What To Do When Your Blog Is Hacked
If you own a WordPress powered site, on and off you may find a rash of attacks on these sites. Which means yours is vulnerable too. I love WordPress but sometimes, its strengths – easy to use and setup can also be its Achilles heel. Here’s what I mean. It’s great that they system is super easy for even the less technologically inclined. That opens up a lot of possibilities for regular users. It’s a good thing. But the down side, is when something goes wrong, the same users are also ill equipped to handle them. This is so apparent when a site gets hacked. I get so many questions like “How do I get rid of it?”
Problem is, every hacking is somewhat different. Sometimes they attack at the surface level, usually editing your theme – that’s a lot easier to fix. Sometimes they go deeper into your database. That can be more evasive. Most that I’ve normally encountered is theme tampering. This usually shows up in your source codes. Which is why I work hard to manually scan my site’s source code regularly to check for irregularities.
How do you know?
There are a variety of ways. Some are obvious. For example, a recent iframe attack loads an external site with mal-ware. When you visit your site, you might notice a strange URL loading or find your antivirus giving you all sorts of warnings. If you didn’t spot this early enough, you might find yourself blacklisted by Google – that’s how some people find out. So next time you visit your site, watch the load time and see what URLs’ are loading. Better yet, view your source code.
Watch your traffic stats. One of the more crafty hacks I’ve seen hijacks people’s traffic. What’s really slick about this hack is, viewing your source code in your browser does not show any problems at all. That’s because it focused on search engine spiders. You see, each spider has a ‘name’. That’s how your stats program know if it’s a user or a bot. The hack attempts to identify if the visitor is a browser (human) or a bot. If it is a search engine bot, it will automatically redirect the bot to their site or inject links to their site, thus stealing your traffic and credibility. Watching your stats will show where people are coming from or going or if your traffic volume is abnormal.
What can you do about it?
This is not exactly a fix-it-all solution nor will it work in every case. But the following list will give you a template of what you can do when you see something abnormal and suspect a hacking.
- Change your cpanel and FTP logins
- Change your WordPress admin logins
- Upgrade if you’re not already on the latest version
- Review your theme files. Switch themes to see if the issue still occurs. If it does, then the problem lies in your theme. Many FTP programs will display the date your files were last modified. Login via FTP (after you have changed the logins), go to your theme folder and find the active theme. Sort the files by last modified/changed. If anything was done, chances are you’ll see someone edited the file recently and it might not be you. Open those files up to check for anomalies. This is not fool proof of course but the fastest way to drill down compromised files and fix them either by removing the bad code or re-uploading the original theme file and re-doing your edits. Most of the time, header.php and footer.php are the ‘hot files’.
- If it’s not the theme, check your index.php file. The most recent iframe attacks targeted any index.php file, modified it with an iframe. Also, if you don’t normally have an index.html (but have an index.php) and now there’s suddenly an index.html – you’ll need to delete that. Open up both these files to make sure before deleting. Fixing the index.php is easy though. Just re-upload from a clean WP package.
- If it’s not there either, check your plugins. Are there any weird plugins you don’t recognize? If no, disable the plugin and check the site after disabling each plugin.
- Check your users – are there any strange users you don’t recognize? Delete them.
After clean up
Now that you’ve spent your time cleaning things up – time you could have spent doing something else, you definitely want to put checks in place to reduce the chances of this happening again in the future. Here are some resources that will get you started.
Do You Want A Hands-Free Business?
Then get this guide to help you systemize your business so you'll have more time working on your business.
Hey! I want to make sure you know what you're getting here. In addition to the guide, you will also receive our memo that includes special offers, announcements and of course actionable information.