Tag Archives: Strange Redirects

How to Fix a Hacked WordPress Website

Problem:

When you visit your WordPress website you are randomly redirected to unwanted websites.

Verification:
  • Log in your website as an Administrator.
  • Go to Appearance >> Theme Editor.
  • Click on the Theme Functions link on the right side.
  • Verify if malicious code was injected into the functions.php file.

Example of malicious code:

<?php @ini_set('display_errors', '0'); 
error_reporting(0); 
global $zeeta;
  • Download the wp-config.php file to your machine via FTP or SSH.
  • Verify if malicious code was injected into the wp-config.php file.

Example of malicious code:

include_once(ABSPATH . WPINC . '/header.php');
      Solution:
      • Stop the website.
      • Download the whole website to your local machine.
        cd /var/hosting/huybien.com
        ls
        sudo zip -r huybien.zip /var/hosting/huybien.com/html
      Configuration:
      • Log in your website as an Administrator.
      • Change your Administrator’s password.
      • Change permissions for the html folder.
        sudo chmod -R 777 /var/hosting/huybien.com/html
      • Remove all the unused plug-ins or themes.
      • Revert permissions for the html folder and set permissions for the wp-content folder.
        sudo chmod -R 775 /var/hosting/huybien.com/html
        sudo chmod -R 777 /var/hosting/huybien.com/html/wp-content
      • Install, activate and configure a CAPTCHA plug-in to protect Login Form, Registration Form, Lost Password Form, Reset Password Form and Comment Form if there is no one.
      • Disable insecure FTP access if there is one.
      • Install and activate the Simple History plugin to review access to your website. After 1 or 2 days, review the access information, and possibly block the malicious IP addresses using the Windows Firewall.
      • Install, activate and configureĀ Cerber Security plug-in to automatically detect and block the malicious IP addresses.
      • Back up database.
        cd /home/ubuntu
        mysqldump -u root -p -h localhost huybiencomwp > huybiencomwp.sql
      • Back up files.
        cd /var/hosting/huybien.com
        ls
        sudo rm -rf huybien.zip
        ls
        sudo zip -r huybien.zip /var/hosting/huybien.com/html
      • Download files and database backup.
      • Remove the backups.
        sudo rm -rf /home/ubuntu/huybiencomwp.sql
        sudo rm -rf /var/hosting/huybien.com/huybien.zip