After been hacked I figure that I’m the perfect candidate to tell what not to do if you don’t wanna be hacked, because I can’t blame anyone but my own lazy a** for the problem.!
So first here’s what not to do.!
What not to do
1: Don’t keep your WordPress version updated at all time
2: Download plugins from other sites that WordPress and other major sites.
3: Allow everybody to create profiles and don’t admin them, it’s a waste of time…
4: Use poor passwords on the blog, ftp and mail..
5: Nevr backup your blog, it’s only for weak..
So what to do
1: Always keep your WordPress updated.
2: Only download plugins from major sites and WordPress.
3: If your blog is open to guest posters, then delete/remove the ones that aren’t used.(better yet have them contact you so that you create the profile.)
4: use good strong passwords this means passwords that contains letters, numbers and specials letters and so on.
5: Setup an automated backup software, that makes backups of the database and files and uploads it to somewhere else i.e. dropbox.
If you follow the todo list, then the fix is fairly easy.
- Check Google Webmaster Tools to see which pages Google has spotted with malware and so on..
Then check the urls on this websites: http://aw-snap.info/file-viewer/ to see where the malware has been placed i.e. theme, post and so on.
Because if it’s in a post you need to use the right backup from before you got infected, delete the theme if it’s one of those that is infected.
- Check the urls up against these sites also
scanner/http://www.rexswain.com/ - HTTP Viewerhttp://urlquery.net/ - Checks among other things your standing on Yandex, SiteAdvisor, Google, Opera and Norton Safe Webhttp://wepawet.cs.ucsb.edu/ - Checks scripts
- Change the passwords, delete everything from the web host and start with a fresh WordPress and update it with your clean database backup.
If you don’t have a backup and didn’t do as you should, then you need follow the same steps but you also need to go through all the posts to ensure that there is nothing malware here.
When all that’s done and the blog is clean, resubmit it the networks to get a clean bill of health.!