How to recover your hacked WordPress blog or website

How to recover your hacked WordPress blog or website 



                                      recover hacked Wordpress blog

WordPress is one of the most popular content management systems at present. and at same time it is Most targeted as well. so today i will teach you some tips and Methods on how to patch/recover your site when your website is hacked (which is hosted on WP) and this post is also for those who want to keep there WordPress sites safe.


How to recover Hacked Wordpress website 

if your WP website is attacked then follow these steps and get your site back.

Backup - if your website is infected to a small extent then it is still much necessary for you to secure the backup of your website before waiting to see your things changing to worse.you can use Plugin called BackupBuddy for this purpose but, i advice you to use UpdraftPlus Backup because it is free plugin and best alternate of Backupbuddy.

Change Login Details and Secret Access Keys – at the time you feel or see that your site is defaced then immediately check whether your login details are changed or not because some hackers didnt change login details in hurry. so if hacker did'nt changed your login details then quicky change login details and Wp-config secret access keys too.

Running scanners - The scanner are basically used to identify compromises at database level You can try out Cloud Sites WP Scanner plug-in or Sucuri Malware Scanner. After running the scanner you can proceed to next step.


                                                 recover hacked Wordpress website


Installing Your WordPress Again – Next important step involves Deleting all the files existing in the directory of WordPress except wp-config.php file and wp-content directory. After that you need to download and install a totally fresh copy of WordPress.

Review content folder - check all the folders in wp-content directory if you feel some folder does'nt belong to your site or seems sespicious then remove it , dont worry if you mistakenly removed any folder which is part of your blog and is not suspicious then you can get it back through backup files after even removing.

Review Plug-ins - Now this is time to analyza all your plug-ins simply remove all plug-ins from your Panel which you did'nt use and other plug-ins which you need should be uninstalled and INSTALLED again for security purposes.

Check your .htaccess file for hacks-  Hackers can use your .htaccess to redirect to malicious sites from your URL. Look in the base folder for your site, not just your blog's folder. Hackers will try to hide their code at the bottom of the file, so scroll down. They may also change the permissions of the .htaccess file to stop newbies from editing the file. Change the permissions back to 644.

Now analyze your theme- 
 task of removing the extra themes which are not in use currently. Next task again involves reviewing your activated theme. Look through the PHP or Javascript code to find out any suspicious activity there. Most of the time hackers make such malicious changes in header.php or footer.php files.

The first thing I did was to verify that I had been following the steps outlined in my recent post on securing your WordPress website.

These were the absolute fundamentals: updating my themes and plugins, ensuring that I had a recent backup, ensuring that my default profile was not named “admin,” changing my password, and checking for security plugins on my site. With those items in place it was time to move on.

I am under no illusions that my site is now 100% secure — after all, there is no such thing as a 100% secure site. Having said that, I know it is far more secure than it was before and I will continue to research site security measures now and in the future. So far, this is what I have done.

1. I Installed VaultPress

For those of you who don’t know, VaultPress is a totally automated backup and security solution for WordPress. It it owned by Automattic, the de facto “owners” of WordPress.

Having been using VaultPress for a few days now, I can’t believe I was so cheap to have not stumped up for the service beforehand. Their base package starts at $15 per month — I’ll pay that for peace of mind any day of the week.

In fact, I chose to go with their Premium package ($40 per month) which includes:

  • Realtime Backup
  • Automated One Click Site Restore
  • Archives, Stats and Activity Log
  • Priority Disaster Recovery
  • Priority “Concierge” Support
  • Daily Security Scanning
  • Security Notifications
  • One-Click Fixers for Security Threats
  • Site Migration Assistance

Basically, they’ve got you covered.

While VaultPress cannot guarantee your site’s security against hackers, it pretty much can guarantee that your site can be restored with relative ease. There’s just something very calming about seeing hourly snapshots of your sites stored on VaultPress’ servers:

VaultPress Backups

While there are plenty of free backup solutions out there, I don’t think anything beats the relative peace of mind I get from VaultPress. They’ve got 90 snapshots of my site available to restore right now, of which the most recent is just twenty minutes old. I know my site is safe in their hands.

2. I Managed My Profiles

A hacker can potentially access your site from any of the administrator profiles within your WordPress backend — not just the one you use. When I loaded up my profiles I could see that I had three other profiles — a guest poster profile, and two other profiles for (trustworthy) people I had given access to my site.

I began by shutting down those two profiles and changing the role of the guest poster profile to Author. This is something I would advise you do — only create as many Administrator profiles as is absolutely necessary. Additionally, you should of course ensure that each account as a suitably random and unique password and that said passwords are regularly changed.

There are times when you will need to allow people (such as your web designer) access to your site. In such situations I advise that you create a profile for them with a new password, then delete that profile as soon as its necessity comes to an end.

Always be thinking about your site’s points of entry and whether they are strictly necessary.

3. I Changed My Passwords

You may think this was an obvious move, but I’m not actually talking about my WordPress passwords. Although I did change them, I was also sure to change all passwords to particularly sensitive accounts, i.e.:

  • Gmail
  • Facebook
  • Twitter
  • My Hosting Account
  • Amazon Associates
  • Etc

If you’re wondering why I made this move, just consider the story of Mat Honan, whose entire digital life was destroyed by hackers who originally hacked into his Amazon account. If you feel in any way blasé about online security then the above article is a must-read.

Consider this simple chain: a hacker gains access to your email account from which you recently sent an email to your web designer with login details for your WordPress site. That’s all they need to gain access to your site and do as they please. Hacking can be that elementary.

4. I Upgraded to SFTP

Here’s something you may not know: any data that you transfer via FTP (including your username and password) is completely unencrypted. Therefore, anyone who is successfully able to intercept FTP transfers will be able to pickup your login details and gain access to your account.

Not only does this allow them to add and remove files as they see fit, but they can also gain access to your WordPress database via phpMyAdmin and ultimately login to your site.

Put simply, it doesn’t matter how secure direct access to your WordPress site is if they hackers can get in via FTP. As such, I strongly recommend that you disable FTP access to your site and transfer files using the alternative SFTP protocol, which does encrypt data. Any good hosting provider should be able to help you with this.

Speaking of hosting providers…

5. Consider the Suitability of Your Hosting Solution

I am glad that I’m with Westhost. It was their ModSecurity firewall that spotted the hack in the first place and shut down my site before serious damage could be done. They also carry out automatic daily backups (which were used to restore the site) and have cracking customer support to boot.

Can you say the same for your hosting provider? There are so many great options out there that you would be crazy to stay with a provider you are unhappy with. You might consider switching to one of the managed hosting solutions (like WPEngine) as WPExplorer did just recently.

Whatever your choice, be sure to inquire as to the security measures they take. Consider the measures I have taken above and ensure that they are compatible with your hosting solution.


The moral of the story is this: do not compromise on security. Ultimately, keeping your site secure is more important than anything else. There’s no point having great content or a spangly new design if no one can see it because your site has been torn to shreds by ruthless hackers.

Nefarious types who have nothing better to do with their lives than hack people’s sites are not going to go away any time soon. The sooner you accept that and take reasonable measures to protect your site from being attacked, the better for the long term security of your online assets.

I would love to know what you think about the measures I have taken. Are there any additional recommendations you would make? Let us know in the comments section!

Noman Ramzan

Noman Ramzan is a Security Researcher, SEO Expert, Penetration tester, Blogger, Google AdSense publisher and Social media marketing and well functional Web Developer.

11 comments:

Anonymous said...

One particular 16-week training tv show begins August secondary.
The MOS certification for Go beyond and Access can be found prized in some occupations.


my web blog: http://lifenatur.pl/

Asfandyar said...

Great article Bro.. Keep It Up! my wordress blog got hacked like 4 months ago but i got it back within 1 days by resetting. Old trick but gold one..

A highly informative blog that focus majorly on Tech, Ethical Hacking, Blogging, Tricks and Tips, Earn Money, SEO.
Check it here Prince Asfi Hacks and Tricks--> http://prince-asfi.blogspot.com/

Anonymous said...

I'd highly recommend that you throw in the hardening of Wordpress to this article. Protecting your wp-includes files if you've already been hacked is crucial.

http://www.wpishacked.com

Anonymous said...

I am regular reader, how are you everybody? This piece of writing posted at this website is truly good.


Here is my homepage HowTo Password Hack Twitter Account

Anonymous said...

Spot on with this write-up, I honestly think this site needs much
more attention. I'll probably be back again to read through more, thanks for the advice!

Feel free to surf to my webpage :: twitter password reset - -

Anonymous said...

It's perfect time to make some plans for the future and it is time to be happy. I have read this publish and if I may just I wish to suggest you some interesting issues or suggestions. Perhaps you can write subsequent articles referring to this article. I desire to read more things approximately it!

Here is my web blog - Hack Twitter

Anonymous said...

Awesome article.

Review my blog twitter password

Anonymous said...

When someone writes an paragraph he/she retains the plan of a user in his/her mind that how a
user can know it. Thus that's why this paragraph is amazing. Thanks!

Feel free to surf to my web page hack twitter

Unknown said...

Hey You Know what You can have a look on the difference between Cracking and Hacking, understand about them ..!

Difference Between Cracking and Hacking ( http://www.besictechtricks.com/2013/07/hacking-vs-cracking-difference.html )

Anonymous said...



Here is my site; Hack A Twitter Account

Steve Brown said...

great article. few months back my website blog was hacked. but http://totalwebsecurity.com/ website protection support team helped me to fix the hacked website. now they are monitoring my wp blog site. they are very good. i will highly suggest this tool to monitor website.