As one of the most popular platforms, WordPress from time to time is attacked by trojans, malicious code, etc.
There are several articles about the security of sites created with WordPress. They also contain information about how to clean up your resource from malware. This topic is so urgent and critical that the constant discussion of it will not be usefull, but will benefit the owners of various sites.
WordPress and viruses
Beginners in the creation of sites who have just started using different CMS for work are not quite scared when they find out that their resource has been attacked by viruses. Trying to restore the normal operation of projects, they make various errors, which ultimately exacerbates the situation and in some cases results in the loss of data or the necessary files. In this article we will tell you how to study the current threats, detect them and clean the site of viruses without harming your data and content.
Make backups regularly!
Before we begin discussions about hacking the WordPress, it is extremely important to discuss the creation of backup copies. If you use WordPress and plan to have a large number of visitors, you simply have to have the habit of regularly backing up your blog. Save all the content, settings and databases to be able to completely restore all files. It will not take long, but it will help to avoid serious problems in the future. Plug-ins WP-DBManager and WordPress Backup to Dropbox will help you with this. (UpDraft plugin is also very good)
Which is better: site restoration or timely detection of a virus?
If you use certain utilities to create backup copies, for example, you have the ability to return the project to its original state. But, nevertheless, I think that this is not a good idea. Using the advantage of creating backups, without searching for and removing malicious code, will not help to solve the problem, your site will still remain in a vulnerable state. So the best solution is to find the virus, get rid of it, restore the site itself and subsequently close the vulnerability.
Malicious software is content that spreads with the intent to harm or receive your personal information. This malicious code can be substituted or inserted into design elements, plug-ins, files or database. If the site has been hacked, malicious software can get to visitors’ computers, redirecting them to various resources, also containing other viruses, or simply opening the necessary sites through frames from your site. At the moment, there are many different hacking variations, like WordPress engines, and any other sites.
Searching for infected pages
You can start the search by browsing the page for malicious code of the attackers.
- Is he visible on all pages?
- Does it appear on certain pages or messages?
- Where exactly does the malicious code appear? Is he in the footer, in the table of contents, somewhere in the content or in the side column?
- The answers to these questions will prompt you where exactly to look for the problem.
Check the design elements and plug-ins for malicious code img
The most frequently infected objects are the themes and plug-ins. You can start the code search by checking the active theme (used now) for malicious code. If you have any topics added, other than the standard one, check each one. The simplest way to verify is to copy the whole directory with themes to the local computer, then delete the entire folder with the themes from your server. Then, download from the official source a standard theme for WordPress called TwentyEleven and upload it to the server.
After completing all procedures, check the site – if the code of the attackers disappeared, then the problem was in one of the themes. Now, you can find the malicious code in the old themes folder, alternately opening each of them in a text editor. Scrolling through the code, you can notice a suspicious looking part of it and get rid of it. There is also an easier option – you can just download a new copy of the active theme from the developer’s site. Imagine a variant of the events that you could not find the virus in your templates.
Then, the next step is to find it in the plugins you use. In this case, the same method is used, which is used in the case of design themes. Create a backup copy of the plug-ins on the local computer, while removing them from the server. Next, check your site for malicious software, if it has not disappeared. If the problem is solved, then it was in one of your plug-ins. Download fresh copies of plug-ins that you have and alternately connect them. In the event that the virus reappeared after downloading and installing new copies, remove the infected plugin from your server.
The best ways to secure your themes and plugins:
- Remove unused plug-ins and themes.
- Be sure to download themes and plugins from a reliable source.
- Continually download updated versions of used themes and plug-ins.
- Do not use themes and plug-ins that are downloaded from various torrents and unofficial sites.
How to detect malicious code embedded in WordPress itself:
If you checked the themes and plugins you use, and the infection is still present on your site, the next step is to check the main WordPress files. Again, the method used in cases with themes and plugins will help. First of all, back up all the necessary files (for example, the wp-config file, the wp-content folder, as well as the .htaccess and robots.txt files).
After that, delete all files from the server, download a new archive of the engine and upload it to the server. Fill out the wp-config file with the required information. After that, check the site for viruses, if they disappear, then the problem was in the portal itself – the main files of the engine were infected. Restore from the backup copy the necessary content: images, various video or audio files.
How to protect the main WordPress files:
- Make sure that 644 permissions are set to all files.
- Do not change or move the main files.
- Everywhere use only complex passwords – to FTP, Database, WordPress, etc.
How to detect vulnerability in a WordPress database:
The next step is to check the databases. First of all, make sure that you have a backup of the database. If you regularly create backup copies, you can quickly and easily restore it to its original form, but the first thing you need to do is to make sure that the vulnerability is located in the database. Download and install the plugin to search for Exploit Scanner exploits. Run the plugin and scan the site.
The plugin to search for exploits will scan your database, the main portal files, plug-ins and themes for a suspicious code and at the end of the scan will produce results. Once the scan is over, you will need to go over the results. In the scan report, you will find a large number of false threats and warnings, so read the journal slowly and carefully. The scanner does not delete anything, so once you find the malicious code, you will need to manually remove it from the database.
If you did not create a backup copy of the database earlier, do so, even if your site was attacked and infected. To have a database with infection is better in any case than not having any backups at all. Copy the suspicious-looking code from the scan log, if found by the exploit scanner, and execute the query via mysql, as if the site is working in native mode and this request was made through phpmyadmin.
Depending on where the suspicious code is inserted, for example, articles, comments or some sections, you will need to insert it into the database you just created and see what happens in the end. If there are not so many suspicious moments in the scan results, you can easily edit the fields manually, deleting unnecessary code. In another case, if there is too much suspicious code in the database, you may want to use the Find and Replace option, but this method is quite dangerous, and if you are not sure there is a risk of losing important data.
Walked through all the points, and you ran out of ideas, where to look for the problem?
I think that most people can easily detect, study and remove a virus if their site is attacked and infected. But, nevertheless, it is quite difficult to detect a virus in certain cases. In case you tried all the above methods and so could not find out what the problem is, you can always contact the WordPress security experts – who can easily clean your site of viruses for a certain fee.
Search for the most suitable security specialist for WordPress products
There are many websites dedicated to freelancing, where you can offer a reward for helping to solve the problem. Before the final choice of candidates, pay attention to the reviews and awards that he received, and choose the most experienced and competent. You can also post offers on popular SEO forums or freelance exchanges. Be sure to make sure that the person you hire has a good reputation, feedback and work experience.
Websites on WordPress are protected as much as possible. As the owner of the site you are obliged to monitor the status of the site, use the most modern methods to protect against possible threats. Use complex passwords, regularly check access rights and create backup copies, in a timely manner clean the site of unnecessary information.