It appears there is a whole lot of WordPress website hacking going on. We recently fell victim to a brute force attack. They were able to compromise one of the websites that was hosted on our platform. The reason we were compromised was due to one of the websites we hosted was well behind in the updates of WordPress and without a security plugin. The result of an attack is a huge pain. We caught the compromise fairly quickly and were able to rectify the problem.
Ironically shorty after our situation, we received a number of requests from friends and colleges who ran into the same situation. So we took a moment to document one of these clean ups to help those of you that may have run into this problem.
How to clean up a hacked WordPress site
Important: these instructions may or may not fix your hacked site. We are not responsible for any damages or liable if you follow these directions and you break your site.
- First we installed the Securi Security plug in. Click on the Malware Scan tab and click the Scan Website button.
- At this point we had a confirmed malware issue.
- We then ran the core integrity file checker in Securi Security found on the dashboard and either deleted or restored the files that the checker found. If you are unsure to restore or delete, find someone that knows.
- Then we installed Anti-Malware and Brute-Force Security by ELI
- you register the site and download the latest definitions (no need to pay to check the core files, you just did that with Securi Security Plugin)
- run the scan (takes some time)
- our scan found a number of infected files
- quarantine the known vulnerabilities not the potential
- go to quarantine section and delete the files
- Go back to Securi Security, click on the Malware Scan tab and click the Scan Website button.
- at this point our site came up clean
- We went to the Hardening tab in Securi Security and selected Harden on most of the options
- Website firewall is a premium pay feature
- We did not select the Database Tabel Prefix – BE SUPER CAREFUL, this will break the site!!
If you have a WordPress site and don’t have a security plugin installed, we would recommend you download one of the following plugins right away. They are all free and offer premium (pay) services if you are willing to pay for additional security.