WordPress is considered the largest Content Management System (CMS) in the world, powering more than 35% of all websites. WordPress is powerful and easy to use. Its popularity also makes it a popular target for hackers. This means that if you do not take necessary precautions, your beautiful site may become a victim of the unsavory dark world. The injected malware may be used to send spam or run botnets. You can check out this article to learn why hackers do what they do.
So, what do you do when you get hacked?
There are many ways a WordPress site can get attacked. While this article may not be exhaustive, it gives some very important points that should help you get your site back online and better protected from further compromise.
Replace all your WordPress and plugin files
WordPress releases updates regularly to fix security loopholes that hackers can take advantage of. Sadly, most of us are guilty of not updating our WordPress sites regularly, and this eventually leads to our sites getting hacked. In many cases, the hacker would upload a file (or more) after first gaining access to your site. This will allow the hacker to have access to your site even if you do update your WordPress site. So instead of just performing an update, I recommend you replace all the files. This helps to ensure that any file uploaded by the hacker are taken care of. You can achieve this by following the steps below:
- Create a backup folder in public_html and move all the content of your WordPress site there
- Download the latest version of WordPress from here.
- Unzip the downloaded WordPress files and ensure that all the files are in your public_html folder
- Copy wp-config.php from the backup folder to public_html. This will allow your new WordPress site to communicate with your database. Ensure you examine this file properly to be sure no malicious code is included in this file
- Reinstall your WordPress theme. It is best to download a fresh version as the old theme may be compromised already.
- Copy your uploads from wp-content/uploads to the same location on the public_html folder.
- Reinstall all your plugins with the latest version. This is essential as the existing plugins may have already been compromised.
- Copy the .htaccess file from your backup to public_html. Make sure you examine this properly to be sure there are no suspicious codes in it. Hackers are fond of injecting codes in this file.
- Once you are sure your site loading fine, delete the backup (or save it on your local system). It is important that this backup is no longer active on your hosting account because it probably still contains malware.
Secure your uploads folder
Many times, malware is uploaded in the wp-content/uploads folder. To prevent PHP files from running from your uploads folder, take the following steps
- Create an empty file called .htaccess inside your uploads folder
- Edit the file and enter the following codes
deny from all
This rule will prevent PHP codes from running within your uploads folder
Secure your WordPress installation
Now that you have removed the malware, you need to secure your WordPress installation. Take the following steps to do just that
- Change the passwords of all admin accounts that have access to your WordPress site.
- Upload a WordPress security plugin. A good option is the iThemes Security plugin. The iThemes plugin comes with some configuration options that should help harden your site. You may also try WordFence and Sucuri plugins.
- Get a scanner that regularly checks your site for malware. I recommend SiteLock, which performs regular scans and removes malware found. It also helps with security tips.
- Keep regular backups of your site and download them safely. It is best that these backups are not stored on your hosting account. You may try out CodeGuard, as this performs daily backups of your site safely away from your hosting account.
- Scan your laptop and any other device you use to log in to your site regularly.
I believe these steps should help keep hackers at bay. If you have any questions, feel free to leave a comment below. Stay safe!