WordPress websites can be one of the most vulnerable so you can get hacked as a result of popularity of the platform. Most of the time when people touch base for help, it is because their site was hacked once, they fixed it–and then it had been hacked again.
“Why did my WordPress website get hacked again when i fixed it?”
Whenever your WordPress site gets hacked for another time, it’s usually due to a backdoor created by the hacker. This backdoor allows the hacker to bypass the standard procedures for getting into your website, getting authentication without you realizing. On this page, I’ll explain how to get the backdoor and correct it in your WordPress website.
So, what’s a backdoor?
A “backdoor” is really a term referring to the method of bypassing normal authentication to find yourself in your site, thereby accessing your site remotely without you even realizing. If a hacker is smart, this is actually the first thing that gets uploaded whenever your site is attacked. This enables the hacker to possess access again in the foreseeable future even after you discover the malware and remove it. Unfortunately, backdoors usually survive site upgrades, therefore the site is vulnerable and soon you clean it completely.
Backdoors could be simple, allowing a user and then create a hidden admin user account. Others are more complex, allowing the hacker to execute codes sent from a browser. Others have a whole interface (a “UI”) that gives them the ability to send emails from your own server, create SQL queries, etc.
Where may be the backdoor located?
For WordPress websites, backdoors are commonly located in the next places:
1. Plugins – Plugins, especially out-dated ones, are an excellent place for hackers to hide code. Why? Firstly, because people often don’t believe to log to their site to check updates. Two, even if they do, people don’t like upgrading plugins, because it takes time. Additionally, it may sometimes break functionality on a niche site. Thirdly, because there are tens of thousands of free plugins, some of them are an easy task to hack into to begin with.
2. Themes – It’s not so much the active theme you’re using but the other ones stored in your Themes folder that may open your website to vulnerabilities. Hackers can plant a backdoor in one of the themes in your directory.
3. Media Uploads Directories – A lot of people have their media files set to the default, to create directories for image files based on months and years. This creates a variety of folders for images to be uploaded to–and many opportunities for hackers in order to plant something within those folders. Because you’d rarely ever check through all those folders, you wouldn’t discover the suspicious malware.
4. wp-config.php File – this is among the default files installed with WordPress. It’s one of the first places to look when you’ve had an attack, because it’s one of the most common files to be hit by code hackers.
5. The Includes folder – Another common directory because it’s automatically installed with WordPress, but who checks this folder regularly?
Hackers also sometimes plant backups with their backdoors. So while you may remove one backdoor… there may be others living on your own server, nested away safely in a directory you won’t ever look at. Smart hackers also disguise the backdoor to look just like a regular WordPress file.
What can you do to clean up a hacked WordPress site?
After reading this, you may guess that WordPress is the most insecure kind of website you could have. Actually, the most recent version of WordPress does not have any known vulnerabilities. WordPress is continually updating their software, largely because of fixing vulnerabilities whenever a hacker finds a way in. So, by maintaining your version of WordPress updated, you can help prevent it from being hacked.
Next, you can try these steps:
1. You can install malware scanner WordPress plugins, either free or paid plugins. That you can do a search for “malware scanner WordPress plugin” to find several options. Some of the free ones can scan and generate false positives, so it can be hard to learn what’s actually suspicious unless you’re the developer of the plugin itself.
2. Delete inactive themes. Get rid of any inactive themes you are not using, for reasons mentioned above.
3. Delete all plugins and reinstall them. This could be time-consuming, nonetheless it wipes out any vulnerabilities in the plugins folders. It’s a good idea to first create a backup of one’s site (you can find free and paid backup plugins for WordPress) before you begin deleting and reinstalling.
4. Create a fresh .htaccess file. Sometimes a hacker will plant redirect codes in the .htaccess file. You can delete the file, and it will recreate itself. If it doesn’t recreate itself, it is possible to manually do that by visiting the WordPress admin panel and clicking Settings >> Permalinks. When you save the permalinks settings, it will recreate the .htaccess file.
5. Download a brand new copy of WordPress and compare the wp-config.php file from the fresh version to the main one in your directory. If there’s anything suspicious in your current version, delete it.
6. Lastly, to be completely sure your site does not have any hack (beyond using paid monitoring services), it is possible to delete your website and restore it to a date that the hack wasn’t there from your hosting control panel. This will delete any updates you’ve made to your site after that date, so it’s not just a great option for everyone. But at the very least it cleans you out and provides peace of mind.
In the future, you can:
1. Update your admin username and password. Create a new user with Administrator capabilities, then delete the old one you’re using.
2. Use a plugin to limit login attempts. This can keep someone locked out following a certain amount of attempts to get in.
3. Password protect the WP-admin directory. This might be done during your website hosting control panel. If your hosting company uses cPanel, that is easily done with a couple clicks. Contact your host to figure out how exactly to password-protect a directory or execute a search for it on your own hosting company’s website.
4. Create regular backups. By backing up your site regularly, you know you’ll have a copy to restore the website with if it would get hacked. You can find free and paid plugins open to help with this, or you may be able to develop a backup of the complete account from your hosting control panel. Or, though slower but nonetheless an option, it is possible to download the entire site via FTP software.
In Repair hacked wordpress website of security, it can help to go on it seriously. Backing up your site is probably the best things to do, because your hosting company may not do that for you personally. Some may offer backups/restore features if you activate them, plus some may create random backups every few weeks. But you don’t desire to depend on the host because this isn’t within their scope of services. To become more certain, you should use paid malware monitoring services and plugins in order to watch your site and that means you don’t have to worry about it.