Every so often WordPress sites get hacked. You want to know how hackers access your site, how to spot if your site has been hacked, and then how to fix your site if it’s hacked? That’s what you’ll explore here.
Common ways hackers gain entrance to your site
Determined hackers have many ways to gain access to your website. However, there are common ways known to grant access more easily.
Outdated free themes and plugins – Updates to themes and plugins are announced in a changelog. More often than not these disclosures includes security updates that hackers easily take advantage of having known the vulnerabilities of websites running that theme or plugin that have not been updated yet. Moreover, WordPress is updated often, and users who do not go with new updates run the risk of being vulnerable to hackers. Another security issue with free plugins and themes is that their owners have little or no incentive to plug any security holes.
Hosting – If your host has a history of poor security, your website is automatically vulnerable. A study has shown that more than 40% of security breaches originate from hosts.
Weak admin and login details – Leaving your WordPress admin login as “Admin” and then a weak password leaves you at the mercy of hackers. Since this is so easy, hackers regularly scan the Internet using software to find websites with this weakness.
PHP/database injections – Hackers could gain access to the database of unprotected WordPress websites by injecting codes into the site. This level of vulnerability gives unfettered control to the hacker. The hacker could redirect the URL of your websites, delete pages, alter content or even delete your site.
These are common channels from which hackers access WordPress sites. Next, let’s look at ways to spot these attacks on your site.
How to spot if your site is hacked
In the event of a PHP injection, Google, Bing, other search engines, and browsers would send messages to site visitors before they land on your site, warning them of the danger.
Other signs that your site has been hacked include the following.
Spam in your header or footer. This could contain illicit images/videos or illegal services, drugs, pornography, and the like. Usually, these kinds of spam will be injected into the content of your page without any considerations on presentation, so they might not be visible to any human observer since they may be dark text in dark backgrounds. However, search engines can spot these injections. Google search console may alert you of malware if this is the case.
You, site visitors, or search engines find malicious looking pages or content that you do not recognize. If you see an image like the one below, then your site is being used to host and distribute malware to your site visitors.
Your site users report being redirected to spammy or malicious websites or pages. Your site may have been used for a phishing attack. If this is the case, then you’ll see a message like the one below.
Your website host notifies you that your website is being used for spammy or malicious activities. Your site provider may take your site offline after notifying you of spam.
Fixing damages and plugging holes in your site security
Always make sure to back up your site. For ease, you want to use the WP-backup plugin for this. Basically you’ll want to back up your
- wp-content folder
Fix damages using the following options.
If you can access your plugins page, disable the plugins. Next, check if the issue has cleared. However, if you don’t have access to the plugin page, then you may rename your plugin folder by using FTP to access your blog.
After you’ve used FTP, when you load the plugins page in WordPress, all your plugins will be located and deactivated. When you rename the plugin folder, your plugin page will bring back all your plugins, and they’ll be deactivated. To find the plugin hurting your site, you would enable each plugin one after the other until you find that one.
Check your config file
If an error message saying “cannot connect to database” comes up whenever you load your site, you may use FTP to connect to the site, and then check its “wp-config.php” file to make sure that your username, password and the name of your database folders are correct.
Contact and ask your hosting provider of any database-related updates you should know about. You should only contact your hosting provider if issues persist and you’ve verified that there are no alterations in your database or admin login details.
Apart from the “wp-content” directory, most WordPress files can be safely reinstalled. To reinstall WordPress, enter your WordPress account and go to “Tools,” then choose “Upgrade” and then the re-install option. Using its built-in updater, WordPress re-installs all core files without making changes to theme- and plugin-related files.
You may also update your WordPress site using the FTP option. However, be careful not to overwrite the “wp-content” folder. For best results, upload new files, only after you’ve deleted the old files.
Repair database tables
If you’ve ascertained that your problem isn’t coming from a plugin, host or core WordPress files, then you may attempt using phpMyAdmin to repair your database tables. To do this, log into your website’s database through phpMyAdmin, and then select “Repair” from your database tables. Access your blog’s phpMyAdmin by contacting your site host.
Spotting and fixing hacks on your WordPress can be a lot of work, but the tips provided here should help you go a long way. Do you know of any useful ways to find and fix hacked WordPress sites? Please share your thoughts in the comment section below.