WP Website Hacked? Scan & Clean Hacked WordPress Site
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.
WordPress hacked ā these two words strike fear and confusion into the hearts of site admins.
A hacked WordPress website can mean loss of:
- Traffic;
- Revenue;
- Brand Value;
And days worth of struggle in trying and failing to clean it up.
This is especially true for WooCommerce sites where you can literally see your store losing money in your dashboard!
The most confusing part is that you probably donāt even understand if your WordPress site is really hacked or not. WordPress can malfunction quite a lot.
So, most people do the logical thing and install a malware scanner plugin. Then they realise that most of them donāt do a good job of cleaning the site.
The worst part?
While youāre struggling to get your life back on track, the hacker expects you to fail at cleaning your site.
Time to hit the reset button.
In this article, weāre going to help you:
- Find out for sure if your website is hacked or not;
- Figure out what kind of malware has infected your WP hacked website;
- Clean your WordPress hacked site in 3 minutes;
- Understand the consequences of getting hacked;
- Learn how you can get hacked and how you can prevent it;
Weāre going to help you get back on track no matter what the situation is.
Letās dive in.
TL;DR: The most efficient way to fix your Hacked WP website is to use a WP Website Hack Cleanup plugin. There are other ways to do it, but we donāt recommend using manual cleanup methods as they can wreck your site completely.
Do You Really Have a Hacked Website?
We know that youāre confused.
Do you even have a Hacked Website?
The nature of WordPress is such that it can malfunction quite a lot. In many cases, the site isnāt hacked. Itās justā¦ in regular trouble.
So, whatās an easy way to tell for sure that your website has been hacked?
Install MalCareās FREE malware scanner.
It takes:
- 1 minute to install;
- 1 minute to scan your site;
In 2 minutes, youāll know for sure if you have a hacked website on your hands or not.
MalCareās malware scanner is a super-lightweight plugin that creates a copy of your hacked WP website on a dedicated server. Once the copy is made, MalCare runs complex scanning algorithms to pinpoint the malware on your site.
This way, the scan is deeper and more accurate than any other malware scanner plugin.
The best part?
Thereās absolutely no load on your server. Also, itās totally free.
MalCare uses a learning algorithm to keep getting smarter over time by facing more malware.
Hereās what you need to do to scan your site for malware:
- Step 1: Install MalCare on your site
- Step 2: Let the malware scanner run automatically on your site
Thatās all!
The entire process takes a couple of minutes at best. If MalCare suggests ā you donāt have a Hacked WP Site, then you need WordPress troubleshooting advice instead.
But if MalCare says that you have a WordPress hacked site, then you need to follow along with the cleanup process later on.
Either way, you need to scan your site first with MalCare.
Common Symptoms of Some WordPress Hacked Websites
Letās diagnose your hacked WordPress site now.
Weāre going to pinpoint the problem and find a way to fix it so that you can go back to making money again.
Itās highly likely that you found this article because of one or more of these symptoms.
Donāt worry.
We have articles on how to clean up common hacks and once we pinpoint your problem, we can talk about the solution.
Even if your WordPress hacked site has uncommon malware, thereās some good news:
āAlmost all malware are variants of some other malware. Malware is just code at the end of the day. There are many ways to hack a WordPress site and many ways to infect it. But the ways in which hackers operate are almost always constant. Understanding the outcome is the best way to understand the hack ā and then remove itā
ā Akshat Choudhary, CEO of MalCare
In short: you need to find a way to clean your site to stop the hacker and take control of your life again.
Letās take a look at the most common symptoms of a WordPress hacked site:
1. Google Chrome Shows A Warning When Visiting Your Website
One of the most telling signs that your site is hacked is to have Google Chrome tell your visitors that the āsite ahead contains malware.ā
A browser notification for WordPress hacked sites comes from Google Safe Browsing.
In fact, Opera, Chrome, Firefox, and Safari all use Googleās blacklist to verify compromised sites and notify users of malware.
A notification like this can instantly destroy your reputation and traffic. For WooCommerce sites, it can end your business completely.
If this is what you are going through, take a deep breath. We understand how annoyed you are right now. This is one of the most ambiguous notifications ever. Itās a very public notice that your website is hacked. At the same time, it says NOTHING about whatās actually wrong.
Then jump ahead to read how to clean a WordPress hacked website.
2. Google Search Console Sends A Message Saying Your Website Is Hacked Or Has Malware
If a major part of your business is SEO-driven, then you are no stranger to the Google Search Console. If Google detects malicious content on your WordPress hacked site, it will send you a message on the Search Console that looks like this:
Google will recommend that you use āFetch as Googleā to find the malicious code. But this is not a good idea. Using Googleās scanners is fine for a surface-level scan. What it does is look for obviously malicious code in the websiteās HTML and javascript.
So, whatās the problem?
The problem is that a WordPress hacked site is usually infected with malware that is very well-hidden. An HTML scanner isnāt enough to pinpoint the origin of the hack.
We recommend using a server-level scanner to uncover the real problem.
Sign up for MalCare for a one-click scan and it will find the most complex malware in 60 seconds.
Additional Resource: How to Remove Googleās āThis Site is Hackedā Warning
3. Your Hosting Company Disabled Your Website
Most hosting companies scan their servers regularly for WordPress hacked websites. There are some telltale signs that hosting companies look for:
- Excessive usage of CPU resources
- Spam emails sent out in bulk
- Blacklisted domains on Google, Norton Safe Web, Spamhaus, etc.
And they usually send a very confusing email:
In certain cases, hosting companies even have partnerships with hosting companies for regular malware scans. Check out this article on how MalCare provides Cloudways with bot protection.
If this is the situation you are in, then you need to act quickly before itās too late.
Some hosting companies like GoDaddy will try to push their own security service on you. While this seems to be a decent idea, itās really not. Most of these services will charge you a LOT of money each time you get hacked. It can also take weeks to get your site cleaned by a service.
In the meantime, your site will keep losing traffic, revenue, and brand value.
Read all about how MalCare has helped WordPress hacked websites on GoDaddy.
4. Outbound Ports 80, 443, 587 and 465 For Your Account Are Blocked
Hosting providers such as BigRock, GoDaddy, and HostGator will first issue a warning before they delete your site. When they send you a warning email, they will also lock down outbound ports 80, 443, 587, and 465 so that the malware on your site does not spread.
Most of their accounts are shared hosting accounts.
So, their first priority is to contain the malware and stop one WordPress hacked website from infecting the other sites on the same server.
Again, if you havenāt already ā scan your site for malware right away.
5. Customers Complain About Their Credit Card Being Illegally Charged
WooCommerce users: If you have a hacked WordPress website on your hands, this is a big one for you.
You know for sure that your site is hacked if your customers are complaining about their credit cards being used without permission. WooCommerce databases store all the information a hacker would need to steal credit card information.
Usually, this is indicative of a backdoor in the code ā an entry point in a WordPress hacked website that hackers can use to access your files and database anytime they please.
This sort of attack can come from absolutely any kind of malware thatās written well enough.
Jump straight ahead and learn how to clean your WordPress hacked site.
6. Your Emails Are Sent To The Spam Folder
If your email inbox sends out too many emails that are spammy, most email inboxes will send your future emails straight to the spam folder.
Hackers can use your WordPress hacked website to send a ton of spam emails to users around the world.
If your āSentā folder is full of emails that you DEFINITELY did not send, check out our article on what to do if your website is sending out spam emails.
7. Your Website Becomes Very Slow
Site speed is not a great indicator of malware. There are lots of things that can slow down a WordPress website. The simplest way to understand whatās happening is to head over to GTMetrix and generate a site speed report.
Pro Tip: Use the Waterfall chart to understand which components of your website take the longest to load.
If you see something out of the ordinary here, you may be infected with malware.
Some of the most common malicious attacks that slow down your site are:
The good news is that all these hacks can be cleaned up.
Just in case you feel a little lost: Donāt worry. Itās perfectly normal to feel a little overwhelmed. Weāve been in this business for over 8 years now. Thatās why we donāt bat an eyelid at malicious code and different kinds of hacks. For someone new to this world, this can be a lot to absorb ā especially if youāre dealing with a WordPress hacked website for the first time.
Thatās exactly why we created MalCare.
Install MalCareās full suite of security features to scan, clean, and protect your site 24Ć7.
8. Ads & Pop-Ups Open When Visiting Your Website
If you noticed some ads and pop-ups that you didnāt put up yourself, then you need help right now. Weāve dealt with malware like that pretty often. This is another form of website defacement that we see a lot.
The worst part about adware is that it can siphon off a huge portion of your traffic. The long-term damage comes from the fact that these pop-ups can completely damage your reputation. A WordPress hacked website can show ads of illegal drugs, porn, and political hate.
Not cool.
Most ads and pop-ups come from SQL injection attacks. So, if youāre seeing unauthorized ads and pop-ups, you need to clean up your database.
IMPORTANT: Do not try to clean your database if you have a hacked WordPress website unless you have a lot of experience as a database administrator. It can completely wreck your site for good.
9. Your Website Is Being Redirected to Hacked Sites
Weāve already mentioned this before, but it doesnāt get any clearer than that:
You have a WordPress hacked site.
This can happen in many different ways. Mostly, itās a redirection code in wp-config.php or .htaccess file.
Some of the possible symptoms include:
- Your site shows a blank page and doesnāt load
- Your site gets redirected to some malicious website
- Your site redirects you to Google
- Your site canāt be accessed by Google
- Your .htaccess file keeps getting modified
Check out our article on WordPress site redirecting to Spam for details on the malware and how to clean it up.
10. You See A Traffic Spike, Sometimes On Pages That Donāt Exist
Hackers can use a hacked WordPress website for āspamvertising.ā
This causes an insane traffic spike. Spam emails are sent from your server with links to existing or new pages that are created by the hacker.
Spamvertising can vandalize blogs, websites, forums, and comment sections with hyperlinks in order to get a higher search engine ranking for the hackerās website.
Of course, this doesnāt work anymore ā anyone in SEO will tell you that.
Itās a very outdated blackhat technique that gets completely ignored by Google. But at the same time, the hacker who is filling your WordPress hacked website doesnāt really care about this. The malware will wreck your site all the same.
Some Simple Diagnostics To Run
Apart from these symptoms, there are 4 simple diagnostics that you can run to see if you have a WordPress hacked website or not:
1. Strange Looking JavaScript In Your Website Code
If thereās strange looking Javascript in your website code, and you can understand that, youāre a fairly technical person.
If youāre not a technical person, hereās what it can do to a WordPress hacked website:
Thankfully, this is one hack that can be pinpointed a little more clearly.
Youāve got one of these malware on your WordPress hacked site:
Be very careful!
These hacks eventually lead to website defacement. If you donāt take action now, you can lose control of the hacked WordPress website very quickly.
The worst part is that the Javascript can be anywhere on your WordPress hacked website.
2. You Find Unexpected Error Messages In Your Error Logs
Not every WordPress user checks their error logs.
If youāre one of the few super-technical folks who can actually read and understand error logs, then thereās not a lot that you donāt already know.
All we can tell you is that you already understand fully well how much damage a hacker can do if they gain unrestricted access to your site.
Skip to the part where you learn how to fix your WordPress hacked website.
3. You Find New Admin Users Or FTP Accounts Which You Havenāt Created
This is a tricky one for big sites. It can be really difficult to keep an eye out for suspicious admin accounts and FTP accounts.
But if youāve noticed this, then itās time to check your WordPress core files. A hacked WordPress site usually gets infected in a way that can impact the entire site. This makes the WordPress core files the ideal target.
In some cases, there is a hidden executable code in files that look benign. Weirdly enough, it can even be hidden in a favicon.ico file! Just check out our article on WordPress hacked redirect malware. Fake admin accounts and FTP accounts are very common for such malware.
4. Files Have Been Recently Modified
With most malware, hackers first infect a WordPress hacked site with malicious code mixed in with normal WordPress code.
The simplest way to do that is to insert that code into WordPress files such as wp-config.php, .htaccess, and so on.
Editing the files on a WordPress hacked website is a recurring theme with malware such as wp-vcd.php. A simple precaution is to revoke edit permissions to your core files. However, if your WordPress website is already hacked, then you need to clean the site immediately.
Pro Tip: Do NOT delete anything from files and database tables unless you are 100% sure that it is malicious.
How to Clean a WordPress Hacked Website
There are two ways to clean a WordPress hacked website:
- You can use a malware scanner and cleaner;
- Or, you can manually dive into your websiteās code and clean it.
For all intents and purposes, we never recommend doing a manual cleanup.
Ever.
Why? Itās way too dangerous.
A WordPress hacked website usually has malicious code hidden inside the benign code without which the website would not function. Manually deleting snippets of code can lead to permanently breaking the site.
You may think that you can restore your site from a backup. But how do you know if the backup isnāt infected as well? Does the backup even replace the infected files?
What we do recommend, however, is to use a WordPress malware scanner and cleaner plugin.
How to Clean a Hacked WordPress Website Using MalCare
The purpose of a malware scanner and cleaner is to make it easy to find, pinpoint, and clean an infected website.
The sad thing is:
- Most malware scanners canāt pinpoint the origin of a complex malware;
- They resort to crude methods of scanning that raise false alarms;
- After the scan, most security plugins require a manual cleanup;
- Manual cleanups are expensive and you pay through your nose when youāre in a pinch;
- And then you get charged extra for repeat hacks.
In short: The security plugin that is supposed to protect your website holds you up for ransom and then provides you with a flimsy solution at best.
Thatās exactly why we recommend that you scan your site using MalCare.
MalCare offers a complete suite of security features that will scan, clean, and protect your WordPress website from malware attacks by hackers.
With the most advanced learning algorithms to support it, MalCare is by far the best WordPress Security Plugin there is that keeps getting smarter over time.
We know that this can sound a bit biased, so here are a few important stats about MalCare to remember:
- One-click instant malware removal in 3 minutes or less;
- 99% of malware are automatically detected and cleaned without any manual cleanup;
- Less than 0.1% false positives flagged across a network of 250,000+ websites;
- No extra charges ever and no B.S.;
- All for $99/year!
If this sounds good to you, we can make it better with just two words:
True. Story.
If you havenāt already, install MalCare and clean your WordPress hacked website today.
Hereās how you can do it:
Step 1: Sign up for MalCare
Sign up for MalCare plugin from our site.
Step 2: Scan Your Site
Use MalCare to Scan Your Site automatically:
Step 3: Clean Your Site in 1 Click
Click on āAuto-cleanā to clean instantly:
Once all this is done, you should definitely check out our guide on protecting your site from future attacks.
You get all this for just $89/year!
Join 250,000 other sites and install MalCare today.
How to Clean a Hacked WordPress Website Manually (NOT RECOMMENDED)
Cleaning a hacked WordPress website manually is made of primarily three parts:
- Scanning the server for malicious code in files;
- Scanning the database for malicious code;
- Detecting backdoors and fake admin accounts;
And then, remove malware from your hacked WordPress website.
This is an oversimplification, though.
In many cases, you may well have been blacklisted by Search Engines and blocked by your web host. In such an instance, itās not enough to just clean your site, but also take measures to remove the website from a blacklist.
But letās just get started:
#1 Looking for Malicious Code in WordPress Files and Folders
The most obvious way in which malware can be injected into a WordPress hacked website by a hacker is by uploading a file straight up. This is rarely the case, but worth a try.
Look for files that have a suspicious name. Start with the WordPress folders such as:
- wp-content
- wp-includes
These are folders that should not contain any executable files. If there are any PHP or javascript files here, then thatās a bad thing.
Pro Tip: Look especially for PHP files. PHP by itself cannot execute javascript code without an HTML view. Javascript typically injects content into the frontend. The first thing you would need to get rid of is the PHP code.
If this doesnāt work out, keep reading.
#2 Looking for Malicious String Patterns
Most malware leaves some common bits of code called string patterns across a WordPress hacked website.
So, the next step is to head over to WordPress files and search for these bits of code. Typically, you will find them in the core WordPress files such as:
- wp-config.php;
- .htaccess
- wp-activate.php
- wp-blog-header.php
- wp-comments-post.php
- wp-config-sample.php
- wp-cron.php
- wp-links-opml.php
- wp-load.php
- wp-login.php
- wp-mail.php
- wp-settings.php
- wp-signup.php
- wp-trackback.php
- xmlrpc.php
CAUTION: Do NOT attempt this unless you understand PHP deeply. As you can see, almost all the files in WordPress are PHP files with the exception of .htaccess. Many of these strings could be part of regular code. Deleting something based just on this list could break your site.
Look for snippets such as:
- tmpcontentx
- function wp_temp_setupx
- wp-tmp.php
- derna.top/code.php
- stripos($tmpcontent, $wp_auth_key)
If these two ideas didnāt work, we have some even more advanced ideas that you can try.
#3 Checking the functions.php File
The functions.php file is one of the most popular targets in any hacked WordPress website.
So, take a quick look at that file too.
Itās difficult to say exactly what you should be looking for here. Depending on the malware, you could have different types of malicious code in the file.
You may want to check if the functions.php code is adding unauthorized features into a theme or a plugin. This is agonizingly difficult to find at the best of times and itās desperately tricky to get right.
A few simple ways to check if the functions.php file has been tampered with are:
- If the hack is a very visible one like a hacked redirect, try changing the theme and check if the problem persists.
- Check and see if updating the theme resolves anything. Mostly it wonāt help at all, but itās worth a shot.
- Try logging into your WordPress dashboard. If you canāt, it might be because of malicious code in the functions.php file.
If any of these ideas show even a slight change, then you know that functions.php is a good place to start looking.
#4 Run a Diffchecker Against WordPress Core Files
A diffchecker is a program that checks two pieces of code and spots the differences between the two.
Hereās what you can do:
- Download the original WordPress core files from the GitHub repository.
- Download the files from your server using cPanel.
- Run a diffchecker between the two files.
The worst part about this idea is that you would have to go through each file on a WordPress hacked site one at a time and check for differences. Of course, you would then have to find out if the different code is malicious or not.
If this seems too technical or sounds like itās too much work, we recommend that you install MalCare.
Itās a quick, easy, and affordable fix.
Why Did Your Site Get Hacked?
They say that prevention is better than cure.
We agree. But honestly, itās not that simple when youāre talking about WordPress hacked websites.
Hackers create 300,000 new pieces of malware daily. This means that almost all security software out there becomes obsolete or irrelevant within days, if not hours.
Most WordPress hacked sites have one or more of these vulnerabilities:
- Outdated WordPress Version: Lots of webmasters think that updating the WordPress version can break their site. This is true to a certain extent. But not updating WordPress on your site is a far worse idea. WordPress openly declares its vulnerabilities and outdated versions get easily exploited by hackers. We recommend using a staging site to test out the updates and then roll it out after fixing all the bugs.
- Outdated themes and plugins: Outdated WordPress themes and plugins usually have exploits that are very well document and easy for hackers to find. If there are updated versions out there, just update the software. Itās worth taking the time to do it.
- Pirated Plugins and Themes: If youāre using nulled or pirated plugins and themes, then 100% you have a WordPress hacked site on your hands. Use a free alternative if you donāt want to pay for a plugin or theme. Itās that simple.
- Unsecured WordPress Login Page: WordPress login pages are easy to find and highly susceptible to brute force attacks. There is no protection against bots by default. The best you can get in an off-the-rack WordPress installation is a Multiple Login Attempts blocker. Honestly, itās way too easy to get past those plugins as well.
- Weak Passwords: Youād be shocked how often itās your own fault that you got hacked. The most common passwords are something weak like āp@sswordā or āPassword@1234ā. It takes less than 1 second for a brute force algorithm to get past something like that. Do NOT trust simplistic rules like including numbers and special characters to judge password strength. Those measures are grossly insufficient.
- WordPress Roles: Do NOT leave the default WordPress user role as an administrator. WordPress has multiple user roles for a reason. If too many people have admin access, you are more likely to get hacked. The worst part? Youāll get hacked time and again without realizing why thatās happening to you.
- Ability to Execute Codes in Unknown Folders: Executable code, especially PHP code should only stay within trusted folders. Ideally, folders containing the WordPress core files, theme files, and plugins are the only folders that should have executable code.
- Running Website on HTTP: If your website is still running on HTTP and not on HTTPS, then you are simply inviting hackers to gift you a WordPress hacked site. And if youāre running a WooCommerce site without an SSL certificate, then God help you. Install an SSL certificate or risk having all your information stolen.
- Setting Incorrect File Permissions: This may seem inconsequential, but incorrect file permissions can give hackers the option to write code into an unprotected file. All your WordPress files should have 644 value as file permission. All folders on your WordPress site should have 755 as their file permission.
- Unprotected WordPress Configuration wp-config.php File: The wp-config.php file loads up whenever someone tries to log in to your site and it contains all your database credentials. If left unsecured, a hacker can gain access to your database using the file. Itās a simple enough fix, though. Just add this little code snippet to your .htaccess file:
<files wp-config.php>
order allow, deny
deny from all
</files>
- Changing the WordPress Database Prefix: The default WordPress database prefix is āwp_ā and you can change this during the installation of WordPress on your site. Leaving this unchanged makes it really easy for hackers to guess your database names. So, we highly recommend changing the database prefix in the wp-config.php file.
As you can probably understand, there are way too many ways in which you can get hacked.
But as general rules:
- Install a powerful firewall and bot protection for your website
- Install an SSL certificate that will protect your site from further attacks
- Stop using nulled themes and plugins
- Do not trust any vendor implicitly ā always check the URLs for everything you do
- If you ever suspect any foul play at all, scan and clean your website immediately
Honestly speaking, most malware doesnāt start damaging your WordPress hacked site immediately. If you can scan and find malware early on, you can successfully remove it without causing any damage at all.
For this purpose, we highly recommend that you scan your site for malware right away.
Post-Hack Measures: How to Prevent Your Site From Getting Hacked Again
The rest of this article is about stronger security measures that you can take to protect your website from malware attacks. Weāve also explained some of the most common security jargon so that you donāt feel lost with some other resources.
Feel free to go through them all and if you have any questions, drop us a line.
Install a Firewall to Keep Out Malicious Traffic from Your Site
A firewall is a layer of protection that shields your website from incoming traffic. It acts as a barrier between a trusted and untrusted network. In this case: a barrier between a bot and your site that prevents WordPress hacked sites from ever coming into existence.
In simple terms: if your website is getting any malicious traffic or attempted hacks, a firewall prevents the website from receiving such traffic.
A WordPress firewall is specifically designed to protect WordPress websites from getting hacked. It runs between your site and the internet to analyze all the incoming HTTP requests. When an HTTP request contains malicious payload the WordPress firewall drops the connection.
Just as a malware scanner looks for malicious malware signatures in WordPress hacked websites, a WordPress firewall will scan for malicious HTTP requests.
Some rare firewalls like the one we use in MalCare can actually learn from previous attacks and get smarter over time. MalCare can analyze incoming traffic and recognize a malicious IP from a huge database it has compiled by protecting 250,000+ sites.
Once an HTTP request is flagged by MalCare as suspicious or malicious, your website wonāt even load WordPress. Itāll be as though there WAS no malicious traffic.
Pro Tip: MalCare actually logs all attempted connections with your site in the traffic logs. So, if youāre using MalCare, try to keep tabs on the type of traffic youāre getting. Every login attempt is color-coded so that you can analyze it at a glance.
The two most common hacks that installing a firewall can protect against are brute force attacks and DDoS attacks. Letās go over both in brief so that you know what to expect from them.
What is a Brute Force Attack?
A brute force attack is a way of guessing your access credentials by literally using every possible password there is. Itās a simple and inelegant hack. The computer does all the hard work and the hacker sits tight waiting for the program to do its job.
Typically, a brute force attack is used for two purposes:
- Reconnaissance: A bot uses brute force to find vulnerabilities that it can exploit
- Infiltration: A bot tries to guess the access credentials to gain control of the WordPress hacked website
The most primitive type of brute force attack is the dictionary attack where the program uses a list of password combinations based on certain assumptions about the password.
A weak form of dictionary attacks is credential recycling where it uses usernames and passwords from other successful hacks to try and break into your website.
But the more modern variant is an exhaustive key search. These kinds of brute force attacks literally try out every possible combination of all possible characters in a password.
Pro-Tip: An exhaustive key search brute force algorithm can crack an 8-character password with capital and lowercase letters, numbers, and special characters in two hours. Always create long, random passwords with a good mix of characters to make it more difficult.
Attackers also use brute force attacks to look for hidden web pages. Hidden web pages are live pages that are not linked to other pages. A brute force attack tests different addresses to see if they return a valid webpage, and will seek out a page they can exploit.
Bonus Pro-Tip: If you see a sudden uptick in traffic for no apparent reason, check your analytics. If you see a bunch of 404 errors from pages that donāt exist, youāre probably under attack by a brute force bot.
You can prevent a brute force attack by:
- Using longer passwords
- Using more complex passwords
- Limiting login attempts
- Implementing Login Page Captcha
- Setting up WordPress Two-Factor Authentication
This goes without saying, but you also need a seriously powerful firewall for your WordPress website. A firewall on top of all these preventive measures will help you protect your business from hackers trying to brute force their way in.
As an alternative to all this, you can install MalCare. MalCare comes with a built-in premium firewall that spots suspicious traffic and prevents your website from even loading the WordPress login page.
To learn more about Login Protection checkout our Guide on WordPress Login Security.
What is a DDoS Attack?
A distributed denial-of-service (DDoS) attack is a malware attack that sends too much traffic to your WordPress website for your server to handle.
Hackers donāt hack just one website or device. Instead, they establish an entire army of hacked devices and websites to direct focused DDoS attacks.
The collection of compromised devices used for a DDoS attack acts on an internet called a botnet. Once a botnet is established, the hacker remotely sends instructions to it and causes other servers to be overwhelmed by a huge surge of traffic.
Pro-Tip: If your website is loading very slowly or if your web host refuses to serve your website, check your analytics immediately. DDoS attacks work in patterns that can be discerned:
- Traffic originating from a single IP address or IP range;
- Traffic from users who share a single behavioral profile, such as device type, geolocation, or web browser version;
- An unexplained surge in requests to a single page or WooCommerce endpoint;
- Traffic spikes at odd hours of the day or a spike every 10 minutes;
These are all symptoms of a DDoS attack.
One of the major motivations behind a DDoS attack is extortion under the threat of destruction of property. The only way to prevent a DDoS attack is to use an effective firewall that can clamp down on suspicious traffic immediately.
Install an SSL Certificate to Secure Your Traffic
SSL Certificates are now the staple for almost all cPanel hosting providers and resellers. An SSL certificate is a small digital file that encrypts an organizationās details. Commonly, SSL certificates, when installed, binds:
- A domain name, server name, or hostname;
- And the organizationās identity and location.
This secure connection ensures that the traffic between the server and the browser is encrypted.
Before we get into the kind of security an SSL certificate provides, letās understand how it works.
SSL certificates use a method of encryption called public key cryptography.
Public key cryptography uses two sets of keys for encryption ā a public key and a private key. Itās in many ways similar in concept to WordPress Salts and Keys.
In this kind of encryption, if:
- Angelina sends Brad a message, then the message is locked using Bradās public key.
- But for Brad to read the message, he must unlock it using his private key.
If a hacker intercepts the message without having Bradās private key, they will only see encrypted code that not even a computer can decrypt.
What is Man-In-the-Middle Attack?
A MITM attack is when a third party intercepts a communication between two people. Here, the hacker is essentially a āman in the middleā.
This might sound all fun and frivolous, but this is a very dangerous attack. The hacker can effectively see every request coming in and out of your website including all transactions.
If the hacker canāt get admin access, they can send your users fake web pages that can grab their access credentials.
Imagine this for an instant:
The credit card, the phone number, the email address ā everything your users submit on your WordPress hacked website is openly accessible to a hacker.
The simplest way to protect against attacks like this one is to install an SSL certificate.
Pro-Tip: Check all your web pages for the āhttpsā in the URL. If there are pages missing out on that, you may have a mixed content issue. Fix that as soon as possible. A brute force attack could find the vulnerable pages and push for a MITM attack.
Implement WordPress Hardening and Basic Hygeine
This segment is all about protecting your WordPress website from getting hacked again.
Now, the simplest thing you can do is to implement WordPress hardening measures. Hardening makes sure that even if your website gets hacked again, the hacker canāt really edit any files and databases.
Another major tip we have: stop using nulled themes and plugins. Nulled themes and plugins are essentially cracked versions of the plugin. The only problem is that nulled themes and plugins are usually chock full of malware.
Also, if you are using a lot of plugins, be careful of zero-day vulnerabilities. A zero-day vulnerability is essentially a security flaw that the developers and vendors know about, but havenāt really fixed. Many WordPress hacked websites have plugins with zero-day vulnerabilities.
The most troubling part about a zero-day vulnerability is that people assume that updating the plugin or theme can automatically fix the WordPress hacked website. Thatās not true, though. You will have to clean up the website first and then update the software to prevent future hacks.
What Are The Consequences of Getting Hacked?
One of the major questions that we get all the time is ā why does it matter if my website gets hacked? Unless it completely defaces the website, why should I even care?
Short answer: you really should care because a hacked website can severely damage your business even if it isnāt visibly defacing your website.
A WordPress hacked website can damage your traffic, revenue, and brand value (more on this soon).
But the biggest reason to care is:
Almost all malware is created with the intent to make money off your hard work.
In essence, you spend a lot of time and money on building traffic and revenue, and then because you have a WordPress hacked website, the hacker makes money instead of you.
Not cool.
How Hackers Make Money Off Your WordPress Hacked Site
Hackers make money from your website by using your traffic and hereās how it works:
- Illicit ads and pop-ups redirect a huge portion of your traffic to other sites and the hacker gets paid for that traffic.
- URL redirections work in the same way ā the hacker can redirect the traffic from your WordPress hacked website to make some quick cash.
- If a hacker gets into a WooCommerce website, they can steal the credit card information of your buyers.
- In some cases, a hacker can redirect to a page that looks like yours. When people buy something from the fake page, the hacker gets paid and you never get to know about it.
- A hacker can easily replace a bank account linked to your WooCommerce store. Youāll still make the sales number, but the hacker steals all the money.
Letās put this into perspective:
Itās not just you whoās getting hacked. And itās definitely not just you whoās unprepared for a WordPress hacked website.
People in America panic a lot more over cybersecurity than personal security:
A study of more than 4,000 organizations across the US, UK, Germany, Spain, and the Netherlands found that 73% of companies are not ready for a cyber attack. (Source: hiscox.co.uk)
We know this sounds bad. But honestly, this is just the tip of the iceberg with WordPress hacked websites.
Believe it or not, it actually gets much worse in the long term.
In the long term, a WordPress hacked website can:
- Completely stop traffic to your business because it got blacklisted
- Destroy your brandās reputation because no one wants to be a victim of cybercrime
- Essentially destroy your revenue channels by destroying trust and stealing traffic
Thatās not even the worst part.
The worst part is that the hack may not even have visible consequences. You might be getting robbed on a daily basis without ever knowing it.
Now, maybe a security plugin flags a malware along with 10 other false alarms. And maybe you do see it. How often do you take action and check out all the alarms?
And even if you do find the malware and clean it, even if you miss a single backdoor on your WordPress hacked website, you can get infected all over again.
The simplest way to get out of this vicious cycle is to install an automatic malware scanner and removal tool.
Wrapping Up
Now that you know how to scan and clean a WordPress hacked website, just take the time to set up security measures to prevent future hacks. You have successfully defeated the hacker. You can now go back to building your business after you set up the basic security measures.
Bonus Tip: You can set up WordPress hardening manually or install MalCare and do it in 3 minutes or less.
Itās time to take a sip of hot, steaming tea and relax ā especially if youāre a MalCare user. You never have to worry about WordPress security again.
If you have any questions, feel free to drop a comment below. We have a team of WordPress security experts who can help you resolve any issue you might face.
Until next time!
Category:
Share it:
You may also like
MalCare Ensures Unmatched Protection Against User Registration Privilege Escalation Vulnerability
Imagine discovering that your WordPress site, which should be secure and under strict control, has suddenly become accessible to unauthorized users who have the same administrative powers as you. This…
MalCare Ensures Proactive Protection Against WP-Members XSS Vulnerability
MalCare continues to protect its customer sites from all kinds of attacks, even the ones exploiting zero-day vulnerabilities. The recent stored cross-site scripting (XSS) vulnerability found in the WP-Members Membership…
Top 9 ManageWP Alternatives To Manage Multiple Sites Easily [Reviewed]
ManageWP is a popular name in the WordPress maintenance plugins market. People love how much you get for a free plan, how easy it is to set up, and how…
How can we help you?
If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.
My site is hacked – Help me clean it
Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.
Secure my WordPress Site from hackers
MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.