Thursday, October 29, 2009

Is your WP Blog hacked?

If you are a WP Blogger you will find this useful.

In most of the forums I am active on, I see people crying out saying that their WP Blog(s) is/are being hacked. Hence, I thought why not write a simple precautionary guide on how to prevent such attacks and what to do next once it’s attacked. Here is it…

The proactive steps:

  • Do NOT use Fantastico for installing Wordpress Blogs. I know they do stuffs in just one single click and you see Fantastico makes the installation easy for everyone… for hackers too :)
  • Always password prorect your WP-Admin folders
  • Go to MilW0rm and type in WORDPRESS in the search option. You will see a list of plug-ins. If you have any of those plugins then you can be injected.
  • Using the Bad Behavior and Explot Scanner plugins can be of help

The reactive steps:

  • Inform your Hosting Provider to check if it’s a problem with the whole server or just your site
  • Join the Google webmaster tools & Stop malware site. Both of these will help you find the code and assist you to get re-indexed by Google when the site is clean.
  • FTP into your account. Look at the dates of the files. Find the ones that are very recent - you're looking for the file that will have hacked. The date will give it away. It’s probably the blogs header, footer, page, or index file. Do you use Filezilla for other FTP software? Please DON’T! Switch over to WinSCP.
  • Once you find a suspected file, logon to your WP account. Scan the suspected file line by line looking for the malware code. If it's something simple, it's probably an inserted js script. Once you locate the bad code just edit the file, remove the bad code, and save the cleaned file. You will need to set permissions to 777, edit the file, and then be sure to reset permissions to 644 or whatever they should be.

Finally, if a hacker really wants to make his/her way in, you cannot stop them. With these above steps, you however can slow them down.