Takeaways from Fixing a Hacked Site

Seth Alling

At last month’s Metro Detroit WordPress meetup, Seth Alling presented on hacked sites, discussing the causes and what you can do to prevent your site from being hacked.

Members shared some of their own stories of hacks as well as useful resources. It was a great discussion at the end of the talk; thanks to Seth for his presentation!

And thanks to new member Christine Zheng, we have a recap of Seth’s presentation. Here are Christine’s notes:

Fixing a Hacked Site

Hack Types

There are three common hacks:

  • WordPress plugin hack
  • Malware hack
  • Themes hack

There are many causes of hacked sites, including:

  • Poor hosting
  • Bad or poorly coded plugin
  • Out of date software, which can be targeted by malware
  • Improper file permissions

To find the cause:

Step 1: Use Shell commands

List file with improper file permissions
find .–perm 777

List php files modified within last day
find .-name”.php” –mtime 1 -print

List general-template.php files with base64
Find.-name “general-template.php” – exec grep –H”base64”{}\;

List general-template.php files with base64 in text file
find.-name “general-template.php” –exec grep-H”base64{}\;”>hacked.txt

Step 2: Establish Your Game Plan

Don’t just dive in, figure out the best solution. For example, if your host doesn’t provide shell access, contact your web host customer support.

Step 3: Remove Hack and Change Passwords

Find out what is really causing the problem.

Manually fix:

  • Take full back up if possible, of all files and the database
  • Delete unwanted corrupted files and replace hacked files
  • Search through pages and/or database for additional corruptions and remove
  • Change password of admin users(and possibly users with other role as well)
  • Test, test, test
  • Take full backup when complete

Use the Force Plugin Updates plugin when you reactivate plugins.

Fix in bulk:

  • Manually remove hack on 1 site
  • Write script to do what you need
  • Run script on one single site
  • Test, test, test
  • Run script across multiple sites
  • Example scripts from Seth you can use on a host with cPanel (you’ll need root access to your server)

Step 3: Increase Security

  • Make sure everything is upgraded
  • Make sure backups are working; run a test first to insure
  • Have a security plugin
  • Use a password manager, LastPass, Dashlane
  • Send passwords/logins with Onetime Secret, or keep info in a notebook or offline
  • Do not sent the passwords via email – but message
  • Use Two-factor authentication (2FA), Clef, Duo, Google Authenticator
  • Remove unused sites
  • Check file permissions-don’t set it to 777 permission
  • Use strong passwords
  • Consider changing WordPress structure, because most hackers are trying to hack in bulk
  • Depending on your time, or if all else fails, hire security company (such as, Sucuri Security)

Summary

Be prepared for hack. Consider using the iThemes Security plugin. Another option is to set up Cloudflare security.

You may want to consider not turning on all the features, IP login. Whitelist log in IP.
When you’re adding a new plugin to a site, validate the plugin. Read reviews and check star rankings.

Check out the slides from Seth’s presentation.

Thanks to Larisa for taking and sharing photos from the meetup.

Additional Resources

Advertisements

Author: Deborah Edwards-Onoro

Deborah Edwards-Onoro is a front-end web developer focused on user experience, accessibility, and WordPress. Founder of Lireo Designs, I create usable, attractive websites for businesses, nonprofits, and individuals. In addition, I offer WordPress site maintenance services, training and consulting. Organizer for Metro Detroit WordPress Meetup and Refresh Detroit. Former co-leader of Detroit User Experience, officer of Michigan Usability Professionals Association.