How to clean and recover a hacked or infected WordPress
If you suspect that your WordPress website has been infected or hacked in some way the least you want is greetings and hugs, or explanatory statements, so let’s get to the point to see step by step what we do if we believe or are sure that they have infected or hacked our WordPress website .
How do I know if my WordPress website has been hacked or infected?
First of all you should check if your WordPress website has really been hacked or infected in some way.
There are several possible symptoms that your WordPress website has been hacked, these are the most common:
Your site is redirected to another URL : Unwanted redirects can occur when a hacker adds a script that redirects people to another site when they visit yours.
You cannot access : Before drawing conclusions about the hack, make sure that it is not that you have forgotten your password. If you conclude that forgetting your password is not the problem, a hacker may have changed your password to prevent access or deleted your account.
Sudden traffic drop : This can happen if a malware or Trojan hijacks your WordPress site traffic and redirects it. Traffic drops also happen if you end up on Google’s block lists, something that can happen if your website is hacked.
Your site was changed : Changing from a home page to a static page with links to nasty sites, or a footer with links that you didn’t add, are all good signs of hacking. Changes to the site can occur if a hacker gains access to your administrator, the file system or – less frequently – the database. Be sure to check with the other administrators who have access to your site to confirm that they have not made the changes themselves.
Bad links are added to your website : Like changing your site, this can happen if a hacker has access to your administrator, the file system or the database.
Unknown file scripts : If you find this, it could mean that your website was compromised by a hacker who added malware or some other malicious software. This can happen if your website is susceptible to attack (for example, if you have an outdated or insecure WordPress theme, plugin or installed).
Suspicious user accounts in WordPress : Your site may be compromised and a hacker has created a new account in the administrator. If you have the registration option activated on your site, be sure to check that it is not a simple user. Typically, a hacker account will have an administrator profile.
Unable to send or receive emails with WordPress : Usually caused by hacking the WordPress mail server.
Increase in unscheduled tasks : If a hacker gains full access, they could increase scheduled tasks on your web server, including all kinds of malicious executions.
You receive notifications from the security plugin : The security plugin could give you security reports and let you know about suspicious activity. If some red flags occur, you may have been hacked.
A slow or unresponsive website : A DDoS attack can cause your website to show all kinds of connection errors or simply that its loading speed is suddenly excessively slow.
The hosting company has deactivated your website : Sometimes there are shared hosting companies that, to guarantee the security of the rest of the websites, may completely deactivate your website, sometimes notifying you, and not always in advance.
Google warns that your site may have been hacked : Google may display a warning sign when your site is searched. This can be an indication that the WordPress sitemap or part of the installation has been hacked, from any of the above methods.
How do you know what kind of infection or hack it is?
You can do this using scanning tools , which can locate malicious code. Also, it checks for any vulnerabilities in the WordPress core files, located in the wp-admin , wp-includes and other root folders.
Among the many online tools that you can find, I recommend checking Sucuri sites , with a huge database of possible infections, hacks and malware.
Other online services for the detection of vulnerabilities, hacks and malware that you can use are the following:
Mozilla Observatory – Analyze the security of your website as a whole, offering details of vulnerabilities and opportunities.
Inmuniweb – Complete free online service for analyzing security vulnerabilities, including those specific to WordPress.
WordPress Security Scanner – Specific vulnerability detection service for WordPress sites.
Google Safe Browsing – Google’s tool to check if your website has insecure content.
About Us
We are BE OF THEM, a team specialized in the field of digital marketing and programming, our headquarters is in Germany, and our activity has expanded to reach all parts of the Middle East, especially the Arab Gulf countries.