How to repair WordPress from hackers!
Version: 12.1
Revision: 13 Build 11
How to repair WordPress from hackers!
Introduction: When you are working really hard and gained good amount of visitors, then your blog is considered as a target practice for hackers and cyber-space criminals. In other terms, if you get hacked by these ‘god-who-knows’, then you are in big trouble! This can potentially effect your page-rank, offend honest readers and infect other reader’s computer; making you as an unwilling promoter to subject materials that are not related to the article or your blog. Nevertheless, this issue can also be classified into many categories, for example: “spamming with SQL injection, rude topics, swearing and pranks.” But, the worse dilemma is losing your articles and valuable contents. However, if you are a victim, it is best not to postpone on the clean up process, since a speedy restore will generally minimize the damage that was caused by the hackers.
From the other hand, there are many sources that will suggest you to upgrade your WordPress to the latest version. However, there is a flaw in the upgrade, as most users will not notify you that the hacker may have left a backdoor (hidden file) in a directory where it wouldn’t get overwritten with the actually upgrade. Therefore, I am writing this article to completely clean and restore a WordPress installation that was hacked beyond repair.
1.] Backup your website and database.
Backing up a hacked copy of your blog or database, it is still a crucial process as it contains valuable information, files and documents.
You really don’t want to lose your data if something goes wrong with the cleanup process.
2.] Create a copy of your uploaded files and images.
Images are generally safe from posing a security risk and ones which you uploaded, yourself (for example: the ones that was included with a theme, for instance) will be harder to trace and replace after things are fixed again. Therefore, I would recommend you to grab a copy of all the images in your uploaded folder to avoid broken images in your posts. If you have any non-image files that may possibly been compromised, such as zip files, plugins or php scripts that were offered to the public, it is best to grab fresh copies of those from the original source.
3.] Download a fresh copy of WP, plugins and ‘clean’ template.
Upgrading WordPress automatically, it will make life easier for you and everyone! However, it will only replace specific files and it doesn’t delete obsolete ones. It will also leave your current themes and plugins in its original place. This means, if you upgrade a blog that has already been compromised, it can very well leave attackers the same or different door to get back in. So, please understand and start from scratch as far as your file portion and installation goes.
4.] Delete all files and folders in WP directory & upload!
FTP protocol = Slower (depends on your file size and folders).
Cpanel Manager = Faster (depends on your server responses).
When you have a fresh copy of all your files and folders, you will need to completely wipe (Erase) the entire directory and structure of your blog. This is the only (possible) way to completely remove all infected files. You can do all of these through FTP protocol, but due to the way that FTP handle folder’s deletion, this can be slow as hell! This can also disconnect you from your server, due to flooding with FTP commands.
If you have Cpanel, you can easily compress everything within a Zip file and extract them within the server.
Notes: if you are planning to upload any files and folders within a compressed ‘Zip’ file, then there is a good chance that your codes not broken or corrupted. So, please use Cpanel if you have large project. It will also save you time and bandwidth!
6.] Run a database update!
At this stage, you will need to give WP a little boot in the backside. It means, you will need to point your browser at “/wp-admin/upgrade.php”.
7.] Change your Admin password!
From this level, if you have more than one Admin, and you can’t get the others to change their passwords, then you will have to change their user levels (privileges) and notify them to change their password. However, if there is anyone in your user-list that has ‘editing’ capabilities, and you don’t recognize them, it’s best to kick (remove) them out of your blog. But, for best practice, I would recommend you to delete everyone and tell your staff to register again.
8.] Check all posts and articles for ‘iframe’ hacks!
Inside your Cpanel, you will need to direct yourself to “phpMyAdmin” and run the following SQL scripts.
This script will search your SQL database for hidden iframes, script injection and display.
Also, please note that you can delete these rows if it exists (it should be rebuilt dynamically)
———————————-
SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' SELECT * FROM wp_posts WHERE post_content LIKE '%noscript%' SELECT * FROM wp_posts WHERE post_content LIKE '%display:%'
———————————-
If you want to combine the above script into a single batch – process, you can use this scripts as an alternative.
———————————-
SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' OR post_content LIKE '%noscript%' OR post_content LIKE '%display:%';
———————————-
9.] Double check your blog (for a second time) and look into your SQL database for anything suspicious!
Finally, keep a lookout at all time and manually update your WordPress!
Copyrighted By Lair360
