WordPress Security – Fix a hacked WordPress website
Sunday, August 23rd, 2015
WordPress is a popular web content management system. Originally started as a blogging platform WordPress became the de-facto content management system for web designers. Since WordPress is dynamic it allows developers and designers to create a rich web experience for their users. Also because it is open source there are a plentiful of plugins available for almost every need.
However this very popularity has been the cause of attention to malicious people aka hackers. So it’s not uncommon to wake up one morning and find out a skull flag hoisted on your site.
But don’t worry – we have the steps you need to follow to fix your site.
Step 1: Don’t panic
Most people panic as soon as they see their website is hacked. In many cases the site owners are informed by a friend, visitor or even customer. Sure, it might be anxious for you but sites often get hacked – it’s how you react to the hacking incident that matters. If you call your hosting company chances are they will not help. You can ask some security expert but they will charge $$$$$ for a five minute task. So just control your temper and follow the instructions.
Step 2: Connect to your FTP server
In most of the cases you might have used a FTP account to upload WordPress files on a server. However on newer servers you get software packages like Softaculous which allow you to install WordPress directly from your web hosting control panel.
You might be tempted to delete all files and install WordPress all over again – but isn’t that a lot of time? Plus, your WordPress installation will never be the same again. You simply can’t just restore all plugins, themes as well as on-the-fly customizations you have made. Best way is to connect via FTP and change the only file that is affected. We will see that in next step.
Step 3: Examine index.php
Once you are connected via FTP navigate to the index.php file that is in the root directory of your WordPress installation, right before license.txt.
Download this file to your computer and open it in your favourite text editor. FTP software like FileZilla allows you to edit files. You can also use your web hosting control panel’s File Manager, it will allow you to view and edit files in the browser.
See the index.php source code for any suspicious code.
Step 4: Create a new index.php
If the site is hacked, mostly the index.php file is replaced with another index.php file with malicious code. In some cases an alternate index.html file is used. If you are having a WordPress site you can safely delete the index.html file.
Now observe the code of index.html. It should look like this:
<?php /** * Front to the WordPress application. This file doesn't do anything, but loads * wp-blog-header.php which does and tells WordPress to load the theme. * * @package WordPress */ /** * Tells WordPress to load the WordPress theme and output it. * * @var bool */ define('WP_USE_THEMES', true); /** Loads the WordPress Environment and Template */ require( dirname( __FILE__ ) . '/wp-blog-header.php' );
If the contents of index.php are not like this, replace all contents with the above code. Save the index.php file.
Step 5: Upload and relax
Now you can upload the index.php file. Refresh your browser to reload the website and confirm that you can see it as it was before.
Please note that this solution is not general but works in most common cases. In case of complicated issue contact us.