. Give Your Site a Thorough Scan Using a Security Tool/Plugin

And I do think that it never gets redundant for me to stress out:

Turning on a powerful WordPress security plugin on your website is one of the best shields that you could activate around it.

In case of an emergency situation, like this one here, you'd simply enable it to scan your site remotely and track down malware locations and malicious payloads and, most of all:

A good security plugin would identify and alert you, in real-time, of all the changes made to your website.

Note: everyone knows it, yet most website owners stubbornly ignore the importance of keeping their loads of WordPress themes and plugins updated regularly. They just overlook the fact that out-of-date files are by far hackers' “top favorite” security vulnerabilities. 

 

1.2. Check Whether Your Core Files Have Been Compromised

And since they're by far the most valuable files on your site, it's only normal to check their integrity first things first:

 

  • wp-includes
  • root folders
  • wp-admin

     

Most of these core files should never ever be modified.

And there are 2 ways of checking them:

 

  1. you either use the diff command in your terminal
  2. or you check them manually, via SFTP

     

If they're unchanged and therefore clean, move on to the next step of this “how to fix a hacked WordPress site” guide:

 

1.3. Check the Integrity of the Recently Modified Files

It may also be that precisely the recently modified files on your WordPress site are the “corrupted” ones.

To know for sure, identify the files that have been recently modified.

And again, you have 2 options at hand for this type of “investigation”:

 

  1. the manual check
  2. running the right commands in your Linux terminal

     

For manually identifying these newly changed files that might have been hacked just go through these steps here:

 

  • log into your server (use the SSH terminal or an FTP client)
  • if it's SSH that you're using, then it's this command that will automatically list all the files that got modified the last 15 days: $ find ./ -type f -mtime -15
  • if it's SFTP that you're using, just scan through the last modified date column for all files on your server
  • … detect any files that recent changes have been made to

     

Now for tracking down these possibly “infected” recently modified files using the terminal, just follow these 2 simple steps:

 

  • run this command in your terminal: $ find /etc -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r 
  • next, if you want to identify the directory files, enter this command: $ find /etc -printf '%TY-%Tm-%Td %TT %p\n' | sort -r 

     

Are there any unexplainable changes made to those files in the last 7-30 days?

 

1.4. Check the Diagnostic Pages 

A conveniently handy way to remove a virus from your WordPress website is to “track it down” using Google's or another website security authority's tool to give your site a deep scan with.

Has yours already been blacklisted by one of these authorities?

Then simply run the Google Transparency Report:

 

  • go to Safe Browsing Site Status website
  • enter your website's URL there
  • check both the Site Safety Details and the Testing Details sections 

     

It's a quick and easy way to collect valuable information about any suspicious downloads, redirects, and spams on your site, as well as priceless data about Google's recent scan that ended in malware being detected.

Note: another way of identifying malware that's within your reach is by using a free webmaster tool — Google Webmasters Central, Norton SafeWeb, Bing Webmaster Tools etc.

 

Step 2: How to Fix a Hacked WordPress Site: Removing the Detected Malware

After all your preliminary investigations, you should put together your battle plan for actually removing the identified hack from your WordPress site. And for restoring it to its pre-hack clean state, too, obviously.

For this, here are the most effective measures at hand for you to apply:

 

2.1. Is a Clean Backup Available? Use It to Compare Pre-Hack to Post-Hack Files

Is there any need for me to stress out that:

You should back up your website on a daily basis!

And the very situation that you're in now is by far one of the strongest reasons to do that:

“How to fix a hacked WordPress site” will get reduced to: “simply comparing a clean backup to the current hacked version of your site!"

Identify the files that have been modified and get them removed.

It goes without saying that you risk losing some of your files —  those added/updated after the last backup — but you do want a clean website now, don't you?

2.2. Remove the Identified Infected Files from Your Website

Once you've restored your WordPress backup, you can easily remove any suspicious plugin, theme or other types of file.

Note: do handle core files with utmost caution, though! Mind you don't accidentally overwrite your wp-content folder or your wp-config.php file.

When it comes to infected custom files, you could replace them with a clean recent backup or with fresh new copies.

“But how do I remove “malicious” code manually?” you might ask yourself.

Let me go briefly through all the key steps required:

 

  • log into your server (via SSH or SFTP)
  • back up your website
  • track down the recently modified files
  • replace any suspicious files with copies from the WordPress repository
  • use a text editor for opening up any custom files there and remove any suspicious code that you'll detect 
  • test your newly cleaned up website

     

Word of caution: manually removing a malware infection from your WordPress site does call for special safety measures. Never remove corrupted code without first backing everything up!

 

2.3. Remove All Malware Infections from Your Database Tables, as Well 

Now, you do agree that a “how to fix a hacked WordPress site” tutorial couldn't possibly skip the step where database tables get cleaned up of any malware infection.

Here's how you do it:

 

  • connect to your database using your database admin panel
  • create a backup of your database
  • give it a deep scan looking for any suspicious content 
  • if detected, open the table containing that specific link or spammy keywords
  • manually remove that infected piece of content
  • give your website a “post database clean up” test
  • remove any tools that you might have used specifically for this operation —  Adminer or maybe Search-Replace-DB

     

2.4. Check All The User Permissions: Look for New, Unfamiliar User Accounts

My advice to you, when it comes to user accounts, to user roles and permissions on your WordPress site is to:

Keep just one single admin user and stick to the essential user roles (and granted permissions):

  • author
  • editor
  • contributor 
  • etc.

     

This is one of the most effective prevention measures that you could take so you don't end up asking yourself How to clean up a hacked WordPress site?”

Now, coming back to our investigation here, here's how you remove all the unfamiliar WordPress user accounts from your website:

 

  • first, back up both your site and your database
  • log into your admin panel and click the “Users” tab
  • track down any unfamiliar new user accounts there, hover over them and delete them

     

Note: another wise thing to do is to re-check each user's roles and permissions. If you feel like updating them, simply use the users' role editor plugin.

 

2.5. Detect and “Close” all the Backdoors

And you want to treat this aspect with maximum seriousness. Otherwise, following each and every step indicated to you in this “how to fix a hacked WordPress site” tutorial becomes... pointless.

For the attackers would always have this “secret passage” to infiltrate themselves into your website over and over again.

“But what are backdoors more precisely?” you might ask yourself.

They're files similar to your site's core files — wp-config.php and key directories such as /uploads, /themes, /plugins —  yet strategically placed in the wrong directories. 

Here are some PHP functions that you could recognize them by:

 

  • str_rot13
  • assert
  • base64
  • move_uploaded_file
  • eval
  • system
  • stripslashes
  • gzuncompress

     

Word of caution: keep in mind that there are plugins on your WordPress website that could be legitimately be using these PHP functions; therefore, make sure you test all those "apparently suspicious changes" before rushing to remove the so-called "malicious" functions. Otherwise, by removing benign functions, you might just break your website.

 

2.6. Request a Review of Your Site, to Have all Malware Warnings Removed

Now, once you've repaired all the damage caused on your Wordpress site, it's only but logical to... let the blacklisting authorities know that your site's clean now.

For this, you can just request a review of your recovered website.

 

2.7. Change Your WordPress Salt Keys 

The very last step to take in this “How to fix a hacked WordPress site” process is to change the security keys from your wp-config.php file:

This way, even if a potential attacker stole your password, he would get automatically auto-logged out once you've changed your WordPress salt keys.

Next, you can just change your password, as well as the ones of other users on your site.

 

Or, Just Cut All These Steps Down to a Single One: Preventive Maintenance

Which means adopting a WordPress maintenance and support plan tailored just for you and your specific security feature needs.

This way, not only that you'd save the time (and spare your nerves) that you'd otherwise invest in carrying out all the steps included in a tedious “how to fix a hacked WordPress site” process, but:

From running regular updates to on-going maintenance of your website's core components to regular security audits, you wouldn't need to... move a single finger. Our WordPress maintenance and support team would handle it for you.

“Prevention is better than cure” is so much more than just a saying...

Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

5 SEO Best Practices When Building Your Magento Store
  The eCommerce market is getting more competitive. As the digital world expands at a rapid pace and online stores become the norm, eCommerce retailers must find new ways of differentiating their brands from the competition. A reliable method of building a solid online presence is search engine optimization (SEO).  To generate more organic traffic on your website, you need to improve your search engine rankings. With the right SEO strategies in place, you will not only rank higher on Google but also get more value from your Magento eCommerce store.  Keep reading this article to discover five SEO tips for driving better search engine rankings and organically grow your business.   Tip #1: Optimize Meta Tags.    Title tags and meta descriptions help search engines understand the content on a page. Optimized and well-written meta tags can attract more visitors to your site and increase your organic traffic.  SEO-friendly page titles have between 50-60 characters and include the main keyword from a particular page that you target. When it comes to meta descriptions, their length should be between 50-160 characters and incorporate primary and secondary keywords. Although inserting keywords is essential to improve your SEO, it's also important to pay attention to the way your description sounds. It shouldn't be forced or unnatural.    Tip #2: Realize an SEO-Friendly URL Structure.   When working with Magento, it is advisable to use the following URL structure for your pages:  website.com/category-sub-category/product name/ for product pages website.com/category/ for category pages website.com/category/sub-category/ for sub-category pages   To remove the "index.php" part from your URLs, you need to enable URL rewrites. You can do this by clicking on Stores - Configuration - General - Web, then enter the Search Engine Optimization tab and then click on YES in the Use Web Server Rewrites section.  By doing this, you'll create cleaner, more readable URLs, which will make it easier for you to complete a website migration in the future if that will be the case.    Tip #3: Spend Some Time on Product Descriptions.   As many eCommerce sites sell products manufactured by other companies, the product description they receive from the manufacturer is often the one actually used on the site. Consequently, product pages may end up containing little valuable content that doesn't provide significant insights to visitors. Also, Google doesn't usually rank these websites very high, so you need to start creating your own unique product descriptions.   Tip #4: Accelerate Your Site's Speed.   Today, speed and accessibility are what digital customers are looking for. Around 40% of people abandon a website that doesn't load in less than three seconds. A ranking factor used by Google for mobile is page speed, so it's essential to take all the measures to accelerate your loading speed. Here are some tips for this: Migrate to a new host. Try searching for a Magento hosting package as it will be optimized for Magento's infrastructure and capabilities.  Use browser caching. By doing this, users that visit your website won't need to download the same files each time they enter your site, which improves load speeds.  Don't forget about a content delivery network. There some free options on the market that you can use with confidence.    Tip #5: Leverage Magento SEO Plugins.   Fortunately, Magento has high-quality extensions for boosting your website's SEO, like ReloadSEO or SEO Suite Ultimate. Investing in SEO extensions is a great way of taking your SEO efforts to the next level and improve your SERP rankings and organic traffic.  Or you could let a team of experts like Optasy do the hard work for you. We can help you build your SEO-friendly website and grow your business in the digital world. Don't hesitate to contact us for more details.  Photo credit: Myriam Jessier on Unsplash.     ... Read more
Raluca Olariu / Apr 22'2021
These Magento Extensions Will Boost Your Sales - Part Two
  Our last article discussed some of the critical Magento extensions for marketing and customer experience. This blog post contains valuable insights into other essential Magento plugins that target financial, shipping, and analytics aspects. Keep reading to discover how these extensions can improve your conversion rates.    Magento extensions for payments    Stripe Payments This Magento extension is used for processing credit and debit cards, as well as mobile wallets. If you want to position yourself as a trustworthy seller and deliver safe and secure payment options, Stripe is a must-have.  Benefits: Great integration. Stripe recognizes and accepts all major credit and debit cards and a wide range of currencies. Modern features. With Stripe, you can also use mobile wallets such as Apple Pay or Google Pay.  Compatible with a multi-store scenario.  Provides secure payment processes by using advanced machine learning algorithms.   OneStepCheckout This is a very handy extension that simplifies the checkout process of your Magento store. Shopping cart abandonment is a real problem for online retailers nowadays, and the Magento eCommerce platform offers an overwhelmingly complicated checkout process.  By installing OneStepCheckout, you'll make it easier for your customers to complete a purchase and increase your conversions. Benefits: Accepts all major payment providers. Cost-effective checkout solution. User-friendly and responsive design. This extension looks and works great across various screens and devices. Highly customizable. Adding and removing fields is easy with OneStepCheckout.   TaxJar Sales Tax Automation Sales tax can be a burden for many business owners. Fortunately, TaxJar can do it for you. With its automation capabilities, this Magento extension helps you prepare returns and calculate your taxes more efficiently.  Benefits: Real-time sales tax rates and calculations. Access TaxJar's APIs and real-time sales tax rates at checkout without compromising on the performance of your website.  Seamless and automated filling. With TaxJar's AutoFile feature, you can rest assured that your returns will be submitted correctly, on time.  Global rates. You can also use Tax Jar for taxes across multiple countries with accurate rates.    Magento extensions for shipping   Delivery Date FIne-tuning the delivery schedule for your customer needs will definitely boost your store's credibility and profitability. With Delivery Date, there will be no more missed packages due to the ultimate shipping customizability feature.  Benefits: Flexible. Allows the customer to select the date and time of their delivery.  Delivery notes. Customers can leave comments and provide additional instructions for the delivery.  Exclude dates. Delivery Data allows you to exclude any date from your delivery options.   ShipStation ShipStation powers shipping efficiency of all sizes. Order management is essential for large eCommerce stores, and it can become challenging. This Magento extension supports businesses in managing their shipping without headaches. Benefits: Returns are easy. Returns and refunds are streamlined for better customer experiences. Centralized orders. With ShipStation, you get to keep all your orders and shipment details in one place.  Order confirmation.    Shipping Suite This complex Magento extension provides customizable shipping and logistics for eCommerce stores. Shipping Suite is a 3 in 1 solution that allows you to take complete control over your delivery process through 3 innovative shipping management tools: shipping table rates, rules, and restrictions.  Benefits: Shipping approximations. Your customers are well informed about their shipping in advance thus reducing cart abandonment.  Highly customizable. You can choose which delivery providers to use and select the rates based on location.    Magento extensions for analytics   Google Analytics plugin for Magento 2 Easy yet powerful, this extension helps retailers track their web store's traffic more efficiently.  Benefits: Better customer insights. This extension allows you to track your customer's activity in your store.  Enhanced marketing. With better customer visibility comes better monitoring of your marketing campaigns.   Improved personalization. By understanding your customer's behavior more clearly, you can act upon personalizing their experience on your site.    Advanced Reports This Magento extension helps marketers with data visualization and management. It includes several reports and monitors different sales performance metrics in your store.  Benefits: Specific reports. You can analyze your reports based on categories. Payment and discount tracking. With Advanced Reports, you'll be able to see how your discount codes are performing and which payment methods lead to the most conversions.    Magento extensions for security As security is getting more and more critical in the digital environment, security extensions are a must to keep your online store secure.    Two Factor Authentication  Through this extension, you can improve your protection against fraud and identity theft. The Two Factor Authentication (TFA) algorithm adds an extra layer of security to your website and reduces the risk of cyber theft. Benefits: High compatibility. TFA works with several operating systems.  High security. The secure code sent to your configured smartphone to complete the log-in process is only available for 30 seconds. This prevents someone from hacking your website.  Failsafe. With TFA, your eCommerce site will be secured even if the security of your passwords is jeopardized.    Fraud Prevention To avoid fraudulent purchases and payments, installing this Magento extension is a must as it helps you track and block suspicious payments. Benefits: Automatic fraud detection. The extension automatically blocks purchases that match previous suspect purchases.   Custom blacklisting rules. You can create blacklist rules based on various customer attributions like name, address, ZIP, or IP address.    Conclusion Magento is a reliable choice for building and managing robust eCommerce stores. However, to make the most out of its capabilities, installing Magento extensions is necessary. You're now familiar with the most popular and useful plugins for enhancing and securing your website.  If you're still unsure which extensions you should select for your site, send Optasy a message. We'll gladly support you in your journey towards building your successful eCommerce business.   Photo credit: geralt on Pixabay.  ... Read more
Raluca Olariu / Apr 19'2021
These Magento Extensions Will Boost Your Sales - Part One
  As one of the most popular eCommerce platforms, Magento empowers retailers to build engaging, shoppable customer experiences in the digital world. By leveraging next-generation technology and a massive extension library, Magento helps B2B and B2C organizations create highly personalized shopping experiences for their customers.  Since the level of customization is so high for Magento users, they can often find it hard to choose from so many options and decide which plugins and extensions are truly efficient for their business needs. That's why we've created this article, to shed a light on some of the most useful and reliable Magento extensions that can help you make the most out of your Magento eCommerce website.    Magento plugins for marketing    Facebook Pixel for Remarketing This Magento extension collects data from your customers that browse your products and then runs your ads to those users when they enter the social media platform. You want to keep your product in front of your customer's eyes and here's where retargeting and remarketing play a crucial role.  Benefits: Automatic. Collecting user details is done automatically by Facebook Pixel—no installation is required on your end.  Easy exporting. Facebook Pixel lets you easily export products you want to promote on Facebook. Event tracking. You can personalize the way your customers interact with your brand and content by tracking events in your store and sending that information to Facebook.    Omnisend If you're searching for an all-in-one omnichannel marketing automation tool, then this suite is the right choice for you. Keep in mind that this is not a typical email marketing tool. Omnisend allows integrating multiple channels (email, SMS, web push notifications) in the same automation workflow. This extension can be integrated via an open-source plugin developed by a 3rd party.  Benefits:  Robust automation. In the era of digital workspaces, being able to bring all your channels together and integrate several channels in the same automation workflow is a must.  Easy message building. The visual email composer offered by this extension allows users to use a template or build their content from scratch in minutes. Streamlined targeting. By using segmentation based on profile data, shopping behavior, and customer engagement, targeting is much easier to manage.  Contact capture. With the help of landing pages, embeddable forms, and dynamic pop-ups, you can capture contacts more easily.    Mconnect Customer Specific Product & Price Personalization is a big deal in today's digital world so this extension should be part of your arsenal. How does it work? Let's say you want to personalize a particular segment of customers to receive a specific sale. With this extension, you can update it so only particular customers see your sale prices. The same way goes for on-site product listing so you can show customers only the products they are interested in.   Benefits: Persoalization, personalization, personalization. If you want to thrive in today's competitive digital landscape, your site content and your omnichannel campaigns must respond to your customers' needs. Customization. With Mconnect Customer Specific Product & Price, your customization capabilities are endless and will allow your store to respond to customers with products, prices, and relevant content.  Priority for prices. You have the power to decide which price gets priority for a particular segment.   Magento extensions for user experience   Yotpo Reviews According to a recent study, 91% of 18-34-year-old consumers trust online reviews as much as personal recommendations. Customer product reviews are an invaluable resource for developing customer trust. Yotpo's Magento extension supports you in collecting and publishing reviews on your website from customers that have made a purchase from your store.  Benefits: Social media integration. You can easily share your reviews on social media. Product images. Any customer can upload images with the items they've purchased for more credibility. SEO boost. Use snippets, Google Seller Ratings, and Product Listing Ads to boost your reviews index.   LoyaltyLion Any successful eCommerce marketer knows that a loyalty program is essential to transforming customers into a community. This Magento extension improves the customer experience by allowing you to provide referral codes and rewards to your customers thus encouraging them to share your services with friends and family. Benefits: Loyalty points. With this extension, your loyal customers have the opportunity to earn activity points which they can use later to claim special rewards. 100% customization. You can personalize your shopping program so that it fits your business and customers. Loyalty tiers. Your most loyal users will earn the best rewards which will motivate your shoppers to interact with your brand on a constant basis.   These are the most powerful Magento extensions for eCommerce websites that target marketing and user experience. We'll be back with part two of this article to discuss more details about Magento extensions for payments, shipping, analytics, and security. If you want to expand your Magento web development capabilities and empower your website to build robust digital experiences, check out Optasy's leading services in developing thriving web experiences.   Photo credit: geralt on Pixabay. ... Read more
Raluca Olariu / Apr 16'2021