Seite wählen

https://blog.threatpress.com/clean-hacked-wordpress-site/

WordPress sites are sadly big targets for hacks. Their popularity is both good and bad. However, there is a grain of hope when your site is hacked. It’s happened often enough that people have put together a checklist of things that you can do to clean out the site and make it safe to use. To try and help with this, we’re going to be taking a look at what you need to do in order to clean out a WordPress site.

Check Core File Integrity

With WordPress sites, you’ll find that a lot of the core files do not actually need to be modified at all. You should check for changes and irregularities in the admin and root folders among others. If you find that nothing has been modified, then the core files on your site are safe.

Check For Recently Modified Files

Telltale signs of a hack is when you find files which are modified or entirely new on the site. These are indications that there’s still malicious software contained on your WordPress site. You should make a note of any modifications, and then reverse them or get assistance in reversing them. If you have access to the server, then you can use this command to find recently modified files: “$ find ./ -type f -mtime -10”, where -10 means day interval. You can also use FileZilla program. First, choose Server -> Search remote files… In the window that opens, select search conditions -> date, after, and enter the date, e.g. 10 days earlier than today.

Check The Diagnostic Pages

Another thing you can do when it comes to cleaning out your WordPress site is to check the diagnostic pages. WordPress has a few available for you to look over and make sure that everything’s as it should be. By using our Free Malware And Website Security Scanner for WordPress, you can check if there’s redirections taking place, what malicious software is still present, and facts and figures about your site.

Clean Core Website Files That Are Hacked

The thing about core files is that they can be cleaned out if they’re hacked. This means that you can remove the virus from your system. However, you need to make sure you don’t overwrite or change anything related to WordPress core. You can create fresh files to use, or work with backups which are not infected.

Clean Out Database Tables That Have Been Hacked

Database tables are often hacked, as they sometimes contain sensitive information. You need to make sure you clean them out in order to keep your website safe to use. This will involve using your database admin panel to log into the tables. You need to make a backup, then search through the system and remove anything that looks spammed or fake.

Useful commands

If you have SSH access to your server, then you can run commands to identify recently modified files. (Alternatively use FileZilla program).

  • This command will show you files that were modified in the last 10 days:
    “$ find ./ -type f -mtime -10”
  • You can also specify a directory:
    “$ find /home/myname/www.mysite.com/ -type f -mtime -10”
  • To get the current working directory use this command: pwd
    Another useful command is grep. Grep is a powerful tool for searching plain-text data sets for lines that match a regular expression. This command: grep -ril base64 * will search files that contain base64 code. Hackers are encoding malicious scripts in base64. But keep in mind that you can find “base64” in legitimate code as well.

Overall, these are the main steps that you can take in order to make sure that you successfully clean out your WordPress site. It’s crucial that you work quickly to prevent the site from being taken over and hacked again. Nothing will damage the reputation of your business faster than a website which has been hacked and taken over. It means that customers won’t feel safe when they use your site, which will prevent you from generating profits. It’s a much simpler option to take the time to clean out the site, which is easy when you use the tools provided by WordPress.

The post How To Clean A Hacked WordPress Site On Your Own appeared first on ThreatPress Blog.

Source: Security Feed

Share This