WordPress is undoubtedly the most preferred blogging platform in the world. WordPress is like Microsoft windows to the blogging world. Till date, this open source software powers almost 19% of websites in the world. Whenever a software gets that famous, the bad guys begin to target it. WordPress, is no exception to this trend.
I write a blog called Interview Mantra that runs on self-hosted wordpress. My website got hacked and I didn’t even come to know of it until my WordPress dashboard crashed two months after getting hacked.
When I tried to open my blog in browser, I got a trojan horse warning from my anti-virus software.
At the time when my site got hacked, I had no clue how to get this issue sorted. I wanted to get to the root of the problem and safely recover my website with minimal effort.
I viewed the html source of my blog’s homepage and found that a snippet of malicious script was attached just before the tag.
This is an encrypted script, obfuscated on purpose to hide the code. After googling for a while I found a site to decrypt this script.
This was the script after decryption:
Oh my god! This means that this script is trying to call a malicious website inside mine. And that website essentially loaded a trojan in the browser window. Now the million dollar question was, how did this script creep into the html of my blog?
A virus in my windows machine stole my FTP login credentials from the FTP client, FileZilla. Malicious scripts were used to remotely infect my website using the FTP details. I downloaded the copy of wordpress installed on my server to my local computer and compared it with a fresh copy of wordpress. To my horror, I discovered that there was an unknown script attached at the top of few php pages in WordPress application.
I manually removed the scripts from the files and FTPed the files back to the server. Typically the php files with execute permission are infected. Especially the plugin and theme php files are targeted first.
Keep in mind that sometimes, when hackers have obtained FTP access to a website, they will leave behind “backdoors” which allow them to re-infect the website after you’ve changed all FTP passwords and removed their virus from your PC. So be sure to remove all the viruses from your PC.
Below is a summary of steps that I took to recover my wordpress blog.
Steps to recover hacked WordPress blog:
- Changed my hosting account’s password.
- Changed FTP account’s password.
- Changed Database’s password.
- Even changed my primary email’s password (to be on the safer side)
- Manually removed the malicious scripts from php files.
After this experience, I’ve learnt my lessons. Here are few tips to you that can prevent your wordpress blog from getting hacked.
Tips to prevent your WordPress from getting hacked:
- Do not save your login credentials in the FTP client.
- From time to time, keep changing the passwords of your wordpress admin, FTP and hosting account.
- Use strong passwords for all your accounts, avoid common passwords.
- If possible use Linux operating system to FTP (to decrease chances of viruses).
- Be careful when you install free plugins and themes.
- Keep your anti-virus updated, in case you are using windows.
- Keep your wordpress updated to the latest upgrade.
Please note that if your blog gets hacked, the symptoms and the causes may be different from what had happened to my website.
If your wordpress blog gets hacked, don’t panic. Use the following resources to recover your website.
How to recover a hacked WordPress blog:
- Post the details of symptoms to the WordPress Community, if you notice any suspicious activities happening in your blog
- If you decide to clean it up yourself, there is a good list of steps to take, in an article at WordPress.org Codex.
I hope that this story of my blog getting hacked helps you avoid few mistakes which could otherwise cost a huge loss to your blog.
- 7 Essential WordPress security tips
- Best WordPress security plugins to protect your blog
- My top security plugins for WordPress to check hacked WordPress blogs
Have you or your friends ever faced such situation? Do let us know your thoughts and what steps do you take to prevent WordPress hacking?