Recently got hacked on WordPress

WordPress platform for your Website are very good for Search Engine optimization and the management of your website. But you have to make sure there is no backdoor entry to your WordPress Website.

If there is a backdoor entry to the WordPress website or blog than your website is going to get hacked with a message that your website is hacked with a black screen and all contact information from the hacker.

Do not worry at this time. If you try going to your admin panel the username and password for WordPress website will stop working. If you call your WordPress developer he will be able to help you or you can follow following steps to make sure that the hacker is removed from your website.

You need to have a backup of index page of your website. If you have the backup than

Login to your hosting panel and delete the Index page of your website.

Upload the old index page from few days before. If you do not have index page than contact your hosting and tell them to put the backup from few days before. Most of the hosting keeps the backup.

Once you are logged in inside you will see the theme name is changed. Rename the theme to the theme which was before else your website will look different.

You need to again login in your hosting panel and open php mysql panel and click on wp_users table and change the email address, password of admin as well as username field to your choice

Select the toughest password possible and save it.

Once this is done you need to make sure that for future attacks your website is safe.

For this step you need to log in to admin panel and see if there is a WordPress upgrade available. If it is available than upgrade it to recent version.

Upgrade all the plugins which are going to expire soon. Once this step is done you need to protect the admin panel.

Login to your hosting account again and find .htaccess and make changes to it to protect it for future attacks in your WordPress Development

<Files ~ “^.*\.([Hh][Tt][Aa])”>
order allow,deny
deny from all
satisfy all</Files>

You can also allow only few IP addresses to access the admin panel so no one else can open the admin panel from there ip address.

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xx.xx.xx.xx

At the same time try to open robots.txt. If it not there create one file and paste below codes. This make sure that Google and other search engines cannot read this file.

User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

Check the profiles and delete all the other users in the admin panel which you do not know.

If you keep your directory listing enable than hackers can see all the file and directory structure.

# disable directory browsing
Options All -Indexes

Paste this code in .htaccess and if you follow above steps your website will be protected from hackers.

Also you can install some plugins which you can search from your admin panel and click on add new plugin and search for malware or protect wordpress website Design.

Hope this helps

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s