Any website hosted on a web server is vulnerable to hacker attacks, and as webmasters, it is our job to implement all best practices to improve the security of our websites.
A wise man once said “prevention is better than cure”, and the best preventive measure when it comes to WordPress security is to back up your blog daily.
Anyway, this post is not about WordPress backup plugins , but about a hacked blog and I recently used a plugin to remove the hacked files from my blog.
Since this plugin is free and I have found it to be very effective for any non-technical user, I am sure you will find it useful in your tough times.
First, one of my clients had his blog hacked and his site was blocked by Google because it could potentially spread malicious code.
My non-technical client had a problem and he contacted me to investigate the issue. When a WordPress site gets hacked, I usually look at the most recently modified files first because this helps me find the files where the malicious code was injected.
But this does not guarantee 100% reliability, as it is difficult to find all maliciously infected files.
After trying a few WordPress security plugins, I found the Sucuri WordPress plugin , which helped me find malicious files quickly, and this post is dedicated to it.
Get to know the free Sucuri WordPress plugin:
Sucuri WordPress plugin is a secure and hack-proof WordPress plugin . You can use it right away to fix some common security issues like hiding WordPress version, restricting access to WP_content and WP_includes, and more. Once your site is hacked, you can use this plugin to find modified files, outdated plugins in your blog, update wp-config file, and more.
Let’s start with the first feature, which allows you to enhance the security of your WordPress blog. Go ahead, install and activate the Sucuri WordPress plugin.
Download and install the Sucuri WordPress plugin
After activating the plugin, you can check your settings from Sucuri-free > Sucuri Scanner:
For you, you may want to start with one-click hardening to improve the security of your WordPress blog.
Click "Harden this site now" before "One-click hardening" to get started. Here you will see all known issues and can quickly click "harden" to fix them:
In my particular case, I was most interested in the completeness and post-hacking functionality of this plugin.
Use WordPress Integrity and Post-Hack features:
This plugin has a lot of useful post-hack features, my favorite of which is the integrity check.
Latest modified files:
With Latest Modified Files I can see a list of recently edited/modified files.
I can also “select previous days” to check for modified files. Here is a screenshot after running this module:
From the screenshot above, you can see that bin-75a.php and memcache-75.php are the infected files, and opening them also confirmed that the malicious code was injected. I deleted these two files and moved on to other features of the plugin.
Check for hidden administrator accounts:
Hackers often create a hidden administrator account.
The Admin User Dump feature allows you to quickly list all administrator accounts and their last login information. For some reason, the last login information feature didn't work for me, but I could see all user accounts with administrator privileges.
Now, once you have fixed all the hacking issues, it’s time to update your WordPress blog WP-config Keys.
Just click post-hack and update your WordPress configuration keys.
In addition to all the features mentioned above, you can also view server information, currently logged in users, and all WordPress cron jobs .
All in all, this plugin is very useful when your blog is hacked or you want to improve the security of your blog. You don’t need to enable this plugin all the time, just install it and follow the above steps to enhance security and disable it.
Please tell me what methods you use to protect your WordPress blog and if you use any plugins; I would love to know the name of the plugin. If you found this tutorial helpful, please share it with other bloggers in the WordPress community.
Disclosure: Some of the links in this article contain affiliate links, which means we may earn a commission if you click through to visit us, at no extra cost to you. See how SidelinePlay is funded, why it’s important, and how you can support us.
Was this helpful?