Repairing A Hacked WordPress Site

  • yourcivillaw

    (@yourcivillaw)


    8 years, 4 months ago

    I have a self hosted WordPress site that has been hacked, seemingly beyond repair. Around 50 php scripts run at the same time and each time I reset them they run again. Disabling all plug ins merely cuts this activity down, but fails to stop it. It’s so bad the site is constantly down.

    I have a back up, but I believe this to be infected as well, as this PHP script has been a problem for months but never this bad.

    As all attempts I have made to stop it have failed, I was thinking of reinstalling WordPress from scratch with a fresh database and new password.

    If I backed up all posts and pages inside the admin panel of the damaged site, would I be able to upload them into a fresh install of WordPress with a totally different database name?

    Would all my links continue to work, and my search results remain in Google?

    Are there any problems I would experience from doing this I haven’t considered?

Viewing 3 replies - 1 through 3 (of 3 total)
  • superkot

    (@superkot)

    8 years, 4 months ago

    If you set up your new site at the same address, of course your links are going to continue to work.

    And nothing happens to your search results either, it takes some period of unavailability for the page to be lost from search results.

    You could try migration plugins like All in One WP Migration.

    It is really simple to use, and you can choose, which parts of your site to migrate. Make sure your plugins are excluded from migration, and media files – you can migrate manually (the free version of plugin allows to migrate file that is sized less than 500 Mb).

    So make a back up, test results at separate clean install – see that all your data is migrated, after that you can delete your original site, reinstall clean WP and restore it from the back up.

    However, there is no such thing as “beyond repair”.
    Disable All of your plugins. Install Wordfence and run full scan at maximum suspicious settings. Unless malicious scripts affect Wordfence (there is a possibility), it’ll show and help you repair all files in the WP installation. If that works, there wont be a need for anything else.

    latro666

    (@latro666)

    8 years, 4 months ago

    This should work in theory.

    The issue you might have is if the infection has modifed any of these posts to have dodgy JavaScript in them.

    You have to consider your theme files to be compromised too. If you are using one of the stock WP themes thats fine but if not you need to be careful.

    You have to also consider before the hacking that your theme was the route in. Especially if its a 3rd party one with complex functionality.

    The most common plugs to fill:
    – insecure plugins
    – insecure theme
    – FTP hacked
    – WP login hacked and DISALLOW_FILE_EDIT not in place

    Using something like WordFence to do a scan will help and as always the standard:
    https://codex.wordpress.org/FAQ_My_site_was_hacked

    • This reply was modified 8 years, 4 months ago by latro666.
    • This reply was modified 8 years, 4 months ago by latro666.
    Thread Starter yourcivillaw

    (@yourcivillaw)

    8 years, 4 months ago

    Thank you for those very helpful replies. Having read them I now realise that it is almost certain to be the theme where the issues lie. The first thing I tried doing was switching the theme over to an earlier theme. The dashboard then came up with a tone of text errors all over it.

    If I succeed in switching themes and delete the hacked theme files is there a possibility the error will persist?

    I didn’t know about Wordfence. Instead I paid my host for a months worth of the same type of thing. I had them install it last night and within a few hours it had opened a ticket about a potential malware issue, which was in turn upgraded to a senior analyst to look at. I haven’t heard from them since but they did tell me it could take up to 72 hours. I’m wondering if I should wait that long before going back into the dashboard, changing theme files and running wordfence myself. I’m with a very reputable host but I just don’t know how effective their methods are likely to be and meanwhile my site remains down.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Repairing A Hacked WordPress Site’ is closed to new replies.