Build Your Own Business Website header image

How to Identify and Repair a Hacked WordPress Site

Difficulty Level -

Filed Under Topics - , ,

Listed Under Lesson Subjects -

Applies to -

Learn how to identify and repair a hacked WordPress site by following the steps outlined in this seminar. We show how to identify specific problems and what steps to take to fix them. Then we talk about specific actions you can take to prevent your site from being hacked in the future.

Introduction – The Symptoms of the Hacked Site

  • Identifying the symptoms of the hacked site
  • Who is this seminar for?

Step 1: Identify the Problem

  • Where can the problem be?
    • Your browser
    • A plugin
    • Your theme
    • You may have been hacked
    • WordPress
    • Your server
  • Ask yourself – “What has changed?”
  • Is the problem due to your browser?
    • Make sure the problem exists in a variety of browsers
  • Is the problem due to a plugin?
    • Deactivate all plugins – if the problem goes away then it is a plugin problem
    • If the problem doesn’t go away:
    • Check to see if there are any caching plugins that add files
      • If there are, delete those files
      • If the problem goes away – then it was the caching plugin
      • If there aren’t, then the problem isn’t with a plugin
    • Leave all plugins deactivated
  • Is the problem due to the theme?
    • Switch to the default WordPress Theme – if the problem goes away then it is a problem with the theme
    • Check custom functions – do you have any custom code?
    • Check your theme settings – resave them
    • If the problem doesn’t go away leave the default theme
  • Is the problem due to hacking?
    • Test the site on Sucuri
    • If Sucuri finds malware – then fix it.
  • Is the problem due to WordPress?
    • if the problem persists with no plugins and the default WordPress theme and there is no evidence of hacking then the problem is with WordPress.

Step 2: Prepare to Repair the Hacked Site

  • Change your Admin passwords
  • Do a full backup of the site
  • Download a backup of the database
  • Export WordPress content
  • Make a list of all plugins to reinstall
  • Get the database login information from wp-config.php
  • Make a note of the WordPress version

Step 3: Remove the Existing WordPress Installation

  • Create a new folder in cPanel
  • Move all of the WordPress files into that folder
  • Drop all the tables from the database

Step 4: Reinstall WordPress Manually

  • Download a copy of WordPress – make sure it is the same version
  • Upload the copy to the site
  • Unzip the files
  • Run the installation

Step 5: Reinstall the old database

  • Export the new database
  • Drop the new database tables
  • Import the old database

Step 6: Sanitize the old database

  • Search the posts table for iframes
  • Search the posts table for <noscipt
  • Search the posts table for display
  • Search the entire database for hack related text

Step 7: Finish the Restoring the Site

  • Move wp-content/uploads
  • Install the Theme and activate – from fresh copies
  • Install the plugins and activate – from fresh copies

Step 8: Final Steps

  • Test to make sure it works
  • Scan again with Sucuri
  • Backup the site

How to Prevent Your Site From Being Hacked

  • Non standard usernames and strong passwords
  • For WordPress Admin
  • For Hosting
  • Keep WordPress up to date
  • Keep Plugins up to date
  • Avoid plugins from sources you don’t trust
  • Have a regular backup routine
  • Protect your site with Sucuri

Question and Answers

Bonus Video – What Happens When the Database Restore Fails

0 Comments… add one
0 comments… add one

Leave a Comment