FAQoTW: HELP! My WordPress Web Site has been Hacked AGAIN

A distraught wordpress hosting client contacted us this week because recently they’d been told their website was no longer working – instead, visitors to the site saw an image extolling some activist group support by a hacker.

The client (prior contacting us) simply deleted the hacked post, and had spent a further 2 days working on their site, when it once again was exploited, this time sending out 80,000 junk emails offering pharmaceuticals and the entire site had been deleted – 3 years of blog, images and comments all gone.

Whilst unfortunate, the problem was self-inflicted, as they continued to use a WP version which was 31 months (including numerous major and minor releases) behind the current version.

By putting something online, you’re inviting the world to see it.

Sadly not everyone is content just to ‘look’, many will try and abuse your website to send spam, announce how clever they think they are, or steal from you.

The majority of hacked, defaced or abused sites are because the site-owner has allowed uploads by anybody, used a theme/template containing dodgy|exploitable code, or because they simply didn’t apply patches and security updates in a timely manner.

Keeping your website applications up to date is extremely important.

New versions of common scripts are released on a regular basis, and these updates contain bug fixes and security patches.

Failure to apply patches and keep your applications updated means that you will get hacked and your site defaced/abused or deleted.

Regular maintenance is a critical part of your website/online-presence, and must not be ignored.

Astutium have made it as simple as possible to install, manage and upgrade over 200 applications with as little as 3 clicks through our Softaculous Script Installer which comes as standard on all hosting packages, and is available as an option for all virtual, cloud and dedicated servers.

To resolve this particular site(s) problems, they could have started again from scratch with a new WordPress install and then typed/pasted back any content they wished to keep (before allowing the site to be world-visible).

Thankfully, that rather slow and troublesome task was avoided as they employed Astutium to perform a Custom SaaS Upgrade Service and the Astutium Technical Support Team:

  • replaced the site with a holding page
  • restricted access to the wp-admin directories to know ip addresses
  • restored the site from the client supplied backups
  • validated the restore was clean of infections
  • upgraded the site to version 3 of WP
  • ran through the all minor versions and security updates
  • made a final backup and put the site online
  • sent the client our ‘how-to-further-secure-wordpress’ document

Within a day the site was updated, back online and the exploits used to deface it and sent spam solved.

For anyone running an outdated WordPress Installation – this is our Knowledgebase Article explaining how to keep it up-to-date in future:
How to upgrade a program installed with Softaculous?

Permanent link to this article: https://blog.astutium.com/2013/08/faqotw-help-my-wordpress-web-site-has-been-hacked-again/