About WordPress Security

WordPress based websites are mostly targeted through vulnerable plugins, themes installed on a WP website. They tend to inject their malicious code in header.php or footer.php under /wp-content/themes/<theme_name> as it loads up with every page of your website. It’s a smart way to infect full website with just one file.

There are few basic steps that need to be performed immediately whenever the website is hacked :

  1. Replace your website folder with clean copy of website.
  2. Perform a sucuri malware scan i.e. http://sitecheck.sucuri.net/scanner/ to check if you are already blacklisted
  3. Inspect your plugins or themes folder for malicious code
  4. Remove the malicious code from infected files

Once done, next step is to inspect your WP database.

WP Database Inspection

It is equally important to inspect and clean your WP database after you clean WP website files. This is to ensure that the malicious code does not appear again and you have a fully cleaned website. WP database can be accessed using PHPMyAdmin. Below is the quickest way to do a database inspection:

  1. Login to PHPMyAdmin
  2. Click on database_name in use ( ex. wordpress_database )
  3. Export your complete database in a .sql format and open it in a text editor
  4. Do a search for malicious code or any suspicious encoding
One final note .. the most important things to remember if you own a WP site are:
  1. Backup your website DAILY if possible.
  2. Keep your WP version up-to-date
  3. Have few of the security plugins installed for your WP website

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: