Securing your HACKED wordpress site.

Posted on January 8th, 2014

Posted By | Comments

Its even worse than a nightmare that one day, you load up your website and find that it’s not there any more,  or your site is full of adverts of non-ethical products, or redirected to some other website in other words your website is HACKED.

securing-your-hacked-wordpress-site

 

THINGS TO DO

If your website is hosted by EDENHOST.COM then you can get your website by asking through ticket to restore your website to the previous date, by doing this you can also gain your lost data.

 

STEP 1 :-

Now we are going to secure your website by scanning your system first for malware, for scanning please use a good anti-virus so that you get a proper  full machine scan for virus & malwares.

 

STEP 2 :-

Change passwords for the blog ADMINISTRATOR, your FTP and MySQL users. Also send reminder to all the users to change the password.

 

STEP 3 :-

Change your secret keys.

Its possible that  their cookies are still valid after you change your password so to disable them, you have to create a new set of secret keys. Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones.

 

STEP 4 :-

Upgrade!

Now upgrade your WordPress installation to the latest software. and also upgrade your  themes and plugins. Older versions are more prone to hacks. search for the plugins and themes whose updates are not available or discontinued by the producers and eliminates such themes and plugins.NOTE :- Remember to change the password again after the upgradation.


STEP 5 :-

Now once we have successfully recovered website, we are going to improve security.

First remove all unused plugins and themes next we are going to install a security plugins edenhost recommend using wordfence.

 

STEP 6 :-

File Permissions

WordPress  allow various files to be writable by the web server. However, allowing write access to your files is potentially dangerous, especially in a shared hosting environment.

It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access.

Here is one possible permission scheme.

All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be writable by the web server, if your hosting set up requires it, that may mean those files need to be group-owned by the user account used by the web server process.

The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you.
/wp-admin/

The WordPress administration area: all files should be writable only by your user account.
/wp-includes/
 The bulk of WordPress application logic: all files should be writable only by your user account.
/wp-content/
 User-supplied content: intended to be writable by your user account and the web server process.Within /wp-content/ you will find:

/wp-content/themes/ 
Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account.
/wp-content/plugins/ 
Plugin files: all files should be writable only by your user account.Other directories that may be present with 
/wp-content/ 
should be documented by whichever plugin or theme requires them. Permissions may vary.


If you need any further details or help you can always contact us through tickets and please do not forget to share/like the article.



About -