What to do if your WordPress website is hacked by hackers

This is the greatest fear of the owner of each website: I heard that their website has been invaded. Although WordPress is a security platform, all websites are easily attacked, especially if they do not run the latest WordPress security plug -in.

However, if your website is hacked and damaged by hackers, you hope it will not be lost; you can restore content and repair damage in various ways. attack.

In this article, we will answer the following questions:

How do I know if my WordPress website is hacked by hackers?
Why was I hacked?
The first five ways of being hacked by the WordPress website.
How to repair the hacked WordPress website?
How to protect my WordPress website from hackers?
A common answer to WordPress hackers

Is my WordPress website invaded by hackers? How to know

(If you know that your website has been hacked, please skip and learn how to repair it.)

] If your website runs abnormally and you are not sure what problems you have, this does not necessarily mean that you have been hacked. You may encounter software errors, custody problems, and cache problems. Sometimes it may be difficult to know if your website is invaded by hackers, or whether the situation you encounter is caused by other reasons.

Signs of your website have been invaded by hackers:

1. Your website will not be loaded.

The reason why your website may not be loaded is

Many

. Mal malicious attacks are only one of the many possibilities. When you try to load your site, check the error message displayed. Some errors are very common, so it does not help the problem of immediate diagnosis, but understanding the error type you encounter is the first step in the cause of diagnosis.

HereThe most common WordPress error:

HTTP 500 internal server error.

HTTP 502 Bad Gateway error or 503 services is unavailable.

Although each of these errors is slightly different, they all show that there are server -side problems. The most common reasons for these errors are traffic or HTTP requests suddenly surge, but the same problems that may cause the same problem of 500 internal server errors may also cause 502 or 503 errors. If you do not expect the website traffic to surge, it is likely that your plug -in has a problem, or your website is attacked. Other potential reasons for 502 and 503 errors are incorrect firewall configuration and content delivery network (CDN) configuration. If you are using a shared hosting platform, another website on your server may encounter problems that cause the entire server to stop.

401 Unauthorized, 403 Forbidden, and the connection are rejected by the host.

If you receive one of these error messages, it is because you no longer have the right to access the content or server. 401 and 403 errors are usually because the file permissions or passwords are changed, and the host refuses to connect may be a password error or server port configuration problem. If you do not change your password or file permissions, the culprit is likely to be hackers.

Not your error is listed here? Check the comprehensive list of errors that prevent your website from loading.

2. You cannot log in to your WordPress dashboard. If you cannot log in to the WordPress dashboard, the first thing you should do is reset the password. If you manage many websites, you may just forget to change your password on specific websites.

If you do not receive a password reset the email, it may be because your website is using the original WordPressThe PHP Mail () function. E -mail providers such as Gmail, Yahoo, and Outlook usually prevent emails sent by the PHP Mail () function. If you have not used the SMTP server to send emails from your website, this may be the culprit. If you have not encountered any email delivery rate in the past, or you are already using the SMTP server to process your website’s email, then it may be time to worry about your account being stolen.

Hacker may have visited your account and changed your password and related email address Essence If you receive an error message that \”error: username \u0026#39; your username \u0026#39; not registered on this site\”, hackers may delete your account and create a new administrator for yourself for yourself account. 3. When you search for your website or try to load your website on Google, you will receive a malware warning message.

Google Security Browse detected unsafe websites, and showed malware warning messages when users tried to access. All the main browsers use Google’s security browsing data to remind visitors to pay attention to the existence of malware. If you see this alert on your website, you may have been invaded by hackers.

4. You have not made changes on your website.

Some hackers will inject content to try to get personal information from the visitors or redirect them to other websites to achieve evil purposes. If you see any content you or other authorized users have not created on your website, it is likely to be hacked.

These changes may be obvious. For example The advertising display position on the website that should not be put on advertising should be replaced. But it may be even more conspicuous, such as the link or button you created on your website. Sometimes, hackers use junk comments or hidden links where they are difficult to track. They may add links to remote positions, such as your footnote, or insert them into the copy of the article. Alternatively, they may replace the links on the button on your website. 5. Advertisement on your website guides users to suspicious websites. If

You

usually put advertisements on your website, you may need a period of time to notice whether one of the advertisements point to a malicious website.Hackers engaged in \”malicious advertisements\” use ads to guide visitors to online fishing and malicious software websites. These types of hackers are easily overlooked, especially in displaying online advertising, the website may not be able to control the exact advertising displayed.

If you find such advertisements on your own website, you should immediately delete illegal advertising and advertisers User account. If the advertisement is placed by displaying the advertising network, you can temporarily disable the advertisement on your website and notify the displayed advertising network so that they can delete them from the system. 6. Your website performance suddenly decreases -the loading speed is very slow or the report is timeout. Your site may be loaded, but if it is extremely slow or you see the server timeout, the reason may be the server overload. This may come from a hacker attack, wrong plug -in or other things on your website, and they will occupy your server resources.

7. Your website is redemption to other places.

This is a bad news. If you try to visit your website and take it to another website, then you must have been invaded by hackers. Hackers need to access the files on your server or your domain registered account account.

If they try to access your registered account, they can redesign 301 to your DNS entry. If they access your website by cracking the password of the WordPress administrator or obtaining your FTP voucher, they can add the redirect to the code to various files on your website, including your Index.php or wp-config.php file Essence

8. Customers contact you without authorized charges. If you use Woocommerce or other e -commerce systems and receive complaints about unauthorized charges, you may encounter data leaks. Some people may invade your website or payment gateway. Woocommerce will not store credit card numbers or security codes on your website, but other details (such as customer names, addresses, and emails) will be stored in your database. Hackers can use this information to steal the customer’s identity or charge the stolen credit card. 9. You notice new, unfamiliar user accounts or FTP/SFTP credentials.

You may not check your user account list regularly. However, if you are running a large network that allows people to register accountStand, please check the user list in the WordPress instrument board regularly to find spam accounts. If you find that you are not an administrator, editor or store manager account you created, you may have been invaded by hackers.

Junk mail account is usually created by robots. They may not always be able to access any core files, but they can still be serious about leasing comments that have a negative impact on your reputation, expand your database, and guide your user to harmful websites or malware. damage. You may also need to pay close attention to your file transmission protocol (FTP) account. If you hire developers to build your site and the technical work you do to maintain the site is quite limited, then you may never even check your FTP credentials. If you do not have a copy of this information, you can find it in your network custody account. Ideally, you should use security file transmission protocol (SFTP) instead of FTP. The FTP access of your website is completely unsafe, transmitting sensitive data in the form of pure text, and any hacker can easily access. SFTP encrypts information so that your commands, credentials and other data are kept safe.

When you set up a host account, you usually create a SFTP user automatically. If you find that multiple SFTP users or unfamiliar FTP accounts are associated with your site, you need to worry. Delete an unfamiliar account immediately and change the password of the known account. 10. Your security plug -in has notified you to have problems. If you use a security plug -in, if you detect any suspicious activities on your website, you will receive an email. If your security plug -in includes the stop time monitoring, you will also receive a notification when your website fails for any reason. These alerts can help you quickly identify, diagnose and respond to anything that misuses from plug -in vulnerabilities and fatal errors to hacking.

11. Your virtual host has reminded you to pay attention to the problem on your website.

The hosting company also hate hackers, spam and server paralysis, so they pay close attention to any major issues of customer websites. If your server is overloaded, or your host receives a lot of abuse statements about your domain, then they should quickly contact you on the issue. If you receive news from the host’s website, you should investigate as soon as possible.

Why is I hacked?

If you are hacked, you may want to know why. It makes people feel very personal -sometimes it is true. If you run a website to deal with sensitive themes, you may be the goal of hackers. Or, maybe you have a employee who is using their access rights to seek personal gain, or a dissatisfied former employee wants revenge. But most hackers did not try to complete some grand and complicated agenda, nor did it target you. They often run simple plans on easy goals to steal funds, collect sensitive information, or make trouble for making trouble. If you open your front door every day, if someone walks in and steals something, you will hardly be surprised. There is no difference in your website. The bad security practice is the main reason why any website is invaded by hackers. Although many small companies do not think that network security is the top priority, the fact is that 43% of cyber attacks are targeted at small companies.

Small enterprises are unlikely to have knowledge and resources to ensure the security and protection of their websites. Even the largest company dedicated to the online security team will still be hacked from time to time. However, the websites of millions of small enterprises are the most vulnerable to attack -this is why hackers attack them.

The first five ways of being hacked by the WordPress website What is the most common way of exposing themselves in front of hackers? Although hackers can use many different methods to access your website, the following are the first five types: 1. Overdue plug -in, WordPress core, and theme files It is one of the most popular ways to enter your site. Because WordPress is supported by 42% of websites, it is not surprising that websites using WordPress to become hackers are not surprising. There are 54,000 free plug -ins in the WordPress directory, and hackers have sufficient opportunities to use poor encoding, abandoned or outdated plug -in.

Generally, when a new version of the plug -in is released to repair the security vulnerability, the vulnerability will be made public. Before the release is released, it can prevent hackers from using the information to the greatest extent, but once it is released, hackers will use these back doors as long as possible.

At least 33% of WordPress websiteUsing outdated software, they expose them to hackers, and hackers now have information they need to enter.

2. Breal force attack vulnerability

Try to try different user names and password combinations of brute force attacks until the correct combination is found. The following unsafe factors on your website will increase the possibility of violent attacks:

Unlimited login attempts.

If you do not restrict the setting of login, hackers can try unlimited user names and passwords. This may eventually cause them to visit your website (the worst case) or apply huge loads on your server and close it (the best situation).

Short or easy passwords.

The shorter your password or less character type, the easier it is to hackers to crack through violent attacks. With so many people using passwords such as \”123456\” or \”password\”, you can imagine why violent attacks are so common.

There is no verification code on your login form

Do not use dual identity verification.

Dual identity verification (2FA) use additional security measures other than passwords to verify user identity. This may be a security issue, such as \”What is your first pet’s name?\”, Code sent to user email address or phone number, or third -party authentication application. If you do not add this additional security layer to your website, it is easier for hackers to break into.

No
violent attack protection . Bypower attack protection tools can prevent suspicious robots and personnel from accessing your website automatically.
3. Unsafe hosting If your site does not have an SSL certificate or use FTP instead of SFTP instead of a service device -level access to your site, your hosting is unsafe of. Safety hosting uses convergence layer (SSL) encryption to ensure communication security between your website and browser. The shared hosting environment will also weaken the security of your website. If there is vulnerability on another website on your server, your website may be affected.
4. File permissions The files of your site have the authority associated with it, and can be granted to different levels of access permissions. If your WordPress file permissions are incorrect, you may easily access important files and sensitive data. 5. Password theft

There are tens of millions ofThe password was stolen. If you store your password in your browser, you may receive data leakage notifications from Google. Google will compare the passwords stored by some websites with the known data leakage list. If you find your information in the leaking password list, you will send you alert. Once you realize that the password is not changed after leakage, it is easy to cause hacking.

How to repair and restore the black WordPress website?

Don’t panic! Follow the following steps to restore the website and protect yourself from the future hacking attack, take a deep breath and keep calm.

Before we discuss this theme in -depth, you can do some simple things to try to solve the problem you see on the website, and then come to the conclusion that you have been hacked:

]

Waiting for a few minutes and reloading the page

Clear the cache and cookie

Refresh your DNS cache The device

If these fast steps cannot solve your problems, it is time to conduct more investigations.

1. Determine what happened

If you can log in to your site and have a WordPress security plug -in to monitor the activity (such as the Jetpack activity log), please check the login, login time and change content.

This can help you determine which files are affected and which user accounts need to be reset. List any suspicious things you find.

If your security plug -in has no active log, you have no security plug -in, or you cannot access your website at all, you should contact your virtual host and ask them to check the error log in your server. Their technical support team may not be able to accurately point out what happened, but at least they should be able to determine that the problem is from the server, your plug-in, configuration .htaccess or .wp-config files, or from the website hacker.

2. Use the site scanner to detect malware and repair your site

There are several excellent site scanning procedures to search for your website to find the injected code, modified core files that have been modified, modified core files Or other dangerous signals that indicate hackers’ invasion. Be sure to cross the activity or error log in any file you labeled.

A good WordPress website scanner will also be able to repair any problems it found. One of the benefits of Jetpack Scan is that it can repair most of the known malware problems in one click. As an additional reward, it will protect your WordPress website by continuous regular malicious software.

If you do not have a malicious software scanning program and cannot access your site to install a plug -in, you can try a free scan -based scanning program, such as PCRISK. It cannot delete malware, but it can at least help you identify whether there are malicious software on your website so that you can try to delete it manually.

3. If possible, recover from the backup

However, recovery from backup is not foolproof. Although the most important part is to restore the control and function of your website and delete all traces of hackers, you may still lose some important data. If you don’t know how long your website has been invaded by hackers, then your backup may be invaded.

If you run the e -commerce website and store the customer order in the database, it will return to the backup (unless you have real -time backup from Jetpack) may delete hundreds of customer orders you have not yet handled. You may also lose any major changes to your website between client reviews, blog articles, and backups you want to recover from it.

If you have no site backup or they have been invaded, you hope it will not completely disappear. Even if you need to rebuild your website from scratch, you can view Wayback Machine to get the past snapshots of your website. Although it does not restore files, if you have to rebuild, you may be able to recover a lot.

4. Reset all passwords and delete suspicious user accounts

Just deleting malware or rolling back to your website is not enough to ensure security. In any case, after being hacked by your website, be sure to reset all your passwords and the passwords of other senior users. Use the \”Suggest Password\” on the WordPress Personal Information PageButton to ensure that your new password is long, complicated and difficult to guess. Worry to remember your combination? Try to use a password manager such as Lastpass or 1Password.

If your activity log shows any suspicious login, delete these accounts. If you find any unrelated user account or look like spam, no matter what your access level, you should delete them to ensure safety. Just because hackers using an account for malicious activities does not mean that they do not create multiple accounts to continue.

5. Please experts

Some hackers are more complicated, unable to clear through the automatic site scanner, and exceed the ability of ordinary user recognition and deletion. These situations may involve complex injection code systems or access rules that can be hidden in multiple files.

If you feel that you have done the biggest effort, but your website is still threatened, or if you have a knowledgeable person to check it carefully, you will feel safer, you need to take a look at it. If you don’t know anyone with such professional knowledge, consider hiring WordPress to restore experts from Codeable.

6. Update your software

Since most WordPress hackers use the vulnerabilities in the outdated software, it is very important to put the latest version of the plug -in, theme and WordPress on your website as soon as possible to your website as soon as possible. Essence

Before the update is started, please make a complete backup. After the backup is successfully completed, first update the WordPress core, then the plug -in, and then the theme.

Note:

If you use Woocommerce, please always update your WOOCOMMERCE expansion, and then update WOOCOMMERCE.

7. Submit your website to Google

If your website is blacklisted by Google, please re -submit a clean website to restore your good reputation. If a warning appears next to your website, or if you no longer appear in the search you have ranked, you will know that you have been included in the blacklist. But please note that you may not have other reasons in the search results. To delete your website from this list, use Google Search Console request for review. How to prevent my WordPress website from being hacked?

Preventing hacking attacks is always better than trying to restore better solutions from it. Make sure your WordPress website is protected by the following measures: [[[[[[[[[[[[[[[[[[[[[[[[

1. Use a security plug -in.

Security plug -in uses various measures to help protect your website from hacking. Some will notify you suspicious activities or stop time. Jetpack Security provides the following basic functions:

Real -time backup

Real -time scan

Junk Email Prevention

Activity Log Time surveillance

Use security plug -in can eliminate most of the hard work and technical expertise that protects your website, so that you can spend more time focusing on creating content , Sales or finally relax for a few minutes.
2. Make WordPress, plug -in, and your themes the latest
Update your software after the hacker event is a good way to help closing these back doors to enter your website, but only once do it once is not enough. You will want to continue to make everything as usual as much as possible. You can update your software by regularly monitoring and manually, using Jetpack’s automatic update features or verifying whether they provide automatic updates with your hosting service provider to do this.

Although your software is maintaining the latest security of your website, you should also realize that updates will sometimes cause plug -in or theme conflicts. You still need to check the functions of your website regularly to ensure that everything is normal.

3. Strengthen your login and form security

Protect your login form, contact form and comment submission form is one of the simplest things you can do to prevent violence from violence Attacking and commenting on spam. You can ensure the safety of the form through the following methods:

requires a stronger password.

It is required to create a long password for the combination of at least 16 characters and lethal letters, numbers and special character combinations. The longer the password, the more complicated, the harder the hacker is to crack.

Use the verification code on all tables.

All users need 2FA.

At least, you should ask your administrator account or any account (such as customers) that may have the right to access sensitive information.

Spam plug -in.

Jetpack Anti-SPAM is built with Akismet, which is the most powerful WordPress anti-spam solution. Although the risk level of junk mail is different from those who visit the administrator -level data, it may still be a huge security and reputation risk. Eliminate or greatly reduce comments spam is as simple as installing with Jetpack with one -click installation.

4. Switch the hosting service provider or environment.
The hosting is a place you should never be stingy on the website. High -quality custody packs will help protect your site through its own firewalls, SSL certificates, system monitoring and WordPress optimization configuration. If you cause your problem in the shared host environment, but you like the current host, you can ask the options for clouds, VPS or special server hosting.
5. Make your own automatic backup Even if your host package contains backup, you can get many benefits by generating your own different places. Most hosts only back up every day or weekly and store them for 30 days. If they are saved with your host, they may be damaged at the same time as your site.

If you use a separate WordPress backup plug -in, such as Jetpack Backup, your file will be stored separately from the host, which part of you can control the site more detailed, you can store up to one year with a backup, and you You can use the Jetpack mobile application to deal with everything anytime, anywhere.

Multi -combined prevention and recovery tools

A good security plug -in can prevent most of the most common hacking attacks. If you have been hit, you can even help you recover. Jetpack aims to cover all the most important bases and provide an intuitive and reliable emergency recovery method.

Jetpack’s happy engineer support team likes to help the website owner overcome the problem and defeat cyber criminals in his game. It is this community -based team method that makes Jetpack one of the most popular WordPress plugins ever.

Use Jetpack Security to protect your WordPress website.

A common answer about WordPress hackers

How long is it hacked by the WordPress website?

Although there are no specific statistics on the frequency of hacking attacks by the WordPress website, there are 30,000 webs around the world every dayStanding was invaded by hackers. Because WordPress is supported by nearly 40% of the websites, it is reasonable to have 10-12,000 WordPress websites every day.

What are the most common types of hackers?

Bait and switch.

Hackers mainly use it for online advertising or advertising network. They will be pretended to be a well -known brand, but the advertising link will bring the visitors to a malicious website. The website tries to fish information, allows them to buy fraudulent purchases or the malware to their devices.

SQL injection.

This technology involves hackers uploading the SQL command to the site to steal or change the server data, usually the fun of illegal transactions on financial information, or just to destroy someone’s entire database. These attacks are usually entered through unsafe web forms, cookies or other unwanted users.

The credentials are filled.

Click hijacking.

By clicking the hijacking, hackers will use code to create multiple content layers, the purpose is to allow users to accidentally click on some content. They may think that they are clicking your \”About\” page link, but in fact they are clicking the hidden link to bring them to the malicious site. Hackers can also use this technology to steal passwords by creating a \”invisible\” form on the legal form. Users will think that they are logging in their accounts, and in fact, they are sending this information directly to hackers.

Cross -site script (XSS).

This is similar to SQL injection because it uses the same entry point -unsafe form and other unwritten user input -but the injected code is JavaScript or HTML, sometimes VBScript or Flash.

Intermediate attack.

These attacks usually occur in public places, because hackers use unsafe routers to intercept data being transmitted. They can use this technology to obtain user names, passwords, financial records, and other personal information to target your website and any other accounts that they try to obtain information.

DDOS and brute force attack.

Distributed network attack (DDOS) involves sending a lot to the websiteTo try to make the server collapse. Breeding attack is a DDOS attack. It will try different user names and password combinations in your website login form to try to get access rights. This will generate a lot of requests. If it is not captured and stopped, it may cause your server to load and stop response.

DNS hijacking.

This method is usually used to redirect your website to different websites (DNS deception). With DNS hijacking, hackers can access your registry or your activity domain name server, and point to your IP address or use redirects to send visitor to harmful sites.

What are the consequences of my website being invaded by hackers?
If there\u0026#39;s nothing of much importance on your site or the hack isn\u0026#39;t really affecting performance in any way, why should you worry about your site being hacked Even if the hack isn\u0026#39;t directly affecting you and your site, it\u0026#39;s going to affect other people. You might not notice, but a hacker might be phishing personal information from your visitors so they can steal their identities, redirecting them to sites that malware onto their devices, or using your servers to send spam or dangerous content to people all over the world.
It might not affect you immediately, but it may cause your site to get blocklisted or Your Hosting Provider to Remove Your Site from the Server. If the hacker

Author: