Home / Technology / Cleanup a hacked wordpress site
hacked_wp_featured

Cleanup a hacked wordpress site

Getting hacked is the worst nightmare anyone could have. And having been experienced it already is even more horrifying ! Yes you got me right, my website was hacked maybe a month since I moved to WordPress. Lucky that it wasn’t a large scale one, but still no body would like that. Lucky enough that my users,friends,colleagues didn’t get to know about it.(Even if they did, no body informed me for whatever reason maybe)

Anyways, after going through a bunch of articles, realized that this was kind of a common hack. What this hack did was, it replaced the 404 error page with a script that would do nonsense stuff instead of displaying the error.

First of all, finding this is a real hectic job. I as an experienced and *professional* web developer straight away started with checking the .htaccess files for any infiltration. Found nothing. Moved to checking the logs, checking the databases. After seeing the error, realized that this generated every time a wrong/invalid link was opened. Hence, realized there was some fault with the 404 error page. Quickly checked the default 404 page and everything looked alright.

Then realized that every theme in WordPress has its own 404 page. One can look for it under Appearance -> Theme Editor / Editor.

Locating the theme specific 404 page.
Locating the theme specific 404 page.

Once you get here, you will immediately recognize that something is horribly wrong with the code. Until unless you are extremely newbie, you will definitely find something fishy. For all the newbies, if you find any suspicious links to other website, some erratic codes that are not at all related to your website’s functionality then there’s a problem.

Simply deleted the contents from this file. If you have the original files, replace the contents and voila, votre site est claire ! aka your website is clean !

But, if the hack is something else, the only option would be to backup all the contents, databases, themes etc basically the whole WordPress folder. Delete the directory and install a fresh copy of WordPress. Simply upgrading the package won’t do the job, as it only updates the WP files and hence may leave the infected files as it is.

So, as it is said, Person learns from his experiences. This was probably the most horrifying experience I’ve ever had. But nevertheless, another experience added to my mountain of experiences !

Feel free to contact in case of any queries !

About Atulmaharaj

Maintaining the blog for the past 3 years, I'm a Foodie, Techie, Cricket Enthu, Traveler, Blogger and a Cook ! You'll find posts within a wide range of topics from food to technology. Favorite Quote: "Traveling is like reading a book, one who hasn't traveled, hasn't turned a page.
  • Jenny

    Sorry to hear about your horrifying experience! My site was also defaced by hackers for a week before my customers told me about it. The site monitoring service that I was using didn’t check for content. It just pinged the server to make sure that it’s alive.

    I then switched to Content Site Monitor (http://www.contentsitemonitor.com) which allows me to specify content keywords that I want to check. Now I get email notification when the content is missing (or when the site is down) and I get another notification when the site is back up and running again.

    You should sign up for a free account and use it to monitor your website.

    • Hmm…sounds good. Will definitely have a look at it. Thanks !

  • Thank you for sharing,this is a nice and helpfull post.Here fixrpress.com is also providing the best service for hacked wordpress site. If any body have hacking problem, then he/she can contact us.Fixpress is one of the leading companies who provide answers to all your questions related to hacking especially this one, how to fix a hacked WordPress website?

Get Amazing Stories

Get a weekly digest of all the posts from the blog delivered right to your inbox, just a click away, Sign Up Now - We promise, we'll never spam.
Name
Email address
Secure and Spam free...
%d bloggers like this: