Fixing A Hacked WordPress Website – Case Study

Secure Your Wordpress Website

Believe it or not, on average, 30,000 websites get hacked every day. It is a sad reality that cyber attacks have become so rampant. When your website is hacked, it’s natural that the first reaction would be to panic but avoid, no doubt suffering a hack can be frustrating. But by taking a pragmatic approach and dealing with sanity, you can limit the impact.

Objective

Last month, one Friday morning, we at Rao Information Technology received a call from our regular client, complaining that their WordPress website was redirecting users elsewhere. They wanted us to regain control, clean up the site and take preventive measures.

Challenge

The client was not able to log in, and the website was not accessible to users. We had to identify problems, prevent further damage, recover all possible data and take preventive measures.

Solution

We started with assessing the severity of the attack. We were not able to access the WordPress admin panel (example.com/wp-admin), so we reset the password using emergency.php and got access to wp-admin. We installed the coming soon page/maintenance mode plugin and placed the website in maintenance mode. We scanned our client’s computer for any virus/malware, found malware, and removed it. Then made sure if the client had installed any plugin or theme or modified widget, removed the newly installed plugin. That was followed by backing up the website and labeling it as a hacked backup. Fortunately, we were able to log in to the cpanel as admin. So we changed the password of c-panel, FTP, and mail.

We inspected the website for any extra program installed, or if any piece of code was injected, we could not find any modification. We installed Sucuri as well as Wordfence and then scanned again. No issue was noticed. We notified the hosting provider about the attack and asked them to check the client’s mail account, hosting account, unusual activity, malicious script, and activity logs. We also asked them to temporarily close all connections, including automatic mailing systems, FTP, and cron jobs.

We checked and removed the admin account added by the hacker. We suspended and reset all user accounts and made a note of the credentials. We asked all users to check their computers for virus or malware. Once we were satisfied that the system and website were clean, we updated all the programs, updated plugins, and themes. We reinstalled everything that wouldn’t affect core content. Removed unused plugins and themes. Thereafter we asked our client to send new login credentials and ask them to implement a strong password. Finding and removing hacks is a tedious job as we are aware that security is a serious undertaking.

Prevention

Once we were satisfied that the website was clean, all the plugins were verified, and all the security plugins were installed. We gathered the client’s team to let them know how to prevent their site from getting hacked again. We told them that most of the time, they could prevent getting hacked again by avoiding common mistakes by plugging common loopholes. We also reported the following actions we had implemented:

  • Enforced strong password policy by using plugins like Force Strong Password.
  • Used SSL certification
  • Implemented two-step authentication
  • Password protected wp-admin directory
  • We established a limit of login attempts
  • We established limit login access to IP addresses
  • Installed plugins to keep site up-to-date

We also asked them to:

  • Stopped using unverified plugins and dodgy themes
  • Used reputable web hosting

We have asked our client to take all possible precautions and security measures possible as when unfortunate hacking happens to one’s website, it exposes users to viruses, loses search engine ranking, tarnishes site reputation, and at worst, loses all data.

Result

We were able to undo most damage caused by the attack. We also have made the website more secure.

Contact Rao Information Technology if you are looking for quick expert help to regain control over your hacked WordPress website.