Part 1 – Overview of the Process
In this seminar we show how to fix a hacked WordPress site to eliminate the risk of being blacklisted by Google and removed from the search results. When a site is hacked it can create a back door allowing files to be written into the WordPress system. Once the site is infected, the user can’t log in to the administrative panel. In this session, we give an overview of the process to go through in order to fix the problem.
Good morning everybody and welcome to this special seminar. It’s a beautiful sunny Saturday morning here in the Pacific northwest. But instead of being outside and playing in the mountains or throwing the ball for the dog or working in the garden, what we’re doing is fixing a hacked site.
The reason we have to do that instead of enjoying the sunshine is because unless we fix this hacked site, our site runs the risk of being blacklisted by Google and being removed from search results which, of course, is something that we don’t want to have happen.
This is a real live site. This is not just an exercise. This site is vashte.com and this site has been infected in such a way as we can’t even log in to the administrative control panel. You go to wp-admin hoping to get your log in screen. We end up with this white screen of death and we aren’t even able to log in to this.
Now the person who owns the site didn’t realize the site was hacked. She taught she had some other kind of a problem until she spoke to her host and said that the site had hacked files on it and was doing some rerouting and that was the cause of these problems. So this is a real, live issue that we’re going to try and fix here this morning.
Before we do that, I just want to give you a brief overview of the process that we’re going to go through. It really is sort of an 8-step process here. First, we’re going to gather all of the necessary information and files before we really get started. Secondly, we’re going to back up everything that we can and this backup is going to be different than backups that you might do because we aren’t able to get into the administrative side of it and perform the backup there. We’re going to have to do everything manually.
Third, we’re going to upload the necessary files. Fourth, we are going to run the WordPress installation then we’re going to check our database. Next, we’ll scan our site to make sure whether or not we have removed all of the issues. If our site is cleaned and restored then we’re going to back up our site again and we’re going to talk about some preventative steps to help solve this problem in the future.
Now the big idea here is that we are going to replace all of our files. The big idea here is we’re going to replace all of our files and we’re going to fix our database. Those are really the two big steps in this. The hacking of the site can really happen in one of two ways or the malware that’s on the site can show up in one or two ways.
First, it can create a back door and write its own files into the WordPress system. They’re clever enough to be able to make their file names read like regular files.It’s hard to determine simply by looking in a file list whether or not you’ve got all the hacked files so we’re not going to keep any of our old files. We’re going to remove our WordPress files, our theme files and our plugin files.
The only files we’re going to retain our customization files and we’re going to do a quick double check of those. We’re going to fix our database and that essentially means using a couple of algorithms to search our database for known hacks. If those things exist then we’ll remove them. All of those 8 steps can really be wrapped up into this one big idea: replace all of our files and fix our database.