What if you’ve been hacked?

Reported attack page

It happens. You are cruising right along, suddenly your site isn’t working right, redirects your site to Russia or some spammy place, etc. You’ve been hacked!

Hackers don’t pick a convenient time.  Panic sets in.  All that work, down the drain, your website looks toxic, warning off all visitors, even in the search engine listings.

Stay calm and get it running asap.  Often they put some bad code into one of your php pages such as index.  Wordpress has thousands of files.  Can you imagine scanning code for the bad stuff in all those files?  May look something like

eval(gzinflate(base64_decode

Steps to Fix Your Hacked WordPress Site

  • Click on the Why has this site been blocked button. It has directions on what to do once your site has been cleaned up.
  • Call your webhost and let them know the problem.  They want it fixed too.
  • Clean out the bad code  My webhost – IX Webhosting has an automatic cleaner to do such at no cost to me, I just let them know. Not all web hosts provide that service.   Possibly they can go to a backkup file before your site was hacked.
  • If you host doesn’t have a cleaner, see which files where changed at time of hack, upload a fresh copy of WordPress, possibly your theme and plugin files too.  Easiest to to use a backed up copy of your blog before the hack.
  • Let Google know your site has been fixed if you site was banned and still has a nasty notice, let them know it’s been fixed
  • Fresh copies of WordPress if you still have issues
  • Use your backup copies Always backup your site, both the database and your files, we have plugins for that. :)  Worst comes to worst, simply get a new host and upload your saved files using your original domain name
  • Lock the doors and windows keep your WordPress site updated and look into other WordPress security tips
  • Make New Keys Think about it, if someone broke into the house, possibly with a copy of your keys, you wouldn’t just lock the door again knowing they may have the keys.  Change the locks.   Change the passwords to your sites.  Change the secret keys in your wp-config file.  And if you are running an older WordPress site, and updated it, it doesn’t mean your config file was updated.   It may not even have keys.  Save your wp-config file.  Then pull up your wp-config-sample and add their secret key stuff to your config file.  Check to make sure your site is still working.  If you don’t have your config file right, your site will not work.  Why I had you save a copy of your original config file.  You can always go back to it if needed.

Additional Resources:

Protecting WordPress from Hackers How to protect your WordPress site from hackers in the first place.

Share on TwitterDigg This

Please support WordPress 101 for Boomers by tweeting, liking, +1, sharing etc. this post using the buttons above.

Comments are always welcome.

Comments

What if you’ve been hacked? — 1 Comment

  1. Pingback: STOP! Visit Wordpress Tutorials for Baby Boomers to Learn, Learn, Learn

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv badge