My WordPress Site Has Been Hacked – WHAT TO DO?!?

Google Chrome indicates that your WordPress site “contains harmful programs” or “contains malware” when any page is opened. This means that Google has crawled your site and found embedded code that could cause harm to the passing web surfer. Your site has been hacked by someone who has changed files to meet their malicious intent. The hacker may have done it using a trojan plugin or may have gained access to your wpadmin or ftp account.

What Should You Do

There are some free WordPress plugins available that will scan and fix malicious files. The following sections provide more detail for this list of Things to Do:

  1. change your webserver ftp password
  2. change your wpadmin password
  3. delete unknown WordPress Administrator users
  4. install the plugin Anti-Malware from GOTMLS.NET
  5. install the plugin Wordfence
  6. run the Anti-Malware scans and Address Issues
  7. run the Wordfence scans and Address Issues
  8. address any issues
  9. notify Google of your changes

Run the Anti-Malware scans and Address Issues

  1. run the WP_Core Quick Scan
  2. run the Plugins Quick Scan
  3. run the Themes Quick Scan
  4. run the Complete Scan
  5. choose ‘Fix Issues’ if the scan identifies a threat
  6. repeat over several days to ensure the threat does not reappear.
  7. if threats reappear, pay attention to plugins or themes that reappear and disable then delete those
  8. clear the quarantine created by the Anti-Malware plugin
  9. delete any plugins that WordFence indicates as no longer supported

Run the Wordfence scans and Address Issues

  1. turn on ‘scan themes files against repository versions for changes’. Visit wpadmin > Wordfence > Options
  2. turn on ‘scan plugin files against repository versions for changes’. Visit wpadmin > Wordfence > Options
  3. run ‘Start a Wordfence Scan’. Visit wpadmin > Wordfence > Scan
  4. browse the Scan Summary and validate the scan results.
  5. view the New Issues and address each one as follows:
  6. Allow Wordfence to Repair any core files that are identified as changed. Unless you are changing WordPress core code, you don’t want custom files.
  7. Allow Wordfence to Delete any unknown files identified as containing malicious code. If it isn’t in the inventory, your site won’t need it.
  8. If you modified a theme (example: changed a style.css file), indicate that Wordfence should ignore this issue.

Notify Google

Register your site in Google’s WebMaster tools. Visit https://www.google.com/webmasters/tools/dashboard
Check the WebMaster Tools Security Issues tab. Follow the instructions to tell Google to remove your sit from their list.

Conclusion

Your site has been hacked. Using the 2 free plugins Anti-Malware and Wordfence, you can scan and fix files that now contain malicious content. Mission accomplished!

Leave a Reply

Your email address will not be published.