Any website which is hosted on a web-server is always vulnerable to hacking, and as a webmaster, it’s our role to implement all the best practices which increase the security of our website.
The wise men once said “Prevention is better than cure” and the best prevention in terms of WordPress security is to have a daily back-up of your blog.
Anyways, this post is not about WordPress backup plugins but about one blog that was hacked and I recently used one plugin to remove the hacked files from the blog.
Since this plugin was free and I find it to be very effective for any non-technical user, I’m sure you will find it useful in your rainy days.
To start with, one of my client blogs was hacked by a hacker and his website was blocked by Google as it may spread malicious code.
My non-technical client was in a fix, and he contacted me to look into the issue. When a WordPress site is hacked, I usually start by looking into the files which were recently modified, as this helps me to find the files injected with malicious code.
Though this is not 100% proof, as it’s really hard to find all the malicious infected file.
Meet Free Sucuri WordPress plugin:
Sucuri WordPress plugin is a security and post hack WordPress plugin. You can use it right away to fix some of the common security issues like hiding WordPress version, restrict access to WP_content, WP_includes and so on. Once your site is hacked, you can use this plugin to find modified files, outdated addons on your blog, update wp-config files and so on.
Let’s start with the first feature which will let you harden the security of your WordPress blog. Go ahead, install and activate the Sucuri WordPress plugin.
Download and install the Sucuri WordPress plugin
Once you have activated the plugin, you can check the settings from Sucuri-free > Sucuri scanner:
In your case, you might like to start with 1-click hardening to improve the security of your WordPress blog.
Click on the harden this site now in front of 1-click hardening to get started. Here you will see all the known issues and you can quickly click on “Harden” to fix the problem:
What I’m most interested in my particular case is Integrity and post-hack features of this plugin.
Using WordPress integrity & Post-Hack Features:
There are many Post-hack features of this plugin which is useful, and the one that I loved the most is in the integrity check.
Latest modified files:
Using Latest modified files, I can see the list of recently edited/modified files.
I also have an option to “select the number of previous days” to check for modified files. Here is a screenshot after running this module:
From the above screen, you could see bin-75a.php and memcache-75.php are infected files, and opening them also confirmed about the malicious injected code. I removed those files and moved to other features of this plugin.
Check for hidden admin accounts:
Many times a hacker create an admin account which is hidden.
Using the Admin user dump feature, you can quickly list all the admin accounts and last logins. For some reasons, last login features didn’t work in my case, but I could see all the user accounts with admin privilege.
Now, once you have fixed all the hack issues, it’s time to update your WordPress blog WP-config Keys.
Simply click on post-hack and update your WordPress config key.
Along with all the above features, you can also see the server info, currently logged in users, all WordPress cron jobs.
Over all, this plugin is useful when your blog is hacked or when you want to improve the security of your blog. You don’t have to keep this plugin active all the time, simply install and follow the above steps to harden the security and disable the plugin.
Do let me know what methods are you using to secure your WordPress blog, and if you are using any particular plugin; I would love to know the name. If you find this tutorial informative, do share it with other bloggers of the WordPress community.