How to Fix a Compromised WordPress Website

Aug 4, 2010   //   by Les Proctor    Software & Apps, Wordpress  //  1 Comment

Do you have a compromised WordPress Website?

compromised wordpress website

Have you been hacked recently?

If you have a compromised WordPress Website that has been hacked recently and affected by malware, you are not alone, particularly if you’re on a shared server (like the Rackspace Cloud, or Godaddy for example).

These attacks are not specific to any particular hosting company or to WordPress. These malware attacks can affect any website running out-dated software hosted by any company.

I have 20+ WordPress websites hosted on The Rackspace Cloud (about which by the way I am a “raving fan”). And several of my sites, along with innumerable others, were the target of malicious hackers. Rackspace has been great throughout this whole process. And they reminded me ‘why it’s important to implement security measures in the first place‘ and keep my software updated with the most recent patches.

An ‘ounce of prevention is definitely worth a pound of cure’. But what are you supposed to do if you’ve been hacked? How do you fix a compromised WordPress Website?

How to fix a compromised WordPress website

If you’ve got a compromised WordPress website, the first thing you need to do is to get a snapshot (“Go to .snapshot”) of your WordPress website and restore the last known files that were working to your webserver so you can see the Website and access the Admin. If you’re able to do that, then here’s what you want to do next…, along with two great plugins to make your life much easier:

Upgrade to the latest version of WordPress

  1. Update your .htaccess file in the root folder to memory permissions to 128K (‘php_value memory_limit 128M’)
  2. Update to the latest version of WordPress
  3. Update all your plugins to the latest stable version

Secure your website with .htaccess security (Bulletproof Security)

Protects your website from ALL XSS & SQL Injection hacking attempts. Protects wp-config.php with .htaccess protection. One-click .htaccess security file activation. By Edward Alexander.

  1. Install .htaccess security at both the wp-admin folder and the root folder.
  2. Protect your wp-config.php file.

Secure your website some more and clean it (WP Cloud Sites WP Scanner)

With this plugin you can easily adjust your file permissions on Rackspace Cloud Sites hosting for a more secure installation. Includes tools to look for and eliminate other common exploits in the cloud, looking for hidden php files, non-core files, modified core files, auto loading options with malicious code, and posts/pages injected with javascript. By Jackson Whelan.

  1. Adjust your file permissions correctly on your entire website, and then revert while upgrading.
  2. Scan options, tables, and posts for malware and transient feeds.
  3. Search for Hidden Files and Modified Core Files

Secure both the website and your MySQL database for maximum protection

  1. Change your passwords for both FTP and your MySQL database (you do this in your control panel and in your wp_config.php file)
  2. Change the main admin’s user name from admin to something else unique to you (you do this through phpAdmin on the wp_users table).
  3. Change the prefix on the tables in the MySQL database from “wp_” to “wpxx_” (you do this through phpAdmin and your config.php file, where xx is a variable you choose) tightens the security on your install immeasurably.  **

**If this is too technical for you, then you need a web developer to help you fix this. Please feel free to contact me. I’d be glad to help.

Ok so hopefully by doing this you’ll be able to restore your compromised WordPress Website, secure it, and clean it so it’s the way it was prior to the attack. If not, if you were unable to restore it, then the last resort is to perform a clean WordPress re-install to your backed up MySQL database.

Many thanks to Jackson Whelan, Edward Alexander, and particularly Josh Prewitt from The Rackspace Cloud (Rackspace is known for their fanatical service, so the bar is already set pretty high–Josh went way above and beyond the call of duty–thank you Josh!), so I can now move on to other projects.

Again,  Rackspace Cloud, “I’m a raving fan of your fanatical support. I wish all of my vendors were like the Rackspace Cloud. My life would be 100% stress-free!”

If you need help fixing a compromised WordPress website, please contact me today.

Tags: ,

About Les Proctor

I'm a marketing consultant and I work with executives and and managers at small to medium-sized companies–real people who have a *big need* to do a lot with limited resources. I help them accomplish their goals and make more money with ideas and actions that produce results.

1 Comment

  • BizSugar.com August 4, 2010 at 9:42 am

    How to Fix a Compromised WordPress Website…

    If your WordPress website has been affected by malware, you are not alone, particularly if you’re on a shared server (like the Rackspace Cloud, or Godaddy for example). These attacks are not specific to any particular hosting company or to WordPress. T…

    Reply

Leave a comment