6 Steps To Fix My Hacked Site
Why does anyone hack into a site? Some people obviously have way too much time on their hands. So how can you prevent your site from being hacked? If anyone really wants to break into your site, they can, but there are ways to help prevent it.
This post suggests ways of dealing with the problem once a site has been hacked, from my own personal experience.
1) Identifying the Hack
It can be difficult to see where a site has been hacked (if the code is well hidden). However, it is obvious that something is wrong if Google has problems crawling your site. This will appear as a message in Google Webmaster Tools.
Some anti virus will not let users to visit the site if there is malware on it – this is an obvious sign that the site has been hacked. It can also appear below when typing in the name of the domain.
2) Find the Spam
This can also be difficult and I experienced this first hand. The first time I was able to find the spam was when Javasript was turned off. The spam content was in the header, so the second time I was hacked. I immediately checked the header. However, it could not be seen in some browsers.
Eventually I found the spam, which began with a ‘hideMeya’ div tag which started with random words and links of Viagra and payday loans (nearly 700 words worth).
There was some very useful information on SiteOlytics which meant that it was not only my site that had been hacked into. It also showed me how to remove the unwanted code. This ‘hideMeya’ spam was inserted into a site when the page loaded.
3) Remove the Spam
I was not able to remove the code from the php file as instructed by SiteOlytics. Therefore I called the security department of my hosting company, which I had paid an additional fee, for this purpose. The hosting company removed the code and 5 days later, it was possible to see that my site had been crawled by Google.
To view a cached version on a site (and check when it was last indexed by Google), type in your domain name into Google. Then choose “cached” from the drop down menu. This will allow you to see the text version of your site as well (which is good especially if you want to check if there are any malicious spam that has been snuck in).
4) Review Security Measures
All users need to be vigilant and I was concerned about my site being hacked again so I felt I needed to upgrade the security on my site. I had previously moved my site to a new hosting account, which was more secure and only hosted the one site. I also changed my wordpress username, password, ftp password as well as my database password.
It is important to remember that when changing a database password, the password in the wp-config.php file needs to be updated as well. If not the page will not load as shown:
The second time I was hacked into, I repeated the steps above but I did not think this was sufficient.
I had paid for extra security with my hosting company, which did not send me any messages that my site had been hacked. Therefore I asked the hosting company for additional support in cleaning up my files.
They suggested a completely new install of my site. In the process of moving over the files to my new site, they found malicious code in one of my former themes I had used, which they deleted.
5) Start from Scratch (or nearly)
I was hacked into twice, probably because all the malware was not fully eradicated the first time round. Therefore it was important for me to do a complete reinstall of my website as mentioned in point 4. I backedup the database and reimported it. But unfortunately the images were not able to be moved across (for fear of them having viruses).
This reinstall necessitated customizing all the website, all my logos, favions, widgets. All the images need to be re-uploaded (this requires a lot of work as the site is over 5 years old), but it is worth it, as I know all the spam has been deleted. It is important to make sure there is always a back up of images on your pc/mac.
6) Have a Site Scanner and Choose Your Plugins Carefully
As I mentioned, I was afraid of being the victim of another hack. Therefore I upgraded my hosting account and with that I had access to a site scanner which would scan my website and let me know when there was malware. I login to this section (through my hosting account) and check this regularly especially after I have uploaded a new theme or plugin. There are many plugins that I now need to reinstall, but I am careful with them. I often install themes and plugins which have good reviews and where the owner is well known. For example the Google Analytics install by Yoast.
In order to prevent someone hacking into your site keep plugins and wordpress themes up to date. This may sound obvious, but make sure that your passwords are a mixture of upper, lower case and numeric and change them every few months, especially if there is a massive spam attack such as what we have seen with heart bleed.
Fixing a site that has been hacked into is always a tedious process. There is no short cut, only vigilance, time and attention to details will allow the user to help avoid this invasion of privacy. My own experience is just one way of dealing with the problem, but there may be others. Please feel free to leave your comments below.