So, you are also a victim of sneaky hackers who hack other people work just for fun. Recently, one of my dearest blogs got hacked. It was a pain to clean all the stuff and increase the security on the blog.
It is kind of script that is injected using “base64_decode” and loads in your header. You cannot see with simple page source option. Google will show malware warning or “this site may harm your computer” or “site may be compromised” warnings. Or worse! Your whole blog is hacked, and nothing left…
First of all, stay calm! Yes… It is very important because if you don’t know what would be the proper course of action, you may lose all the data on your website by making silly step. Follow these steps to clean your files.
1. Single best advice is to contact your web host immediately. Every good web host provides free of cost scanning and cleaning of viruses, malwares and hack scripts. If they don’t, they will guide you where is the actual problem originated.
If it is a simple hack, then you can ask them to restore the latest back-up. Make sure the latest back-up is clean from hacked or malware files. These steps usually solve 90% of the problems, but what if your web host does not keep the latest backups? Get a good web host buddy!
2. This step is for experienced persons who can dig into coding and replace them. The severity of attack can vary. If it is a well cloaked script loading somewhere on your home page or other pages, then check these tools for what is actually behind your website. Rex Swain HTTP Viewer and Redleg’s File Viewer (redleg is a top contributor in Google’s webmaster forums who helped me).
You can see the actual coding that you cannot see with the page source command. Now you need to run a simple script by uploading it to root folder. Redleg’s basecode finder will help you find the files containing all the base64 coding. Read the instructions on setting-up this file on the link. Now you know the files having base64 code. Replace them with fresh copies or clean them. You can also check 25 years programming for finding hack scripts. This will solve 70% of the problem.
3. You have deleted and replaced all the contaminated files, but no use. This option is for experienced people with having wordpress knowledge. First, you need to backup your blog files in your computer, including wp-config.php (whole installation or just wp-content). Download a fresh copy of WordPress from wordpress.org. If you have custom theme installed, then delete all the files inside themes folder. Now start replacing all the files it is important that you delete all the files that you don’t know how they got in your root folder.
When everything is completed, you need to open wp-config.php and copy the database users, name and passwords to new wp-config. Install the themes and plugins you deleted previously. Change all your FTP, Cpanel, wordpress admin and email passwords. This will solve 99% of your problems if you do everything right!
How to Protect and Increase Security?
Now you have cleaned everything or you never been hacked and wanted to increase security. You can use these steps on your own discretion!
1. You can install the plugin CHAP Secure Login. It encrypts passwords using CHAP protocol. You can download it from http://wordpress.org/extend/plugins/chap-secure-login/ and find information on Wikipedia http://en.wikipedia.org/wiki/Challenge-handshake_authentication_protocol. You don’t need to configure this plugin just activate!
2. Login Lockdown is a useful plugin that block IPs after several authentication failures download here http://wordpress.org/extend/plugins/login-lockdown/.
3. WP Security Scan is a good plugin that scan your website for possible malware, scripts and codes. You can download it here http://wordpress.org/extend/plugins/wp-security-scan/.
4. AskApache Password Protect is a powerful plugin, but do not use if you don’t know about .htaccess files. This plugin is not recommended for new users because you may lock yourself from accessing your blog ;). Download the plugin http://wordpress.org/extend/plugins/askapache-password-protect/
5. Protect your wp-config file by adding this without brackets and quotes to your .htaccess file: (“<FilesMatch ^wp-config.php$>deny from all</FilesMatch>”).
6. This is a recommended plugin and if you can get a Pro version. Download the plugin here http://wordpress.org/extend/plugins/bulletproof-security/.
7. Change your passwords and DB passwords after some days.
8. Blocking the wp directories from search engines will help you hide your installations. Simply add this string without brackets to your robots.txt file (Disallow: /wp-*).
9. I have seen few people keep running old version of WordPress. It is highly recommended to keep the WordPress installation to latest.
10. You can read more information on hardening the security on WordPress http://codex.wordpress.org/Hardening_WordPress.
These steps will help you protect your blog from possible hack attempts. However, there is a risk of getting hacked because hackers are good at what they do! You will be 100% safe when hackers realize to put their efforts and energies in positive manner or for good causes.
If you have additional security tips, please add in the comments.