What To Do If Your Wordpress Blog Got Hacked

22Jun/101

What To Do If Your WordPress Blog Got Hacked

Well... today two of my other blogs hosted on another host got hacked. I am not sure what's going on right now. But I guess I am not alone and due to the fact that I now know what to do, I want to share my knowledge with you.

There are so many real stupid people out there. And so far I came across four ways a wordpress blog gets hacked:

1. The whole hosting accounts with all domains on it gets deleted.

2. Someone accesses your blog and adds malicious code. In this way e.g. every user will download a trojan or virus in the background when visiting. In the past years this has happened several times to me. In a lot of cases the hackers were so stupid that they added the code incorrectly and the whole blog stopped working... Well.... they should do it at least right...

In case the hacker adds malicious code correctly and you are not aware of it, it will only take a while for google to find out and warn every user in the search results that your blog is spreading malicious code. When this happened to me one year ago I removed the code, did a re-scan in Google webmaster tools and sent a reinclusion request to Google explaining the situation. It only took some days and my sites where back in the index.

3. The hacker adds a link to another site. In most cases the link will lead to a porn site and is located in the footer section of your blog. All you have to do is remove the code.

4. If your wordpress blog shows an error or blank screen and many files seem to be infected the best thing to do is: Just go ahead and delete all files. Same if the whole blog got deleted and all files are gone.

How to know what files have been accessed by the hacker? Access your site via FTP. You will see all files and also the dates on which they have last been changed. So if most of your files have not changed in months and only some show that they have changed recently, these are most likely the ones that have been accessed by the hacker.

Do NOT Panic!

Hackers usually do not access your MYsql database. So all your posts, tags and comments will still be there.

You should take advantage of this negative situation and upgrade your WordPress Blog to the newest version

So go ahead, upload the newest version of WordPress.

Once completed rename wp-config-sample.php into wp-config.php and enter your OLD Mysql database name and password. (The one your deleted blog used before it got hacked!)

In case you have no idea of the MYsql database name and password go to your Cpanel's hosting account. Go to MYsql and you will see all exisitng databases. Most important is the database name. Copy it and enter it into wp-config.php.

In case you forgot your Mysql database password.... there is still no need to worry! Just create a new user for the existing database and assign all permissions. Enter the new user information you just created into the wp-config.php.

Upload.... after that go to yourdomain.com. You will be forwarded to yourdomain.com/wp-admin or if required you will be told that a database upgrade is required. Click OK.

Log into wp-admin and go to the APPEARANCE section. Choose a new template.

After that go to "Plugins". You will see a red list of all Plugins that were once there and are now gone. Copy the list and lookup the plugins you used before. Upload them to the plugin directory and reactivate.

That's it. Back Online.

As you can see a hacked WordPress blog is not a real disaster, because in most cases the MYsql database where all the important data is stored stays untouched. So all that is lost are the Worpdress files. Make the best out of this situation and upgrade to the newest version of WordPress and get a new fancy WordPress theme.