Solutions for hacked WordPress websites

In our daily WordPress theme after-sales work, users often report problems with the website, such as: Alibaba Cloud prompts for a backdoor Trojan file; it jumps to other addresses after opening; the page appears garbled; other content is added, etc. According to our experience, this is usually caused by the website being hacked.

How to confirm whether the website has been hacked

Based on past experience, it can be judged in the following ways:

1. If Alibaba Cloud prompts that there is a backdoor Trojan file, it can basically be confirmed;

2. It is very possible that the website is maliciously redirected to other addresses, especially if it jumps for a while but does not jump for a while, or if it jumps from Baidu but does not jump when entering normally;

3. The website is indexed by search engines with abnormal content that was not added by yourself, and may also be hacked;

4. If there are other abnormal situations, it is recommended to enter the website directory and see if there are other new abnormal files (not wp system files, nor uploaded by yourself. For details, you can download the original wordpress and unzip it and look at the files inside. list comparison);

5. If you have a certain understanding of PHP, you can sort the website files according to time, look at the recently modified PHP files, and open some at random to see if any of them are obfuscated and encrypted. code or other abnormal code.

Solutions to being hacked

Currently common backdoor malicious codes will not only appear in one file, but will infect many files and generate many new malicious backdoor files. They may be placed in any directory, so manual inspection is very costly and also There will be omissions. We generally recommend reinstalling the website directly and then restoring the backup. The operation is as follows:

1. First back up all the files in the root directory of the website. If you are familiar with WordPress operations and confirm that there are no other files that need to be backed up, you can also back up only the uploaded attachments directory (normally it should be the wp-content/uploads directory) ;
2. Delete all files on the website;
3. Download the latest version of WordPress from the official website and re-upload it to the root directory of the website;
4. Find the previous backup data and restore the upload attachment directory in the backup data to the website directory (normally it should be the wp-content/uploads directory. It is recommended to randomly check whether there is PHP in the directory. Suffixed files, if any, may even have backdoor files in the attachment directory, and these PHP files need to be deleted);
5. Access the website address and you will enter the installation page. After configuring the database information according to the prompts, it will prompt that it has been installed. Then use the website account and password to log in to the backend;
6. Install previously used themes and plug-ins from the theme/plug-in official website channels

Daily preventive measures

1. Try to make the administrator account password as complex as possible. It is not recommended to use the default admin;
for the user name.
2. It is recommended to keep wordpress, themes, and plug-ins updated to the latest version, as lower versions may have security vulnerabilities;
3. Download and install wordpress, themes, and plug-ins from official official website channels. It is especially not recommended to use cracked and pirated resources;
4. Regularly back up website files and databases to facilitate timely recovery if problems arise;
5. You can install some security protection plug-ins;

Recommended site search: server, mobile server rental, overseas host, Korean cn2 server, server rental US high defense, Hong Kong domain name registration, how to register domain name, apply for free space and domain name, vip domain name, mobile proxy ip,