Need help cleaning up a wordpress site after being hacked

3 Views

Off Topic? Maybe, point me to where this would be On Topic!

Hi All,

Read More

My daughter attends a private school. Recently their wordpress website was hacked and they need some help cleaning it up. I don’t have the experience with wordpress to help.

Are there services or websites that they could use to find the expertise to help with this?

Of course they would be compensated.

Here is a description of the problem:

Thanks!
-DF5

Thank you for getting back to me. We are trying to detect any possible back
door vulnerabilities in our WordPress installation that may be allowing
scripts or bots to place malicious code on our website. We have been hit by
a specific drug company. This code seems to turn up in our pHp files. The
original problem was that people who clicked twice on any page of our site
were redirected to this drug website!!

We have cleaned the installation manually, but there may still be scripts
running in the database or remaining vulnerabilities because we did not want
a re-installation of a clean version of WordPress. We have scanned the
database and there appear to be no known rogue files, but we are concerned
that there may still be scripts running that are very well hidden. We
basically need someone to start by looking through our files to see if
there is something we and the scan missed.

There is a lot of customization we did on our website and are trying to
avoid a clean install. We are also in contact with Dream Host (our hosting
company) to see if it is a server issue as we are uncertain if this is a
WordPress vulnerability via a plugin or a server issue that Dream Host can
resolve.

The website seems to be functioning well now, we are mainly trying to
prevent another problem and to eradicate any malicious code so we are not
penalized in the search engines.

Post Views: 3

Related posts

Leave a Reply

4 comments

  2. I’ve cleaned quite a few hacks before. It’s a multi-step process that’s somewhat difficult to outline here. However, these folks (http://sucuri.net/) have become the go-to company for a lot of people. Reputable and thorough. (I’m not affiliated with them in any way, shape, or form.)

  3. Dr Floyd,
    More than likely it was a botnet that went through a bunch of sites and found a vulnerability, and then exploited it. I can help you go through the files, but you should be prepared for to upgrade your WordPress installation. These hacks are fairly common, they aren’t done by a specific drug company.

    You can reach me here, or if you go to our website, you can call me directly. (Zippykid.com)

    Your best bet is to setup a dev environment with a new version of WordPress, copy over your theme, and import all the posts into this environment. Then apply any of the settings as needed.

  4. This is not an specific answer to your situation – however it is relevant to your situation.

    a few ways that such problems can be avoided in the future.

    1. make sure you add the DISALLOW_FILE_EDIT parameter on your wp-config.php file to TRUE (look up if unsure)
    2. Use a child theme for customization of wordpress, dont modify the core files directly — if you had used this approach, you could simply do a fresh install of wordpress and themes and be rid of any hacked files.
    3. Make sure you have a password that is very complicated. A good password might look like this: c38fuj%kfjiposC8jfwe! — distributed botnets can crack even a 13 character password in a matter of months
    4. If using a shared hosting provider, ensure that the directory permissions on your wp-config.php file is not readable to the world.
    5. Find out if your hosting provider allows overrides to the htaccess files to take place — if so, then once the htaccess file is set correctly, you should make it read-only.
    6. Always keep up to date with the most recent wordpress/theme updates.

    Hope this helps!