My blog went largely unused in the past few months which in turn caused me to be lazy about applying updates. (A big no no in the WordPress world.) Then a few weeks ago I got a wild hair to start writing again. Upon logging in I was greeted with this fun message:
It turns out that not only was my site hacked but a few others I have on the same server were as well.
Here are the steps that I completed to go about and fix it. (NB: I had installed a pluginÂ which had been emailing me daily backups of my data which really saved my skin in this case. I highly recommend it.)
- Identify infected files. Have a look at the tool that Cory provides over on his blog that I used to figure out when the date of the hackÂ occurred. Â (My hack involved someone uploading a dodgy plugin called: ‘tool‘ which allowed them to create administrative users in my install.)
- Remove the infected files.
- Change your website’s FTP username/password
- Change your mysql username and password (you will also need to update theÂ wp-config.php file)
- Login to PHPMyAdmin and create a full database backup
- Choose a backup that was from before you were hacked.* (NB: “Although just because execution happened a certain time, doesn’t mean infection did”) As I had not written anything in 3 months, I simply choose a backup that was a few days after my last post. (The infection manifested itself on the 9th of Dec)
- In the SQL field in PHPMyAdmin, run the sql statement. (NB: This will delete and then restore EVERYTHING, if it goes south, make sure you completed Step 5)
- After it has finished, go to your WordPress dashboard. If you had upgraded WordPress before the hack (as I had), WordPress is smart enough to inform you it needs to upgrade the db.
- Change your WordPress admin username and password. (I recommend creating a new admin user and deleting the old one. You can assign all your posts to the new user…)
- Check the user list to see if there is anyone else listed as an admin.
- That’s it, you should be all good to go!
- Make sure your passwords are STRONG passwords.
- Don’t user ‘admin’ as the name for your admin user.