Eliminating Malware: Know How to Clean your Hacked WordPress Website

Are your visitors being sent to spam or is your WordPress site being redirected to some other site? This ordeal is a result of the hacking of your website. 

Though the security protocols are improvising day-by-day, the hackers remain one-step ahead and find a possible ways to break into your website. 

Website security is important, especially if it is built using WordPress. This is so because it powers 34% of the world’s websites and has drawn attention from the hackers. According to a survey, the WordPress malware infections rose to 87% in 2019. Among which 62% of website owners indicated that they weren’t aware of being hacked. 

How to know if your site has been hacked? 

There is no iota doubt that hacked websites misbehave. However, not always it implies that there are malware in your site. But by sleuthing the site’s log and looking for common signals,  you can determine if the hacker has infiltrated your site.

  • The website freezes continuously

  • Unnecessary non-added pop-ups 

  • Automatic redirection to other spammy websites

  • Obscene or unwanted texts in header or footer 

  • Auto-linking of keywords to external websites

  • Notice from hosting provider regarding malicious activities

Once it is ascertained that the site is hacked, using FTP backup your entire website. This is done in order to prevent data loss as the majority of the times, the hosting providers will delete the website upon being hacked. This is followed by cleaning the WordPress website. 

However, there are several factors you should know before cleaning the site. 

For instance, 

  • The wp-includes and wp-admin directories rarely consist of newly added files. 

  • Normally, there exists only one theme directory that is utilised for the site in the wp-content/themes directory. On knowing which one it is, you can eliminate all other theme directories. However, if you have a child theme, then you may be deploying two directories in wp-content/themes. 

  • On deleting anything in the wp-content/plugins/ directory, you won’t lose data as those are plugin files and be reinstalled. However, WordPress will automatically detect if a plugin is deleted and will disable it. 

  • Watch out for antiquated WordPress backups or installations. Upon being hacked, they are likely to be full of malware. 

How to get your website back to its original glory? 

Cleaning a hacked WordPress website is easier said than done. With Google enforcing 30 days ban on-site reviews, it has become more important than ever to clean the site thoroughly. While you can take assistance from professionals or use online tools, you can also remove the malware manually.  

The steps involved in the manual website cleaning process are as below-mentioned 

Backup database & site files - If you are utilising web host’s snapshot feature, backup your entire site using the same. This will thoroughly save your complete server. Next, if you can log in, use a WordPress backup plugin and prepare an additional backup of the database. 

Examine the backup files - On identifying which version of backup of your site is free from malware, inspect files to determine the missing details. For example, 

  • wp-config.php file - Look for names, usernames, and passwords in your WordPress database.
  • wp-content folder - Check for folders such as uploads, themes, and plugins. 
  • .htaccess file - This file will be invisible. To view this file use an FTP program or coding application. 
  • Database - It must consist of SQL file, an export of the database. 

Format WordPress folder - Upon verification and obtaining a complete set of backup, the next step is to delete all the WordPress files (except server related files). Typically, the WordPress files will be in the public_html folder. But if you have utilised any other location, select it and delete the files.   

Reinstall WordPress - Reinstall WordPress in the public_html directory (if it was the original location of installation) or in the subdirectory (if it was installed in the add-on domain). To connect the new WordPress installation with the old database, edit the wp-config.php file on the new installation of WordPress and access the database credentials from the former site. 

Reset passwords & permalinks - Login to your website and reset all the names, usernames and passwords. Next, go to settings -> permalinks -> save changes, to restore .htaccess file to enable the working of your site’s URL. in addition, ensure to reset FTPs and hosting account passwords.

Reinstall plugins & themes - Reinstall all the plugins and themes from fresh downloads or WordPress repository. Avoid the installation of old & unmaintained plugins and usage of antiquated themes. This step solely depends on the type of backup selected. If a complete backup was chosen, you can opt for the backup recovery approach.

Restore backup - One method of restoring is to recover the site from backup. If not carefully examine each & every folder in your backup, ensure that only the relevant files are included in the folders and then restore them. Make sure you use the same plugin to recover the site which you used to backup the site.  

Scan the system - Run a full site checkup to ensure that all malware, trojans, etc. are eliminated. After ensuring that the site is free of malware, remove the warning message by submitting your site for Google review. 

Looking out for reasons for website hack is a tricky process. Have an eye for detail, identify the reason behind your website being hacked, work on it and fill the security loopholes.

 

 

 

Leave a Reply