Build Your Own Business Website header image

How to Identify and Repair a Hacked WordPress Site – Question & Answer

Difficulty Level -

Whoops, you've found some premium content!

Watch the opening clip of this video to preview it,
the full video is available to paid members.

Rick: Anything else?

Lewis: Rick, this is Lewis. How do I set my computer back 2 days?

Rick: I have no idea.

Lewis: Okay. Yeah because when you mentioned about virus on my desktop that can enter into a WordPress site, I know there’s a way where you can reset your computer to a particular day and time and so since all this started happening yesterday, now you got me thinking do I have a virus on my computer? I was wondering if I can go back like 2 days and see if that makes a difference in the impression of my computer, everything on my desktop. You just got me thinking so yeah, I mean if you don’t know that one then we’ll skip that one.

Rick: Yeah, I have no idea. You know, I only backup data, I don’t backup a whole computer and so I don’t have a system for sort of setting the clock back 2 days.

Lewis: Yeah.

Rick: So can you hear the wind at the background or can you hear the wind on the microphone?

Lewis: Yeah, the wind blows and once in a while it gets a little hard to hear you.

Rick: Dang. Okay, so much for sitting outside in the sunshine and working. Okay, let’s see SlowMo says that Windows has a system restore function, I don’t know how that works. I guess right, restore system files, I don’t know if that would fix your problem or not but definitely something to look at and see.

Lewis: Okay.

Rick: Okay so I’m going to open it up to other questions here. There are a bunch of comments people have made so if you’ve got a question, why don’t you post in the question box now. SlowMo asked can I explain which folders I left out of BackupBuddy and why. I left those folders out of BackupBuddy very specifically so that, I left folders out there were not related to this specific WordPress installation, right. This copy of WordPress was installed in the root of her hosting account and she had a whole bunch of folders that may be related to other WordPress sites that would just slow down the backup process and all I really want to do was backup that one WordPress website which is essentially then wp-content, wp-includes and wp-admin and then all of those individual wp files so that’s why I excluded them from the backup because I didn’t want extraneous files backed up.

As how do I know that your backups aren’t bringing along the malware, actually they were. The backup was backing up the whole site and so was backing up all of the malwares as well. I just didn’t want to delete, I just wanted to have another copy of the data essentially. I want something back to full back on if things went wrong and so it was just another level of data protection, yes the data was corrupted but you saw how I used you know, potentially a suspect data and checked it to make sure that was sanitized so I think that already answered how it got hacked, I have no idea how it got hacked.

Let’s see, Jeff. Jeff pointed out that the problem I was having was I was using a database that was not compatible with WordPress 3.8 which was what my files were and I suspected that was the case but I appreciate the fact that he actually figured out why.

Let’s see, next, “Instead of a plugin if we write our own code can the hacker still have the same access as a plugin to hack through the code?” Well, sure. Okay so if you’re not writing your own code, unless it’s very simple code you have to learn something about data sanitization and if you look at my older series on Customize Thesis Like a Pro, I talked about how to sanitize data when you bring in the database and when you export it to the webpage.

Data has to be sanitized and that data sanitization is something that happens in the context of WordPress, not Thesis or Genesis necessarily but WordPress specifically. If we look at “wordpress sanitize input” for a second, Data Validation, that’s what they call it. So you’ve got output sanitization and you’ve got input validation and so any plugin-like activity that you are writing on your own, you need to make sure that you understand how the stuff works and use it especially if it asks for information from you and then displays that information on a webpage.

So I’m going to teach some more about this and if you’ve got code that you want me to comment on just feel free to let me know but you definitely need to sanitize your data that’s both brought into the database then it is also placed on the webpage and if you just look up the codex.wordpress.org/Data_Validation, this is sort of the bible about it. Anybody else have a question? This is actually quite a bit longer than I thought it would although I also didn’t expect the problems that we had. I expected that my exported database would work and once that stopped working, everything got a lot more complicated.

0 Comments… add one
0 comments… add one

Leave a Comment