The main causes of a hacked site:
– Set password easy to remember should be brute force password
– Hosting information is the same as above
– Server OS is buggy and too old to be exploited
– Install plugins or themes that have bugs + shell and have not been updated for a long time
– OS Your user is infected with a virus and directly infects the OS and FTP Client.
How to fix and restore the site, do sequential (if lucky and database + folder uploads):
– First export the database to backup.
– Go to the wp-content / plugins folder to save a list of currently used plugins.
– Change the password hosting (including ftp and cpanel management if any), if using vps, you usually use the root account, then change the root password and it is best to add the change ssh port of vps.
– Change mysql password if the hosting contains many databases, it will also change all the corresponding databases (this step applies to both vps and hosting).
– Delete all existing code leaving only the wp-content / uploads folder, this folder contains static files (mostly image files or non-php files) then download this folder and use search programs with the extension .php to delete php files which are usually shell files uploaded or hidden in this folder.
– Install a fresh version of wp (download the installer from wordpress.org) at localhost and import the backed up database file in the first step, change the settings in wp_config.php to match the imported database (usually just prefix only).
– Go to phpmyadmin, check the wp_users table to see if there is any suspicious account and have administrator rights, one is to delete it if you don’t know whose acc, 2 is to know, then change the password (note that this needs to confirm the known user Who is it and the user is sure that the email is not exposed password and the computer is not infected with viruses because of admin rights, of course, you can request the password via mail and upload the shell as if it is a problem)
– Copy or move the uploaded uploads folder above Go to wp-content / (overwrite if necessary).
– Review the list of plugins recorded in the previous step and download at the trust sources (the newer version the better) and copy to the wp-content / plugins folder
– Log into wp-admin and check all Last thing then backup and try to upload to hosting to complete the process of restoring the site.
In addition, you can install some additional security support plugins as follows:
- iThemes Security: this plugin has a basic firewall function that blocks requests such as bruteforce password, hide wp-admin login link, disables php execution in the uploads folder (this only supports the server that is running apache) ), admin’s after-hours idle mode means that you cannot log in for a period of time even if the password is correct, the blacklist ip, scheduled scan files and notification of database-related changes as well as physical files, etc. cloud and cloud so much …
- Sucuri: the reporting function changes the database and the file almost as above, the basic firewall. They have the WAF paid version, they have full firewall on bruteforce and ip blacklist, in addition to the type of periodic scanning mode and site error fix if hacked always as a service.
Backup plugins can be used to backup sites or databases:
- BackupBuddy: supports periodic backups of files + databases that support the form of sending email attachments or on Gdrive, Onedrive, Dropbox …
- Updraft Plus as above use 1 of 2 =. =
Note that if the original plugin clearly contains bugs already available, all the above methods will be meaningless.