Takeaways from Fixing a Hacked Site

Seth Alling

At last month’s Metro Detroit WordPress meetup, Seth Alling presented on hacked sites, discussing the causes and what you can do to prevent your site from being hacked.

Members shared some of their own stories of hacks as well as useful resources. It was a great discussion at the end of the talk; thanks to Seth for his presentation!

And thanks to new member Christine Zheng, we have a recap of Seth’s presentation. Here are Christine’s notes:

Fixing a Hacked Site

Hack Types

There are three common hacks:

  • WordPress plugin hack
  • Malware hack
  • Themes hack

There are many causes of hacked sites, including:

  • Poor hosting
  • Bad or poorly coded plugin
  • Out of date software, which can be targeted by malware
  • Improper file permissions

To find the cause:

Step 1: Use Shell commands

List file with improper file permissions
find .–perm 777

List php files modified within last day
find .-name”.php” –mtime 1 -print

List general-template.php files with base64
Find.-name “general-template.php” – exec grep –H”base64”{}\;

List general-template.php files with base64 in text file
find.-name “general-template.php” –exec grep-H”base64{}\;”>hacked.txt

Step 2: Establish Your Game Plan

Don’t just dive in, figure out the best solution. For example, if your host doesn’t provide shell access, contact your web host customer support.

Step 3: Remove Hack and Change Passwords

Find out what is really causing the problem.

Manually fix:

  • Take full back up if possible, of all files and the database
  • Delete unwanted corrupted files and replace hacked files
  • Search through pages and/or database for additional corruptions and remove
  • Change password of admin users(and possibly users with other role as well)
  • Test, test, test
  • Take full backup when complete

Use the Force Plugin Updates plugin when you reactivate plugins.

Fix in bulk:

  • Manually remove hack on 1 site
  • Write script to do what you need
  • Run script on one single site
  • Test, test, test
  • Run script across multiple sites
  • Example scripts from Seth you can use on a host with cPanel (you’ll need root access to your server)

Step 3: Increase Security

  • Make sure everything is upgraded
  • Make sure backups are working; run a test first to insure
  • Have a security plugin
  • Use a password manager, LastPass, Dashlane
  • Send passwords/logins with Onetime Secret, or keep info in a notebook or offline
  • Do not sent the passwords via email – but message
  • Use Two-factor authentication (2FA), Clef, Duo, Google Authenticator
  • Remove unused sites
  • Check file permissions-don’t set it to 777 permission
  • Use strong passwords
  • Consider changing WordPress structure, because most hackers are trying to hack in bulk
  • Depending on your time, or if all else fails, hire security company (such as, Sucuri Security)

Summary

Be prepared for hack. Consider using the iThemes Security plugin. Another option is to set up Cloudflare security.

You may want to consider not turning on all the features, IP login. Whitelist log in IP.
When you’re adding a new plugin to a site, validate the plugin. Read reviews and check star rankings.

Check out the slides from Seth’s presentation.

Thanks to Larisa for taking and sharing photos from the meetup.

Additional Resources

February 2016 Developer Code Share / Show and Tell

Attendees seated waiting for meetup to begin

For our February 2016 developer code share/show and tell, four Metro Detroit WordPress Meetup members shared their tips and insights on WordPress development. Continue reading “February 2016 Developer Code Share / Show and Tell”

January 2016 WordPress Q & A Workshop Recap

At last night’s Q & A workshop, we had lots of great questions about WordPress, how to use it, set it up, configure plugins, style, and troubleshoot issues.

Glad to see so many new faces interested in learning about WordPress! Continue reading “January 2016 WordPress Q & A Workshop Recap”

Recap: WordPress Social Media & Security Basics

April’s Metro Detroit WordPress Meetup at United Way – Campus Martius included a pair of presentations on two popular WordPress-related topics; security and social media. Eric Malcolm delivered a crash course titled, “WordPress Security Basics” where he dove into the finer details of the iThemes Security Plugin. Following Eric, Angela Samuels explained how to take charge of social media with WordPress in her talk titled, “WordPress, Social Media and How it All Fits Together”. Here are my notes from those two talks, WordPress Social Media & Security Basics. Continue reading “Recap: WordPress Social Media & Security Basics”

Recap: WordPress Presents! How to Boost (or Even Replace) PowerPoint With WordPress

In his talk for Metro Detroit WordPress Meetup at United Way – Campus Martius, Jim Luke walked us through several different methods for embedding and displaying slide presentations in WordPress. Here are my notes from his talk, WordPress Presents! How to Boost (or Even Replace) PowerPoint with WordPress. Continue reading “Recap: WordPress Presents! How to Boost (or Even Replace) PowerPoint With WordPress”

What’s New with WordPress 4.1 and the Twenty Fifteen Theme – January 2015 Meetup

Monday, January 12, 2015
6:30 PM to 8:00 PM

For our January meetup, we’re taking a look at the recent WordPress 4.1 release and the new Twenty Fifteen default theme. Join us as our Metro Detroit WordPress leaders give an overview of the features and updates you can expect to find in WordPress 4.1 at the first meetup of 2015. Continue reading “What’s New with WordPress 4.1 and the Twenty Fifteen Theme – January 2015 Meetup”

Recap: VaultPress – A Plugin for Your Backup Needs

In her talk for Metro Detroit WordPress Meetup at Grand Circus, Jacklyn Stachurski, a happiness engineer at Automattic, walked through the history and details of the VaultPress plugin and how it compares to similar solutions on the market. Here are my notes from her talk on VaultPress: A plugin for your backup needs: Continue reading “Recap: VaultPress – A Plugin for Your Backup Needs”

Recap: The RESTful Future of WordPress

In his talk for Metro Detroit WordPress Meetup at Grand Circus, Hasani Rogers demystified key terms and discussed how WordPress’ new REST API is key for WordPress to survive the advent of Web 3.0, the semantic Web. Here are my notes from his talk, The RESTful Future of WordPress. Continue reading “Recap: The RESTful Future of WordPress”

Recap: 2014: A New Year, A New Theme & How To Improve the Accessibility of Your Site

At February’s Metro Detroit WordPress Meetup event at Grand Circus, Deborah Edwards-Onoro walked us through website accessibility and TJ List broke down the new WordPress default theme titled Twenty Fourteen.  Here are my notes for their talks, 2014: A New Year, A New Theme & How To Improve the Accessibility of Your Site. Continue reading “Recap: 2014: A New Year, A New Theme & How To Improve the Accessibility of Your Site”