My WordPress Site Got Hacked

My Wordpress Site Got Hacked

At any one time, I oversee close to 50 WordPress websites. It is a daily ritual for me to get up from bed, grab a shower and head to a local coffee shop for a cup of coffee. This was an average morning as I poured my coffee and sat next to the gas fireplace.  As was my custom, I put some cream in my cup and proceeded to pour my dark roast into the cup.  I know, I know.  Some will argue this sequence, but this is for sure the most efficient way to stir in cream to a cup of coffee.  Doing it this way allows you to skip the step of stirring.  With as much coffee as I drink, this one simple life hack adds hours of productivity back into my life. It’s a cold and rainy morning in the Pacific Northwest, so I pour my coffee, and grab the table next to the fireplace.

It is my daily ritual to drink a cup before flipping the lid of the work machine.  After warming up next to the fire, contemplating life and the week by staring out the window, I decided to dig in. I reach into my backpack and pull out my 6-year-old MacBook Pro, which is still working perfectly by the way.  The coffee shop I’m at today is Panera, so because it’s Panera I connect to my personal Hotspot on my iPhone.  It’s at least 3 times faster than the wifi connection at Panera.

Here I am ready to attack my Asana tasks for the day. To this point, the day was semi-perfect. The only thing that would have made it more perfect is to be with my wife in Peoria for Spring Training, but I’m not. Oh well, maybe next year. Right now, it’s 72 degrees and the Mariners are playing at 11:05. Sigh. Ok, back to my story where it’s 47 degrees and raining and I have a client who emailed me saying “My WordPress Site Got Hacked”.

Now there are several reasons to make a site not show correctly. Lot’s of questions need to be asked before moving forward.
Has the domain name expired?
Is the server running?
Is it a redirect, an odd message on the screen, a blank screen or another website altogether?

After digging into it a bit, I discovered what the client was experiencing is a code injection.

A code injection can happen when the administrator passwords are out of date or run under the ‘admin’ username. It can also happen when templates and plugins are out of date, or when the WordPress instance is out of date. I’m not going to fully go into the mechanics of how it happens, suffice to say that the hacker is able to change files without your knowledge. It’s a scary thing to think that someone bad can get into your personal property and cause you harm.

What does a hacker accomplish by getting into your site?  Mostly they skim traffic away from you.  How most code injection hacks work is to grab search web traffic on the sly.  What was happening with this client was all their tablet and mobile traffic was being forwarded to another site. They could also just be mean to people to those who have not protected themselves.

Here is what I did to fix this client’s problem. Before I tell you, you need to know this advice is worth $375.  It’s what I charge to fix a hack and I’m going to give it to you for free on this blog.

Step 1: Add a security plugin such as Wordfence, All in one WP Security, or Sucuri Security. I prefer Wordfence and almost never upgrade to the premium service.

Step 2: After installing one of these plugins, you’ll want to run a ‘Scan’ of the site.  In each of them, they will tell you if there are files that have been affected and if there are plugins there are out of date or unused.

Step 3: Remove any unused plugins, and update every other plugin and template.

Step 4: If there are files that have been edited without your knowledge, you’ll need to FTP into the server and check those files.  If the files are different than what WordPress says they should be, you’ll need to revert the files to the original code.

Step 5: Change all passwords including Cpanel, FTP, Administrator, email passwords, etc.

Step 6: Test the fixes.  Check to make sure what you did fixed the problem and didn’t create other problems.

I have been a website fixer since 1999, so I’m an old guy.  This is what I’m best at and love fixing problems for others.  Let me know by commenting if you find these steps helpful.  If I can help in any other way, please let me know by emailing me at david@gocomo.com.

Time for another cup of coffee as I move to the task in Asana…. planning a trip to Seattle watch the Mariners beat the A’s next week.