WordPress is undoubtedly the most preferred blogging platform in the world.
WordPress is like Microsoft Windows for the blogging world. To date, this open source software powers almost 30% of all websites in the world.
Whenever a software gets that famous, the bad guys begin to target it. WordPress is no exception to this trend.
I write a blog called Interview Mantra that runs on the self-hostedWordPress platform. My website got hacked and I didn’t even come to know of it until my WordPress dashboard crashed two months later.
When I tried to open my blog in a browser, I got a trojan horse warning from my anti-virus software.
At the time, I had no clue how to get this issue sorted out. I wanted to get to the root of the problem and safely recover my website with minimal time and effort.
I viewed the html source of my blog’s homepage and found that a snippet of malicious script was attached just before the tag.
This is an encrypted script obfuscated on purpose to hide the code. After Googling for a while, I found a site to decrypt this script.
This was the script after decryption:
Oh my god! This means that this script is trying to call a malicious website from mine.
And that website essentially loaded a trojan in the browser window.
Now the million dollar question:
- How did this script creep into the html of my blog?
What happened was a virus in my Windows machine stole my FTP login credentials from my FTP client, FileZilla.
Malicious scripts were used to remotely infect my website using the FTP details. I downloaded a copy of the WordPress installed on my server to my local computer and compared it with a fresh copy of WordPress. To my horror, I discovered that there was an unknown script attached at the top few php pages in my WordPress application.
- I manually removed the scripts from the files and FTPed the files back to the server.
Typically, the php files with execute permissions are the most commonly infected. This is especially true for the plugin and theme php files.
Sometimes when hackers have obtained FTP access to a website, they will leave behind “backdoors” which allow them to re-infect the website after you’ve changed all FTP passwords and removed their virus from your computer.
- So be sure to remove all the viruses from your computer.
Below is a summary of steps that I took to recover my WordPress blog.
Steps to recover hacked WordPress blog:
- Changed my hosting account password.
- Changed FTP account password.
- Changed Database password.
- Even changed my primary email’s password (to be on the safe side).
- Manually removed the malicious scripts from the php files.
After this experience, I’ve learned my lesson.
Tips to prevent your WordPress blog from getting hacked:
- Do not save your login credentials on the FTP client.
- From time to time, keep changing the passwords of your WordPress admin, FTP, and hosting accounts.
- Use strong passwords for all your accounts and avoid common passwords.
- If possible, use a Linux operating system to FTP (to decrease the chances of viruses).
- Be careful when you install free plugins and themes.
- Keep your anti-virus updated.
- Keep your WordPress updated to the latest upgrade.
Please note: If your blog gets hacked, the symptoms and the causes may be different from what happened to my website.
If your WordPress blog gets hacked, don’t panic.
Use the following procedure to recover your website.
How to recover a hacked WordPress blog:
- Post the details of the symptoms in the WordPress community.
- If you decide to clean it up yourself, follow this article at the WordPress.org codex.
I hope that this story of my blog getting hacked helps you avoid the same mistakes which could potentially lead to serious damaging of your WordPress blog.
Also, check out:
- 7 Essential WordPress Security Tips
- Best WordPress Security Plugins To Protect Your Blog
- My Top Security Plugins For WordPress To Check Hacked WordPress Blogs
Have you or your friends ever faced such situations? Do let us know your thoughts and what steps you take to prevent WordPress hackings.