If you have seen or anyone else has told you that your WordPress website is redirecting to another website or linking to unknown and unrelated articles on other websites you WordPress website is most likely hacked. Checking if your website is hacked is usually relatively easy, there are a number of popular plugins that will detect file changes and in general malicious behavior on your website. Getting rid of the hack, permanently, can be another story.
Detecting The Hack
There are a few websites like Sucuri SiteCheck that you can run your website URL through their detection program to tell you if your website has been hacked. These tools only have outside knowledge of your website can only detect the hack if it is found in the source code of your WordPress website. While widely accurate, if the hack on your Website is more sophisticated the website report may come back clean even though your website is compromised. There are 4 highly used WordPress Plugins for detecting hacks and other malicious activity:
- Wordfence Security – Firewall & Malware Scan
- Sucuri Security – Auditing, Malware Scanner and Security Hardening
- iThemes Security (formerly Better WP Security)
- All In One WP Security & Firewall
The Hack Will Try To Hide
In many cases, the exploit will hide from WordPress Users, in more complex scenarios can even hide from specific IP addresses and only display for new or returning visitors not directly tied to the Administration of your WordPress website. This can make it very confusing to conclude that your website is hacked as some visitors are claiming to see malicious activity while others are using the website without issue. Combine this confusion with a “No Malware Found” report and dismissing the accusation can happen, leaving your website infected for a long time before the hack shows an obvious enough sign of being present or search engines begin warning people about your website being compromised.
Common Areas For Exploitation and Hacking
Your Plugins, Themes and WordPress Installation are three common areas that exploits use to gain access to your WordPress website. It is very important to keep these areas up-to-date.
Plugins are written by anybody that can develop and plugins do not go under any mandatory code review before approved for distribution to websites like your own. This leaves room for developers to write sloppy and in worst cases – exploitable by hackers.
Similarly to plugins, themes are written and distributed by developers with little to no mandatory code review, leaving it up to you, the WordPress website owner, to make sure your theme is also from a reputable source.
There are WordPress version with well known exploitable bugs. Hackers use this knowledge to scan for websites with these outdated WordPress versions to easily introduce exploits – often times completely automated and spreading across hundreds and thousands of vulnerable WordPress websites.
Removing The Hack
Finding where the hack has injected code can be difficult, the plugins mentioned above – if installed before the exploit – can tell you which files were changed to help narrow down what files the exploit updated code. If you are installing these plugins after the exploit occurred they can still find common exploits on your WordPress website. If these plugins come back clean but are you are certain that your website has been compromised it may take a server administrator to look at your access and error logs to identify where and when the exploit occurred. Removing the hack does not always guarantee that the hack is gone for good – often times the exploit will use the same method it used to originally gain access to your website to re-infect your website, which often requires the theme or plugin code that is allowing the exploit to occur to be patched.
Securing Your Website
- Keep WordPress installation up to date
WordPress is the core content management system behind your entire websites. Keeping WordPress up to date is the most important and basic best practice for keeping your website secure. WordPress gives a clear and technical-free summary of their updates and there are often times very important security updates.
- Keep your theme up to date and remove any installed but unused themes
Remove unused themes from your WordPress website is best practice, the fewer files on your server capable of introducing a hack on your website the better. Keep your installed and activated themes up to date.
- Keep your plugins up to date and remove any unused or unnecessary plugins
The first step to plugin security is to make sure the plugins you have installed and activated on your website are reputable and used by other websites. Keeping your plugins up to date is the next best preventative measure for avoiding hacks. Many plugins will include security enhancements and fixes in their plugin updates.
- Install firewall and virus protection plugins
If your WordPress website is up-to-date, your plugin and themes are up-to-date and there are no unused or unnecessary plugins the last step is to download a firewall and malware scanner on your website. Two of the most popular plugins are Wordfence, which acts as a firewall and can even block malicious IP addresses from accessing secured parts of your website. Sucuri Security is a similar plugin but focuses more on virus and malware prevention and scanning, ensure your WordPress website stays clean by monitoring files and running full-blown security scans on your WordPress installation and servers file system.Wordfence Security – Firewall & Malware Scan
Sucuri Security – Auditing, Malware Scanner and Security Hardening
Staying In The Clear
Ensuring your website remains malware and hack-free is important – dealing with a hacked website takes time and sometimes money and forces you to focus on activities that don’t help to grow your business.
Take any new warnings your firewall and anti-virus plugins display seriously as it may have found a new vulnerability. Keep WordPress, your theme and plugins up to date and an eye on any warnings from your Webmaster Tools or other website warnings.