Fix and Protect Your Hacked WordPress Site
Websites get “hacked” all the time, and the symptoms a site experiences as a result differs from case to case. Your website might redirect to a website you’ve never seen before, it might get flagged as malicious by Google, or it might have even developed a keen interest in improving your visitors’ sexual life through medicaments and dating websites.
No matter what your site’s symptoms, there’s almost always a cure. As a fully managed service, we’re on hand to rid your site of all malicious content, but this doesn’t stop you knowing how to do it yourself. In this post I explore how to identify and remove malicious content, and the steps you can take to make sure your site doesn’t surrender to hackers again.
A ‘403 Forbidden’ Error
If a ‘403 Forbidden’ error displays when you visit your website, it’s safe to assume that we’ve identified malicious activity and have gone ahead and disabled your site. This isn’t a decision we take lightly and we only do it if we’re certain that your site has been hacked. We disable your site to help protect other sites on the server, your brand and to reduce the likelihood of the malicious content affecting your Google ranking.
To rid your site of malicious content, you will firstly need to grant your computer access to your website. In order to do this, you’ll need your computer’s IP (the unique number that your computer identifies on the internet with). You can find out your device’s IP simply by visiting www.whatismyip.com
The underlined number is your IP. Jot this down as you’ll need to reference it later on.
Allowing Your IP Access:
To allow your IP to access your site you’ll need to make a small change to you .htaccess file. Locate your ‘File Manager’ ‘in your cloud control panel, open your public_html’ folder and then open your ‘.htaccess’ file. Once open, you should see a text file just like the one below:
The ‘deny from all’ line, is what is blocking users from visiting your site. To grant yourself access, below ‘deny from all’ add ‘allow from *enter your IP*’:
Once saved, you and only you, will be able to access your WordPress admin panel from this single device.
Identifying Malicious Content:
Now you have access to your admin panel, you can take steps to identifying and removing the malicious content from your site. To do this, we firstly recommend you install the Wordfence plugin, an excellent anti-malware solution that scans your site for ‘issues’.
Once installation is complete, Wordfence will appear in the left-hand side bar of your WordPress admin panel. Click ‘Wordfence’ then ‘Scan.’ All your websites files will now be scanned for any content that might be malicious. All identified issues will be highlighted with ‘next step’ suggestions.
If Wordfence doesn’t locate the malicious content, you can run your site through a second scan using Sucuri, an excellent third-party company that specialises in malware detection.
Also, you can always contact us and we can check for you too, or we can restore the website from a backup generated when it has been clean.
How to Prevent Future Exploits:
Keep WordPress and all your plugins updated
More often than not, one outdated plugin is all it takes for someone to exploit your website. Every single plugin and WordPress update introduces security fixes which if are not applied, leave your site open to known vulnerabilities. We strongly advise that you only use plugins from established developers, and that when an update becomes available, run it as soon as possible.
Make sure that your devices are clean
Sometimes a sneaky file might go through with a regular application that you are installing leaving access to your computer open. Common viruses include, keyloggers which send all your usernames and passwords to someone as you type and Trojans which leaves your password file visible to hackers. Run antivirus scans on all the devices you have used to access your website and as an extra precaution reset all related passwords.
Avoid plugins with known exploits
If you are about to install a new plugin, hold back for just 5 minutes. Before you go ahead and install it, carry out a simple Google search to uncover any known exploits – it could save you a lot of hassle. Take extra care to ensure that you do not download anything ‘nullified’ or from an unofficial source.
Reactivating Your Website
If you are sure your site is free from malicious content, you can now reactivate global access to your website.
This involves returning to the .htacess file in your public_html folder and removing the ‘deny from all’ line. A default WordPress .htaccess looks like the following (please note that some of your plugins might have added some content to the .htaccess file which is legitimate. This applies mostly for caching plugins):
Once the ‘deny from all’ rule is removed, your website will be fully accessible for everyone.
If you have taken the preventive measures that we discussed above, the likelihood of these or any issues you’ve experienced reoccurring is fairly slim, so reward yourself with a cup of tea or a pint. It’s not every day you fix a hacked website!