WordPress malware removal service

Hacked Hacked

WordPress websites can be some of the most vulnerable for getting hacked because of the popularity of the platform. Most of the time when people reach out for help, it’s because their site was hacked once, they fixed it–and then it was hacked again.

“Why did my WordPress website get hacked again after I fixed it?”

When your WordPress site gets hacked for a second time, it’s usually due to a backdoor created by the hacker. This backdoor allows the hacker to bypass the normal procedures for getting into your site, getting authentication without you realizing. In this article, I’ll explain how to find the backdoor and fix it in your WordPress website.

So, what’s a backdoor?

A “backdoor” is a term referring to the method of bypassing normal authentication to get into your site, thereby accessing your site remotely without you even realizing. If a hacker is smart, this is the first thing that gets uploaded when your site is attacked. This allows the hacker to have access again in the future even after you find the malware and remove it. Unfortunately, backdoors usually survive site upgrades, so the site is vulnerable until you clean it completely Joomla malware removal service.

Backdoors may be simple, allowing a user only to create a hidden admin user account. Others are more complex, allowing the hacker to execute codes sent from a browser. Others have an entire user interface (a “UI”) that gives them the ability to send emails from your server, create SQL queries, etc.

Where is the backdoor located?

For WordPress websites, backdoors are commonly located in the following places:

1. Plugins – Plugins, especially out-dated ones, are an excellent place for hackers to hide code. Why? Firstly, because people often don’t think to log into their site to check updates. Two, even if they do, people don’t like upgrading plugins, because it takes time. It can also sometimes break functionality on a site. Thirdly, because there are tens of thousands of free plugins, some of them are easy to hack into to begin with.

2. Themes – It’s not so much the active theme you’re using but the other ones stored in your Themes folder that can open your site to vulnerabilities. Hackers can plant a backdoor in one of the themes in your directory.

3. Media Uploads Directories – Most people have their media files set to the default, to create directories for image files based on months and years. This creates many different folders for images to be uploaded to–and many opportunities for hackers to be able to plant something within those folders. Because you’d rarely ever check through all of those folders, you wouldn’t find the suspicious malware.

4. wp-config.php File – this is one of the default files installed with WordPress. It’s one of the first places to look when you’ve had an attack, because it’s one of the most common files to be hit by hackers.

5. The Includes folder – Yet another common directory because it’s automatically installed with WordPress, but who checks this folder regularly?

Hackers also sometimes plant backups to their backdoors. So while you may clean out one backdoor… there may be others living on your server, nested away safely in a directory you never look at. Smart hackers also disguise the backdoor to look like a regular WordPress file.

What can you do to clean up a hacked WordPress site?

After reading this, you might guess that WordPress is the most insecure type of website you can have. Actually, the latest version of WordPress has no known vulnerabilities. WordPress is constantly updating their software, largely due to fixing vulnerabilities when a hacker finds a way in. So, by keeping your version of WordPress up to date, you can help prevent it from being hacked.

Next, you can try these steps:

1. You can install malware scanner WordPress plugins, either free or paid plugins. You can do a search for “malware scanner WordPress plugin” to find several options. Some of the free ones can scan and generate false positives, so it can be hard to know what’s actually suspicious unless you’re the developer of the plugin itself.

2. Delete inactive themes. Get rid of any inactive themes that you’re not using, for reasons mentioned above.

3. Delete all plugins and reinstall them. This can be time-consuming, but it wipes out any vulnerabilities in the plugins folders. It’s a good idea to first create a backup of your site (there are free and paid backup plugins for WordPress) before you start deleting and reinstalling.

4. Create a fresh .htaccess file. Sometimes a hacker will plant redirect codes in the .htaccess file. You can delete the file, and it will recreate itself. If it doesn’t recreate itself, you can manually do that by going to the WordPress admin panel and clicking Settings >> Permalinks. When you save the permalinks settings, it will recreate the .htaccess file.

5. Download a fresh copy of WordPress and compare the wp-config.php file from the fresh version to the one in your directory. If there’s anything suspicious in your current version, delete it.

6. Lastly, to be completely sure your site has no hack (outside of using paid monitoring services), you can delete your site and restore it to a date that the hack wasn’t there from your hosting control panel. This will delete any updates you’ve made to your site after that date, so it’s not a great option for everyone. But at least it cleans you out and provides peace of mind.

Scanner Scanner

If you never heard about malware attacks, it means you’re living under a rock. After highly devastating Nimda and Bagle worms that brought Internet to knees, and the explosion of rogue security scams like XP antivirus and Antispyware Master, it’s obvious that sooner or later every PC user faces the need to remove malware.

Literally hundreds of all kinds of software, tools and utilities are sold promising to clean out every possible infection. However, most of the advertised products never deliver, and the rest cannot guarantee the 100% detection and removal rate.

Purchasing several programs (antivirus, antispyware, antispam, etc) sure helps in removing malware, but the price easily goes beyond $100, not speaking about yearly subscription update. Many computer owners have reasons to consider this price unacceptable website malware removal service.

A common myth about PC security is that having antivirus program updated with latest malware definitions is enough to protect the computer. But being as focused as they are, antivirus programs easily miss a number of other types of malware, which are simply exuberant these days. The terms itself includes well over a dozen of threats, from phishing to identity theft, which is much broader than a virus definition.
That’s why it should be remembered that no antivirus is capable of detecting every malicious program, and one or another pest may one day find its way to sneak into the system. Then the question rises, “how to remove malware once it is inside?”

I am not going to tell you to buy yet another cool software. One a single occurrence of infection takes place, it’s just not justifiable to spend money to do the job that takes less than 5 minutes to complete. Once you know what free malware remover can do a full system cleaning.

Command-line scanners provided by software manufacturers are powerful, yet free tools built on the code of their main anti-malware programs with which they share the pest definitions and detection algorithms. You shouldn’t be afraid of the term “command-line scanner” because it’s really easy to use, and requires minimum input on user’s part.

Command-prompt based malware removal tools require no installation, that’s why they are very helpful when due to system corruption no new software can be installed (at this stage, users often bring their computers to repair men, where leave outrageous sums of money to get PC’s fixed, not speaking about the time their computers are left without service). A little command-line scanner detects and removes a wide variety of infections:

rootkits
dialers
spyware
adware
Trojans
Worms
All that’s needed to start the malware removal process is download the archive from manufacturer’s website, unpack it, and run the command prompt. Then, type in the string of commands to instruct the program how to handle infections, and hit Enter. It’s easier than configuring desktop antivirus software, really!

Providing you have a decent antivirus protection, a second layer of PC security is all you need for safe surfing. Run a test with command-line scanner to explore a non-GUI component, critical to your PC security.

Learn how to use a-squared command-line free malware removal tool to get rid of spyware, adware, dialers, rootkits, worms and other infections.