Tag Archives: Malware

How to Fix a Hacked WordPress Website

Problem:

When you visit your WordPress website you are randomly redirected to unwanted websites.

Verification:
  • Log in your website as an Administrator.
  • Go to Appearance >> Theme File Editor.
  • Click on the Theme Functions link on the right side.
  • Verify if malicious code was injected into the functions.php file. Example of malicious code:
    <?php @ini_set('display_errors', '0'); 
    error_reporting(0); 
    global $zeeta;
  • Download the wp-config.php file to your machine via FTP or SSH.
  • Verify if malicious code was injected into the wp-config.php file. Example of malicious code:
    include_once(ABSPATH . WPINC . '/header.php');
Solution:
  • Stop the website.
  • Download the whole website to your local machine.
    cd /var/hosting/huybien.com
    ls
    sudo zip -r huybien.zip /var/hosting/huybien.com/html
Configuration:
  • Log in your website as an Administrator.
  • Change your Administrator’s password.
  • Change file owner and group to www-data:
    sudo chown -R www-data:www-data /var/hosting/huybien.com/html
  • IMPORTANT STEP – Set minimum permissions for folders and files:
    cd /var/hosting/huybien.com/html
    sudo find . -type d -exec chmod 755 {} \; # directory permissions rwxr-xr-x
    sudo find . -type f -exec chmod 644 {} \; # file permissions rw-r--r--
  • Remove all the unused plug-ins or themes.
  • Install, activate and configure a CAPTCHA plug-in to protect Login Form, Registration Form, Lost Password Form, Reset Password Form and Comment Form if there is no one.
  • Disable insecure FTP access if there is one.
  • Install and activate the Simple History plugin to review access to your website. After 1 or 2 days, review the access information, and possibly block the malicious IP addresses using the Windows Firewall.
  • Install, activate and configureĀ Cerber Security plug-in to automatically detect and block the malicious IP addresses.
  • Back up database.
    cd /home/ubuntu
    ls
    mysqldump -u root -p -h localhost huybiencomwp > huybiencomwp.sql
  • Back up files.
    cd /home/ubuntu
    ls
    sudo zip -r /home/ubuntu/huybien.zip /var/hosting/huybien.com/html
  • Download database and files backup.
  • Remove the backups.
    sudo rm -rf /home/ubuntu/huybiencomwp.sql
    sudo rm -rf /home/ubuntu/huybien.zip
    ls