I will pay more attention to WordPress, but many tips will be useful to people working on other engines.
Often people come to me with a question of cleaning the site on WordPress and how to determine that the site was hacked. I’ll tell you what viruses are and how difficult it is to fight them.
Symptom one. Google message “Maybe this site was hacked”
It’s a very common story when a client arrives at a company, or directly through a blog, and says that when he finds his site in the issuance of google, he stumbles upon the message “Maybe this site was hacked.”
This message appears if google suspects, or rather is almost certain that your site was hacked. What to do and where to run in such cases? Actions are not so many, here are 5 of them:
- Clean the site of the shells and different viruses, more on this later;
- Update WordPress and all plug-ins from old versions to the latest (it’s better to do a manual update);
- Configure the protection of the site, also later I’ll tell you a bit about it;
- Check how good hosting and move to a more reliable one, I advise best hosting here;
- Check if the viruses are in the database;
Do not forget to make a backup before each action, and after all 5 stages, also make a backup, in case you failed to clean it from the first time and you need to look for more sophisticated methods of scanning the site.
If you cleaned everything up, and the error “Maybe this site was hacked” remained
I would advise you to go to Google’s Webmaster and request a second review of the site. The speed of Google Webmaster verification will depend on the degree of infection.
There are 2 degrees of complexity of infection:
- If you are flooded with malicious code through which you access the site, publish links … In general, only you are broken and only you are harmed.
- If your site is hacked and try to send out spam or break others.
In the first case, Google employees do not even check the site, as the system can do it on the machine (I had 10 minutes to several hours).
In the second case, in order to make sure that there are no threats from your site that can harm other sites, Google sends a special person who verifies the site. In the second case, the check can last 1-2 weeks.
I advise you not to delay with the cleaning of the site, as the longer you wait, the worse it will be in your search engine positions.
Symptom two. Virus redirect to another site
Such viruses are often found. You should search for such viruses in the htaccess file in the root of the site, if not, you can search for the htaccess file in other folders on the site. You can also sort out the redirect functions that can be used in different programming languages. I would advise you to scan the site for backdoors, because you somehow implemented this code. Begin to scan WordPress for viruses, clean, and change passwords.
Hidden redirect with Google or other search engines.
More complex virus with a redirect. Often a redirect is placed under a certain search engine, so it is less noticeable for the administrator, but users who come from search queries get to the site of some nonsense they are trying to sell.
I came across a virus on the WordPress site , which tried to determine on the subject what the user wanted and asked for a partner of one large resource on which there are a lot of goods of different types.
Redirection from a mobile device IPhone or Android is even steeper hidden redirect, which redirects only mobile traffic. By the end, search engines in their webmasters see this well, but in any case it is sometimes useful to go to the site from any mobile device and see how it works.
Redirection from all links is another simple to wooden, but very harmful symptom. In the first turn harmful for website promotion. This happened earlier at the dawn of the Internet, when hackers broke a lot and further often did not really know what to do with hacked sites. The first thing that came to mind, simply redirect all traffic to some kind of affiliate or try to sell goods, suddenly someone will buy something. The problem they had was that the traffic was not targeted and sales were extremely rare, in this I as an SEO specialist can assure you.
Substitution of Google contextual advertising
It was difficult to see such a virus at all, the client accidentally clicked on his advertisement and got to some left site. Very surprised and asked me to remove all threats.
The virus seemed complicated by the symptoms, but figuring out more in detail, I saw that the code there was simple. The hacker turned out to be a brilliant programmer. Removing the virus had to find a bunch of encrypted code that was scattered across all the site files. It’s difficult, but everything is already fixed.
Symptom three. Hosting complained that the site is constantly sending SPAM
Oh, this spam, the thrill of people nerves, but the returns for hackers from this type of advertising especially can not wait, since the audience is often not targeted.
What are the problems with the constant infection of the site and sending out spam?
- For Hosting it is a headache with a load on the servers,
- For Sites it is lose in search engines positions.
Everything is bad, but you can treat. Simple methods, such as updating all plugins and WordPress here will not help, everything is more complicated. Do not put the plantain on the screen and wait for it to heal! :-). Use all the tips for identifying and neutralizing the viruses described in the first symptom.
By the way, probably most of the hostings do not provide the proper protection, infection can be through their services, and if you infect such swearing, such hosting will be on the owners (you yourself will not blame!). About hosting we’ll talk a little later.
By the way, when mass mailing spam happen your site has displayed error 503, because the server lies down. I advise you to see what the server writes in the logs and what file is being processed. By the way spam, which comes constantly to your site can also be the first bell, that the site you have poorly protected or the protection has not been updated for a long time.
Symptom three. The virus inserts the code into each blog post
It’s fun so it turns out, for example, you insert a picture into a new article or a media file, and with it a code is inserted that in a hidden form substitutes the infected file. To remove such a virus, I had to go through those pieces of code that put the virus in the same place in the code, find all the fragments of the virus in the database and delete it. In general, it was fun and cheerful cleaning, all the employees sitting next to me learned a lot of new words.
How to protect a WordPress site from viruses, Here is what I do:
- Choose only reliable hosting with delimitation of rights between domains, so that hacking one site on hosting an attacker could not get to the others.
- Close user logins so that they can not be found. Often all sorts of WordPress plug-ins for forums, social networks, their stores are very good.
- Use only proven plug-ins and themes, I would advise downloading plug-ins and themes from the official repository. You can also buy themes on known marketplaces where there is code quality control. I usually buy if I use the evanto marketplace.If the wordpress template is old and you do not know how to get it from a reliable source, then it’s better not to use it and choose another one. As an alternative, you can give a theme to a cleaning specialist, but the price can be almost the same as buying a new one.
- Bought hosting, created a site and set up complex passwords is a guarantee of protection, at least from 90% of hacking. Awesome, is not it?
- Put captcha wherever there are forms. Login form, registration, password recovery, comments. So you can weed out some of the robots that can scramble passwords.
- Block requests in the address bar, which can lead to errors.
- Hide errors on the server.
- Well hide the version of the engine and the engine, as far as possible.
- From time to time, make a manual copy of the site on an external medium.
- In time, update all the plug-ins after creating a database dump and a copy of the files (and the fir-trees have not been updated for a long time, it’s better to update the version after the version).
If the WordPress site is constantly infected with viruses, it means that they missed a hole or backdoor
- If the site was infected, then do only a manual update of the system.
- Delete all inactive plug-ins and themes, all trash where there can be viruses.
- Clean all malicious code found.
- Only when all clean out, start to put protection.
It is impossible to protect from all hacking, all that has been done by a person can be hacked, but good protection can delay such hacking by 100 years.
All kinds of viruses degrade the search parameters of the site, and the owner can not even know about them until the hacker simply begins to process his site. In general, I very much wish all hackers find their niche, since people who make such a wonderful and cool code could do it for the benefit of others and themselves, do not earn from hacking sites, but offer steep services that would bring them a steady income.