Here’s a step-by-step guide to help you fix the hack and prevent it from happening again:
1. Take the Site Offline Temporarily
- It’s crucial to take the site offline to prevent further damage while you clean up the site. You can do this by either:
- Enabling maintenance mode, or
- Temporarily renaming the
index.phpfile in the root of your WordPress directory.
2. Scan Your Site for Malware
- SiteGround’s Security Tools: SiteGround offers security tools like SiteScanner, which can detect malware. Use this to scan for malicious files.
- WordPress Security Plugins: Install a security plugin like Wordfence, Sucuri Security, or MalCare to scan your files and database for malware.
3. Identify and Remove Malicious Files
- Look for unfamiliar files: Check your file system (especially
wp-content/uploads,wp-includes, andwp-admindirectories) for unfamiliar files or folders. - Check modified files: If you have backups, compare the current files to a clean backup to identify modified files.
- Delete suspicious files: Delete any files that seem malicious or that the security scanner identifies.
4. Change All Passwords
- Change the passwords for:
- WordPress Admin users
- Hosting control panel (cPanel)
- FTP or SFTP accounts
- MySQL database
- Email accounts associated with the site
5. Reinstall WordPress Core
- Download a fresh copy of WordPress from WordPress.org and upload the core files (
wp-adminandwp-includes) via FTP or File Manager, overwriting the current ones. This ensures any infected core files are replaced.
6. Check for Vulnerabilities in Themes and Plugins
- Remove unused themes and plugins: Delete any themes or plugins you’re not actively using.
- Update all themes and plugins: Outdated themes and plugins are common entry points for hackers.
- Check for backdoors: Look for files in theme and plugin directories that don’t belong (e.g., random PHP files). These could be backdoors left by hackers.
7. Check the .htaccess File
- Open your
.htaccessfile (in the root of your WordPress installation) and look for any suspicious code or redirects. Clean it up or replace it with a default WordPress.htaccessfile.
8. Check wp-config.php for Malicious Code
- Inspect your
wp-config.phpfile for any unfamiliar code or database queries that shouldn’t be there.
9. Install a Firewall
- Use a security plugin with a firewall feature (e.g., Wordfence, Sucuri, or MalCare) to block malicious traffic from reaching your site.
10. Enable Two-Factor Authentication (2FA)
- Add 2FA for WordPress logins to secure admin accounts.
11. Limit Login Attempts
- Use a plugin like Limit Login Attempts Reloaded to prevent brute force attacks by limiting the number of login attempts from a single IP.
12. Set Correct File Permissions
- Ensure your file and directory permissions are set correctly:
- Files should be set to
644. - Directories should be set to
755. - The
wp-config.phpfile should be set to440or400.
- Files should be set to
13. Monitor and Harden Your Site
- Regular Security Scans: Use your security plugin to schedule regular malware scans.
- Website Backup: Set up regular, automated backups (if you haven’t already) so you can restore your site quickly if it gets compromised again. Plugins like UpdraftPlus or Total Upkeep can help with this.
- Disable PHP File Execution: In folders like
wp-content/uploads, add an.htaccessfile that contains:apache<Files *.php>
deny from all
</Files>
This will prevent PHP files from being executed in these directories.
14. Check SiteGround for Security Options
- SiteGround may offer security features like malware scanning, backups, or enhanced server-level security. Enable any available features such as server-level firewalls or account isolation.
15. Update All Software
- Make sure your WordPress core, themes, plugins, and PHP version are up to date. This reduces vulnerabilities hackers can exploit.
Following these steps will clean up your site and put better security measures in place to prevent future attacks. Let me know if you need help with any of these steps!