At any point of time, if you feel your site is being hacked then first and foremost work to be done is to find out whether this has been really hacked and makes sure to check this out completely. Sometimes you get so many spammy comments that at the first site it should feel that yours site is being hacked but in reality this might have been due to presence of large number of spammy comments and use of appropriate safeguarding measures to stops such annoyances comments to safeguard your site.
- Then, how to know that your site is actually hacked. If such spam comments and adverts appear at the header and footer of your site without your knowledge. For some time these might be appearing in the form of transparent text or dark background which might not have been visible to normal eyes, but in reality this can be seen by search engine spiders and then for sure your site might have been hacked.
- Secondly open Google search and from there searches for ‘site:example.com’ and in the place of example.com replace your site name and if the search results appear in that remains blank and in recognized for your site, then your site might have been hacked.
- Thirdly, while searching for your site and when the search results appear and then at the sight of it in Google search if it shows that this is a malicious site then for sure your site has been partially or fully hacked.
- Fourthly, if you receive a call or personal message from readers that your site might have been hacked and then it is important to check your site for this to know about this in complete detail. If you receive reports that yours site maliciously returning visitors to some malicious websites then for sure something wrong with your sites and it might have been hacked.
- Fifthly, if you receive communication from your web registrar the domain and hosting provider that your website might have been hacked, or getting much spammy comment then it is time to act and find out complete detail about it. This might have been due to send and receive of spam comments as well as redirecting visitors to some other malicious websites and this might be time to act on your behalf.
Most of spammers include the links to your website and thus spam filters could not detect them and then they send so many spam comments by overtaking your website completely. It is important to use a firewall or at least security adds on to your website so that they can detect the location of such links and advise you to completely disable such links.
How to Clean a Hacked WordPress Site:
Back up your site right now, and if you have not backed it so far then it is time to back up immediately. First back up website to the server and then back up completely to your local computer and by using file transfer protocol (FTP). If you are on shared hosting and hosting provider found your site has been hacked by then first thing they will do to delete your entire site immediately in order to save other site in the same server. So back up website to local computers to save your work.
Yours first priority is to back up your entire site as well as databases. This means now, you have the copy of your entire site and slowly you can clean your site to make it secure and faster.
Then delete the contents in wp-content/plugins/directory as by deleting this you will not be losing or breaking your site. So first delete such third party plugins.
Plugins can be installed again without any difficulties from the WordPress plugin directory. It is important to delete the entire plugin directory instead of deleting some plugins. On the other hand deleting only some files of plugin directory can put you in the stage of your site where it can become completely non-operable.
Usually it is important to keep one theme in the theme directory. That theme should have been the theme that you are currently using. Delete all the other themes including the default WordPress theme so that ultimately, your site becomes faster and leaner. Be careful if you are using child theme of current theme then do not delete the child theme as well as that of the main theme and delete all the other themes instead.
Check both wp-admin and wp-includes directory from the hosting side and both of these directories never receive new files and folders and if you see some changes in those directories then removed those additional files and folders.
Check out for old WordPress backups and installations and remove those installations in order to create clean wordpress environments. Though the main site can be secure, but the older WordPress installation could provide the back door entry to hackers so removes them immediately.
If your site hosting has he permission of SSH then you can check with some commands, and check whether there has been some changes to your site in the last two days. It is important to use some security plugins or some third party firewall tools like site point or Wordfence, and run the complete scan of your site and then find out whether there is some sort of malicious codes that has been injected to your site.
It is important to use, secure firewall in order to understand how your site runs in server. Most of files complex regular expressions and signature infections on databases should be looked into detail as most of these are used with unix command line tools or inside of CPanel and this should be looked in complete detail.
It is important to observe how databases work and how malware infections affected on your sites and then you can find these in complete detail, by completely looking forward how these sites can secure completely. Update your sites completely; update WordPress sites, plugins and themes. Remove such unused themes, plugins completely and this can make your site run smoothly.
Now, your site is running on everything from newer versions, and though your site is malicious, still everything on the server side is now running smoothly. It is important to change all passwords of users as well as that of administrative passwords so as to run your site smoothly. Scan with security add-ons and if the scan takes longer to continue then this means that, yours sites have some malicious code injection and it is important to clean your site completely.
Then such scans, will show long list of infected files, so take your time and see the list of infected files to understand about such malicious links and then detect and find out the results of it and then remove such links immediately so as to make your site clean and completely faster to run with sites.
Do scan after scan, till the list of links showed the result that shows that your site is completely cleaner and faster to run and this makes your site cleaner and faster. After completely cleaning up your site, it is important to install security plugins so that your site remains securely and that makes the running up your site up and running.