Have you read How to recover your Hacked WordPress Site (Part-2) yet?
Stage 6: Getting back to (almost) business as usual.
The new Mindset: As mentioned above, before you are done with this clean-up process you will need to look at security in a whole new light. Or at the very least, you had best respect the fact that your ability to keep hackers at bay rests on your ability to maintain a proper pro-security mindset. So along those lines, let’s discuss a few quick topics pertaining to Security that you can mull over now that the immediate emergency is over.
Have you read How to recover your Hacked WordPress Site (Part-1) yet?
Stage 3: Let the Sanitizing begin.
Once you’ve identified the “vector” or angle that the hackers used to compromise your website, you can now get to work plugging the holes. Wordfence keeps a massive Archive collection of every known WordPress Theme and Plugin. For those legitimate configuration files that might have simply been compromised along the way, you can re-download a known-good version of the file from the Wordfence archives. Delete the ones that don’t belong on your website. Just keep fixing those files which are infected, and deleting those that don’t belong until your site is once again clean. If your hacker wasn’t aware of your attempt to take back your Account and Website, they will probably begin to realize it soon. Keep moving!
So, you think that your WP Site got hacked, what is the first thing you should do?
There are quite literally several dozen things that you should do, but each case is different. I will try to highlight the most important points below. The reason that there are so many steps is that there are so many different ways to approach this dilemma. The most immediate decision for you is are you going to adopt a hands-off approach of hiring a security consultant to clean it for you, or are you going to go the DIY route like I chose to do. Even then, there are so many different ways that people prefer to do things. Overall, this process involves a lot of smaller steps, but there is one step to the whole process that is really big, regardless of whether you DIY or hire someone to do the cleanup. It may be the single most important aspect of this entire process: and that is changing your mindset on about how you approach security. And that folks, is a massive undertaking, because changing the way your mind operates may also be the single hardest step in this entire how-to guide.
The following are all recommendations on my part, suggestions that you need to discard or accept, but in my opinion they make up a fairly logical progression on how to deal with such issues should you ever find yourself in this situation. You can of course choose to perform these steps in a different order, but I believe that they will be most effective in the order I present them. I hope they will at least be a helpful aid to you in your time of need, allowing you to recover as much of your website as is possible. Cleaning any hack is going to take some time and effort, so you really need to think about whether you want to tackle this on your own. In the end, I think you’ll be happy that you chose to do it yourself. As with any such DIY process, you assume all risk and responsibility for any and all actions and outcomes, and obviously your mileage may vary. No matter which direction you decide to go, I’ll wish you the very best of luck in your cleaning endeavors!
I’m a geek, and I love technology, so it’s not surprising that I have several websites for my different audiences: multiple public facing websites, private family websites, and local community websites. I consider “In My Mobile World” to be one of my public facing websites.
Unfortunately, as a result of a vulnerability found in a PHP sub-routine called “Tim Thumb” (used in the WordPress Theme called “The Morning After…”), a hacker was able to gain access to my WordPress PHP code. This particular Theme was used on one of my local community websites, so over the course of time the hacker also gained access to ALL of my websites since they are all accessible with root privileges on my hosting account.
I believe that I have now corrected all of the known “vectors of attack” in my websites by plugging all of the known vulnerabilities. Of course, only time will tell, and hackers may find additional new vulnerabilities with my websites in the future, so this is going to be an uphill battle. So let’s see what we can do to prepare you for the same battle.