In this article, I will pay more attention to WordPress, but many of the tips mentioned below will be also useful to people who work with other engines.
People often contact me with the task of cleaning their WordPress site and ask how to determine that the site has been hacked. I will tell you what viruses are, and how difficult it is to fight them.
The first symptom. Google message “This site may have been hacked”
It`s a very common story when a client comes to a firm, or contacts me directly and says that he found his site in the Google search results, and saw the message “Perhaps this site was hacked.”
This message appears if Google suspects (or rather is almost certain) that your site has been hacked. What to do and where to run in such cases? There are not so many actions, there are only 5:
- clean the site from shells and various viruses (more on that below);
- update WordPress and all plugins to the latest available versions (it’s better to do a manual update);
- configure site protection (I will also tell you more on that below);
- check how reliable the hosting is and transfer to a more reliable one, I recommend hosting com as before;
- check if viruses are in the database;
Do not forget to make a backup before each action, as well as after all 5 stages, also make a backup, in case you couldn`t clean your site after your first attempt and need to look for more sophisticated methods of scanning the site.
In case you cleaned everything, but the error “This site has been hacked” remains
My advice would be to go to Google’s Webmaster and request a site re-check. The scanning speed of Webmaster Google will depend on the degree of infection.
There are 2 degrees of infection complexity:
- If you are flooded with malicious code through which hackers gain access to the site, publishing links… In other words, only your site is hacked and only you are harmed;
- If your site is hacked and hackers trying to send out spam or break others.
In the first case, Google employees do not even check the site, as the system can do it automatically (it takes from 10 minutes to several hours).
In the second case, in order to make sure that there are no threats from your site that can harm other sites, Google sends a special person who checks the site. In the second case, the check can take 1-2 weeks.
I advise you to clean your site ASAP, because the longer is delay, the worse your position in search engines will be.
The second symptom. Virus redirects to another site
Such viruses are being found all the time. It is necessary to search for such viruses inside the htaccess file at the root folder of the site – if it is not there, then you can search for the htaccess file in other folders of the site. You can also iterate over the redirect functions that can be used in different programming languages. I would advise you to scan the site for backdoors – аs this code been implemented into your website somehow. Start scanning WordPress for malware, cleaning, and changing passwords.
Hidden redirect from Google or Bing
A more complex virus with a redirect. Often a redirect is placed under a specific search engine, so it is less noticeable to the administrator, but users who come from search queries, get to the site of some kind of nonsense, that tries to be sold to them.
“I saw a virus on a WordPress site that tried to determine approximately what user needs by topic, and showed him an affiliate program of one large resource, which had a bunch of different products”
A redirect from an iPhone or Android mobile device is even tougher disaster that only redirects mobile traffic. Luckily, search engines in their webmasters can see this well, but in any case, it is sometimes useful to go to the site from any mobile device – to see how it works.
A redirect from all links is another simple, but very harmful symptom. First of all, it is harmful for website promotion. This happened before at the dawn of the Internet, when hackers been hacking many sites, and then often did not really know what to do with them. The first thing that was coming to mind was to simply redirect all traffic to some affiliate program, or try to sell by force the product – to make someone buys something. The problem they had was that the traffic was not targeted and sales were extremely rare – I can assure you of this as SEO specialist.
Substitution of Google and Bing contextual advertising
It was generally difficult to see such a virus, as customer accidentally clicked on their ad and landed on some left-handed site. He was very surprised, and asked me to remove all the threats.
The virus seemed complex in terms of symptoms, but after digging in more details, I saw that the code there was simple. The hacker turned out to be a genius programmer. After removing the virus, I still had to find a bunch of encrypted code that was scattered across all the files of the site. The task was not an easy one, but everything`s already fixed.
Symptom three. Hosting complained that SPAM is constantly being sent from the site
Oh spam… It is a thrill of nerves for people, but the return for hackers from this type of advertising can hardly be expected, since the audience they get is often not the target audience.
What problems arise with the constant infection of the site and sending spam?
- For hosting it is a headache with the load on the servers;
- For sites it is subsidence in search engine results.
Everything is bad, but you can heal it. Simple methods, like updating all plugins and WordPress will not help here, as everything is more complicated. Use all the tips for detecting and neutralizing malware described in the first symptom. By the way, probably most of the hosting sites do not provide adequate protection, as “infection” can be caught through their services, but when your site is infected, such hosting sites will blame the owners (as they cannot blame themselves! :). We’ll talk about hosting a little later.
By the way, when sending mass spam, you may just have error 503 displayed on the site, since the server goes down. I advise you to look at what the server writes in the logs, and which file is being processed. And for note – spam that comes constantly to your site can also be the first call that your site is weakly protected, or that the protection has not been updated for a long time.
Symptom four. The malware inserts a code into every blog post
It is funny, when, for example, you insert a picture or some kind of media file into a new article in the admin panel, and with it a code is inserted that in a hidden form substitutes the infected file. To remove such a virus, I had to go through the pieces of code that the virus inserted, find similar places in the code, use them to find all the fragments of the virus in the database and delete it. In general, cleaning was fun and perky, all the employees sitting next to them learned a lot of new bad words…
How to protect your site from viruses with WordPress – this is how I do it
- Choose only reliable hosting with differentiation of rights between domains, so that by hacking one site on the hosting, an attacker cannot reach the rest.
- Close user logins so that they cannot be found. Often all sorts of WordPress plugins for forums, social networks, stores display them very well.
- Use only proven plugins and themes – I would advise you to download plugins and themes from the official repository. You can also buy themes from well-known marketplaces that have code quality control. I usually use the Envato marketplace if I want to buy something.
If the website theme is old and there is no way to get it from a reliable source, then it is better not even to use it and to pick another one. As an alternative, you can give the theme for cleaning to a specialist, but the price for service can be almost the same as buying a new theme.
- Buy secure hosting, create a website and set up complex passwords – three actions mentioned above is a guarantee of protection from at least 90% of hacks. Impressive, isn’t it?
- Put Captcha wherever there are forms. Login forms, registration forms, password recovery forms, comments forms. So, you can weed out some of the robots that can sort out passwords.
- Block requests in the address bar that can cause errors.
- Hide error output on the server.
- Hide website engine version and the engine itself as well as possible.
- Make a manual copy of the site to external media from time to time.
- Update all plugins in time after creating a database dump and a copy of files (and if you haven’t updated for a long time, it is better to update version by version).
If your WordPress site is constantly infected with malware, then you missed a hole or a backdoor
- If the site has been infected, then do only a manual system update.
- Remove all inactive plugins and themes, all junk where malicious code may be.
- Clean up any malicious codes found.
- Only when everything is cleaned, begin to set up security protection.
It is impossible to defend against all hacks, everything that was done by a person can be hacked, but good protection can delay such hacking by 100 years.
All types of malware degrade the site’s performance in search, and website owner may not even know about them, until the hacker simply starts working on his site. Being honest, I really wish all hackers to find their place, as people who make such a wonderful and cool code, could do it for the benefit of others and themselves, and not make money by hacking sites, but offer cool services that would bring them constant income.
I can remove malware from WordPress site and set up protection
If it happened that your site was infected and its performance was broken, then write to me and I will try to help you.
Contacts:
Skype: maxix2009
Mail: contact@it-smarty.com
