WordPress Website Hacked – What do you do

19 Feb

There are various situations when a WordPress website can be hacked. The most typical one is when the WordPress website simply redirects to another site. This is known as the redirect hack.

There are various infections of how this hack is done and what files, properties or configuration is maliciously changed, but ultimately somewhere there is a redirection happening on the site to redirect it to another website most likely spammy.

A typical hack is when the siteurl in the wp-options table is maliciously changed. To verify this you would need to connect to the database with a tool such as phpMyAdmin and access the wp_options table. The value of the siteurl field should be the address to the website. If this is changed then the website will redirect to such a URL. Hackers typically find weaknesses in plugins where the siteurl property can be updated.

If this is the case then the solution can be simple and the site can be restored by switching back the value of the siteurl to the correct value. However this is not enough. The following are subsequent items you should do:

  1. Update WordPress (if there is a pending update)
  2. Update all WordPress Plugins
  3. Check installed plugins. Uninstall any not required.
  4. Scan the website for malware

Typically having plugins updated to the latest version is enough to solve the issue for good, assuming that there was a plugin that was vulnerable. If there was a malicious plugin, making sure that the ones installed are legitimate also solves the issue.

Ultimately a monitoring solution such as Netumo can identify when such an event occurs. Netumo follows the site redirection and then matches a substring in the returned content with the HTML Code to Match parameter within the monitor. If the result does not match then Netumo will alert with a NoMatch alert.

In such situations being alerted immediately when such an issue happens is important to avoid reputational damage and resolve the issue quickly. Having the issue remain there can result in the website being added to blacklists which could be much more difficult to remove.

Signup for Netumo today for a free trial, for 30 days. Starting monitoring is easy and quickly without requiring any technical knowledge, just enter the URL and the HTML to Match section with a small piece of content from the website.