• X

    How I Unhacked WordPress Blog Using Sucuri Security Plugin

    By in Wordpress plugin

    Bluehost hosting

    Any website which is hosted on a web-server is always vulnerable to hacking, and as a webmaster it’s our role to implement all the best practices which increases the security of our website. The wise men once said “Prevention is better than cure” and the best prevention in terms of security of our WordPress blog is to have a daily back-up of your blog. Anyways, this post is not about WordPress backup but about one blog that was hacked and I recently used one plugin to remove the hacked files from the blog. Since this plugin was free and I find it to be very effective for any non-technical user, I’m sure you will find it useful in your rainy days.

    WordPress site hacked  How I Unhacked WordPress Blog Using Sucuri Security Plugin

    To start with, one of my client blog was hacked by a hacker and his website was blocked by Google as it may spread malicious code. My non-technical client was in a fix, and he contacted me to look into the issue. When a WordPress site is hacked, I usually start by looking into the files which were recently modified, as this helps me to find the files injected with malicious code. Though this is not 100% proof, as it’s really hard to find all the malicious infected file. Upon trying security based WordPress plugins; I landed into Sucuri WordPress plugin, and that plugin helped me to quickly find the malicious file, and this post is dedicated to the plugin.

    Meet Free Sucuri WordPress plugin:

    Sucuri WordPress plugin is a security and post hack WordPress plugin. You can use it right away to fix some of the common security issues like hiding WordPress version, restrict access to WP_content, WP_includes and so on. Once your site is hacked, you can use this plugin to find modified files, outdated addons on your blog, update wp-config files and so on.

    Let’s start with first feature which will let you harden the security of your WordPress blog. Go ahead, install and activate the Sucuri WordPress plugin. Here is the link of plugin at WordPress plugin repo. Once you have activated the plugin, you can check the settings from Sucuri-free > Sucuri scanner:

    Sucuri scanner  How I Unhacked WordPress Blog Using Sucuri Security Plugin

    In your case, you might like to start with 1-click hardening to improve the security of your WordPress blog. Click on the harden this site now in front of 1-click hardening to get started. Here you will see all the known issues and you can quickly click on “Harden” to fix the problem:

    Secure WordPress Website  How I Unhacked WordPress Blog Using Sucuri Security Plugin

    What I’m most interested in my particular case is, Integrity and post-hack features of this plugin.

    Using WordPress integrity & Post-Hack Features:

    There are many Post-hack features of this plugin which is useful, and the one that I loved the most is in integrity check.

    Latest modified files:

    Using Latest modified files, I can see the list of recently edited/modified files. I also have an option to “select number of previous days” to check for modified files. Here is a screenshot after running this module:

    WordPress latest modofied files  How I Unhacked WordPress Blog Using Sucuri Security Plugin

    From the above screen you could see bin-75a.php and memcache-75.php are infected files, and opening them also confirmed about the malicious injected code. I removed those files and moved to other features of this plugin.

    Check for admin accounts:

    Many times a hacker create an admin account which is hidden. Using Admin user dump feature, you can quickly list all the admin accounts and they last logins. For some reasons, last login features didn’t worked in my case, but I could see all the user accounts with admin privilege.

    Admin roles   How I Unhacked WordPress Blog Using Sucuri Security Plugin

    Now, once you have fixed all the hack issues, it’s time to update your WordPress blog WP-config Keys. Simply click on post-hack and update your WordPress config key.

    Update WordPress config Keys  How I Unhacked WordPress Blog Using Sucuri Security Plugin

    Along with all the above features, you can also see the server info, currently logged in users, all WordPress cron jobs. Over all, this plugin is useful when your blog is hacked or when you want to improve the security of your blog. You don’t have to keep this plugin active all the time, simply install and follow the above steps to harden the security and disable the plugin.

    Do let me know what methods are you using to secure your WordPress blog, and if you are using any particular plugin; I would love to know the name. If you find this tutorial informative, do share it with other bloggers of WordPress community.

    Recommended read:

    Subscribe to Download WordPress Guide Worth $99

    Discover more awesome articles

    Article by

    Harsh has written 1123 articles.

    If you like This post, you can follow ShoutMeLoud on Twitter. Subscribe to Blogging tips via RSS or EMAIL to receive instant updates.

    { 3 comments… read them below or add one }

    Gagan Jaiswal

    Really Useful Plugin !
    I also used it once to Find malicious file on my friend’s blog.

    I found BulletProof Security plugin is also good .

    Reply

    Dev Pandey

    Hi Harsh,

    Thanks for sharing this wonderful and informational post!!!
    We must always ensure that our WP account is secure. Till date i have not faced any such issue, but will ensure to have proper plugins installed to maintain the security.

    Reply

    Raspal Seni

    Hi Harsh,

    I had read about Sucuri and had even tried the service. But didn’t know they gave a free WordPress plugin. I thought, anything Sucuri must be paid to use.

    Thanks for letting everyone know how a layman can unhack their WordPress blog.

    I too would stress on backing up your blog regularly. In fact, every blogger should learn ”Ba Ba … Backup” as the first thing when starting to blog. I did.

    I use Better WP Security which is now iThemes Security and though hackers keep trying to hack into my blogs, they are locked out in 3 attempts. I don’t have any user named admin, nor a user named raspal (some hackers did try logging in using my first name).

    Will try out this Sucuri plugin and good to hear, we don’t need to always keep it enabled. Great and useful post. Thanks again.

    Reply

    Leave a Comment

    Previous post:

    Next post:

    `