✔️ SEO HELPER | NICOLA.TOP

✔️ SEO HELPER | NICOLA.TOP

How to easily recover a hacked site? (Complete guide)

Number of views

2,369
print · Время на чтение: 26мин · - · Опубликовано · Обновлено

playListen to this article

Man restore site, you can fix your hacked siteHas your site been hacked? Most website administrators see symptoms such as redirects to their websites or spam pop-ups on their websites. Understandably, this can be stressful. Let me reassure you, you can fix your hacked site.

Before we start cleaning up the website, I need to make sure your website has been hacked. Scan your website with the security plug-in to confirm your website has been hacked.

Once you confirm the hack, the next steps become much easier. In this article, I will explain step by step how you can identify and clean up malware on your website.

The content of the article:

How do you know if a site has been hacked?

Before you can start cleaning up a hacked website, you need to make sure that your website is hacked at all. A scan is the best way to confirm a breach, but you should also be aware of the symptoms of a breach to help you identify a breach.

Symptoms of a hacked site

You can't always be sure that a site has been hacked. Depending on the type of malware, the symptoms of hacking may vary or may not appear at all. And if you don't know what to look for, malware can sneak up on you. With hacks getting worse over time, it's important to identify them quickly. Therefore, you should know what symptoms to look out for if you have a hacked website. Here are some of the most common website hacking symptoms.

Check Google Search Results

Google is very good at detecting malware. Their bots are constantly on the lookout for malware when they crawl your site because they want to provide a safer browsing experience for their search engine users. If your site gets hacked, chances are it will show up on Google soon.

To check Google search results, google your specific website. For example, if you're trying to find Twitter on Google, you might find site:twitter.com. You can also search for specific keywords on your website by adding them after your search term. If hacked, you will see the following issues in Google search results.

Unwanted meta descriptions

Meta descriptions are the little descriptions you see below the search results that explain what the web page is about. This will usually be something you installed or a relevant snippet from your web page. But if your website has been hacked, your meta description may contain unwanted values, Japanese characters, or even unrelated keywords.

indexed pages

Hacks can often result in spam pages being added to your site. You can check if this has happened by searching your website on Google and checking if the indexed pages match the number of pages on your website. If the number is much higher, these are spam pages that are being indexed on your site and are a sign of a hack.

Google blacklist

As I said earlier, Google is committed to encouraging the safety of its users. As part of this, they launched the Google Safe Browsing initiative, which scans websites every day and flags them if it detects malware. A Google blacklist can appear as a series of notifications, including a warning in search results or a big red screen before visiting a website. Here are some of the warnings:

  • Phishing site ahead;
  • This site contains malware;
  • This site has been marked as unsafe;
  • This site may be hacked;
  • Deceptive site ahead.

Hacked website - Google warning.If you see any of these flags in your site's search results, most likely your site has been hacked.

Check your site for problems

A hacked site may not show any symptoms at all. But some symptoms may appear on your site when the hack reveals itself. The visible parts of your website that you visit every day can tell you a lot about the overall health of your website. So watch out for some of these symptoms on your site.

Spam pop-ups

If you see an unauthorized pop-up on your website, it is most likely malware. These spam pop-ups are designed to either lure your customers to spam sites or trick them into downloading malware disguised as free services. Although spam pop-ups are a clear sign of malware, they can also appear due to the inclusion of ad networks on your website. If you notice this, scan and clean up your website as soon as possible to make sure.

Redirects to spam sites

Malicious redirects are a big problem. They can be chaotic because sometimes, along with other pages on a website, the login page also redirects to other websites. If this happens, you won't even be able to log into your website or stay on it long enough to figure out what the problem is. Automatic redirects to spam sites are a sure sign of malware on your site.

Phishing pages

Phishing is a type of social engineering attack that uses spoofing tactics to obtain personal and financial information from users. Usually a phishing page tries to look like an official page and has a bank logo or branding to make it look more convincing. If you see phishing pages on your site, this is definitely a sign that the site has been hacked.

broken pages

If you see pages with random code at the top or bottom, or if you see elements on the page looking cluttered, this could be a sign of malware. While broken pages can be caused by a faulty plugin or theme, malware is very likely to appear.

White screen of death

The white screen of death is what happens when you visit your website and your browser goes blank. It's a stressful situation because you have no idea what went wrong and how to fix it. Also, when this happens, there is no way to access your wp-admin and you are locked out of your own website.

Check the backend of your site

The back end of your website can also indicate if your site has been hacked. You can also monitor symptoms on the backend. Although, unless you are an expert or someone who understands the logic of the code, they may be impossible to detect.

Activity log

A good way to find symptoms on the back end of a website is to look at your website's activity log. You can install a plugin like WP activity log to access the activity on your website and see if you notice any suspicious activity.

Strange code on your site

Your website is made up of code, and malware also masquerades as part of it. Thus, it can hide anywhere on your site and appear harmless. If you notice any changes in the website code or strange code on your website, you need to act quickly and confirm the hack before things get worse.

Unusual user activity

If there is any unusual activity on the part of a certain user, such as creating too many new messages in a short amount of time, or changing settings, this could be a sign of an account being hacked or compromised, which could lead to a hack.

Privilege Elevation

Hackers often take advantage of existing website users, gain access to their accounts, and elevate their privileges to gain access to your entire website. This is why you need to keep an eye out for any website users whose privileges have been suddenly elevated without authorization.

Fake plugins

Hackers don't want you to find malware. So they hide it in legitimate looking folders like theme and plugin folders. Fake plugins are malware distributors. Fake plugin folders contain only one or two files and have strange names.

Look for any message from your web host

Your web host invests in the security of your website as a hacked website on their servers can give them a lot of headaches. Therefore, most web hosts crawl their websites regularly.

If your web host sends you an email saying it has found malware, or if it suspends your site citing malware as the reason, it's safe to assume that your website has been hacked.

Another thing to watch out for is server usage. If your web host is telling you that your server usage has skyrocketed without much change in your website traffic, it could be due to malware.

Pay attention to visitor reviews

Sometimes hackers deliberately hide malware from the site administrator. So you may not see any of the mentioned symptoms, but your visitors may. If any of your visitors are complaining about spammy pages on your site or site instability, take this review very seriously and get it scanned as soon as possible.

Visitors often see symptoms that the administrator overlooks, such as getting spammed from your website or being redirected when they visit your site. Even if a review is a complaint that your website isn't loading fast enough, you should look into it, as even the smallest symptoms can be a sign of malware.

View your website analytics

Your website analytics can tell you more than just customer behavior and CTR. If you know what to look for, you can find malware symptoms in your website analytics. Here are a few things you can look out for.

Search ConsoleGoogle Search Console periodically crawls your website and may find malware on it. If it finds malware, it will flag it and you can see the details under the Security Issues tab.

Surge in traffic from certain regions

If you suddenly see a spike in traffic from certain regions or countries that are not necessarily part of your target geographies, this could be a sign of malicious traffic on your sites, such as bots or hackers. Traffic spikes can be a harbinger of malware or a sign that traffic is being directed to spam pages. As a general rule, it's best to check them regularly.

Pay attention to performance issues

When your website is hacked, you may not always get a big red notice that it has been hacked. Sometimes this manifests itself in the form of less noticeable symptoms. These symptoms can be of any nature, but your website's performance issues are easy to miss if you're not vigilant. Look out for the following issues as they may be a sign of malware on your site.

Website is slow

When your site is hacked, malicious code and files are injected into it. While the malicious code itself can wreak havoc on your website, its very presence can cause problems. Additional malware data can overload your website's servers, which can affect your website's load time.

Some hacks, such as bot attacks, can overload your site with requests and further increase load times.

Site unavailable

Malware can make your site inaccessible to both users and visitors. DoS attacks or redirect hacks can make it impossible to access your website, and sometimes parts of it. While it's impossible not to notice that your site is down, the added challenge is getting access as soon as possible so you can clean it up.

Emails from the site end up in the spam folder

Email services want to offer a secure experience to their users, so they filter incoming emails and send emails to spam if they notice something suspicious in them. Hacked websites compromise the online security of their users. Therefore, any emails coming from hacked websites go straight to the spam folder.

While there are other reasons such as spammy keywords or overtly promotional messages to end up in the spam folder, malware is a major reason. If emails sent from your website regularly end up in spam folders, it could be because your website has been hacked.

Scan the hacked site

Just suspecting a hack is not enough, you need to confirm the hack before you can go ahead and clean it up. Scanning is the best way to diagnose your site and confirm a hack. There are several ways to crawl your website.

Crawl your site with a deep crawler

A deep scanner like MalCare or Wordfence Security scans your site thoroughly and looks for well-camouflaged malware. Deep scanners are the perfect way to detect malware as they scan every corner of your website and find even the slightest hint of malware, even if it's hidden in the most unlikely places.

In order to crawl your site with MalCare, you need to install the plugin on your site. You can do this through the WordPress repository.

Site crawl - clean siteAfter you install MalCare, it will automatically crawl your site for the first time. After that, you can set up an automatic scan schedule or click the scan button to crawl your website.

In a few minutes, you will know if your site has been hacked.

Scan your site with an online crawler

Online scanners like Sucuri Site Check scan the visible parts of your website for malware. While not entirely effective, it can be a good first step in the diagnostic process.

Some types of malware, such as the pharma hack or the Japanese keyword, can appear in the visible code of your website because these hacks change the external code of your website.

But keep in mind that online crawlers may not be the only tool you use to diagnose your site. If you get a positive result for malware, you can be sure that your site has been hacked. Conversely, a clean cheat doesn't mean your site isn't hacked.

Crawl your site manually

You can scan your site for malware manually. But I strongly do not recommend this course of action. I'm including this section so you know all the options, but if you don't know exactly what you're doing, it's unwise to do so. You are likely to miss something or potentially flag legitimate code as malware.

Also, there is no plan for malware. The unwanted code can be anything and hide anywhere on your site. Thus, you must be very familiar with the code in the first place to detect malware.

That being said, the first step to identifying malware manually is to look for recently modified files on your website. This can be done through the file manager. If you haven't made any changes to the displayed file, it's most likely malware.

As I mentioned earlier, the best course of action is to use a security plugin. Security plugins are thorough and fast, which is necessary because hacks need to be resolved quickly. Once you have a definitive answer to whether your site has been hacked, all you have to do is update it to clean it up.

Easy diagnostics to start

While scanning is the best way to confirm a hack, there are other easy ways you can use to diagnose your website being hacked. These diagnostics are not as accurate as security scanners, but can give you a good idea of the health of your website.

  • Go to your website in incognito mode and checkwhether any symptoms appear.
  • Check the number of pages on your websitewhen you run a site search on Google. If the number is much higher than the actual number of pages, this may indicate that spam pages are being indexed on your site.
  • Check activity log for sudden privilege escalation of users or ghost users.
  • Check for fake plugins in wp-content folder. Fake plugins usually have strange names and only contain one or two files.
  • Check if any plugins or themes you use have reported vulnerabilities. If yes, update them as soon as possible.

This diagnostic can reveal the symptoms and give you a clear idea about the security of your website. But you should still use a security scanner to confirm the hack and be thorough.

How to recover a hacked site?

At this point, you should have proof of the hack. This information will help you in the next step i.e. cleaning up the hacked website.
There are various ways to fix a hacked website and I will list three of the most common ways you can do it.

Fix a hacked site with MalCare

The most efficient and fastest way to recover a hacked website is to use MalCare. This plugin is developed by security experts after painstaking research and development. This experience allows you to remove all traces of malware from your site with the click of a button.

If you've already installed the plugin on your website, all you have to do is update your account and hit the auto clear button, and voila! Your site is clean.

Hacked site - scanning.

Hire a Security Expert

Another way to recover a hacked website is to hire a security expert who can manually clean up your website. Although this is not the best course of action, it is still preferable to do-it-yourself cleaning.

Professional cleaning services take time as they do it by hand. And, accordingly, they are expensive. Although I cannot guarantee the quality of services provided by each security solution. Using a security plugin would be the best solution.

Restore a hacked site manually

Manual cleaning isn't the most efficient or fastest, because unless you're a security expert, a lot of what you do will be trial and error. This takes time, which can make hacking worse. But if you accidentally make a mistake, it may even worsen your situation.

Many website administrators who have tried to clean up their website manually have broken their website by accident. It will take much longer to fix than if you use any other method. If for some reason you still need to repair your hacked website manually, here is how you can do it.

1. Make sure you have access to your site

If your web host has suspended your account and you have lost access to your website, the first thing to do is regain access. You can send an email to your web host and ask them to grant you access for cleaning purposes. If they don't qualify, you'll have to use FTP to get a copy of your website so you can scrape it locally.

2. Back up your website

The next step is to back up your website. It may be hacked, but at least you still have a website. If something goes wrong during cleaning, you can always restore it. But without a backup, you could lose all your site data if things don't go according to plan.

3. Download the WordPress core, plugins and theme files from the repository

Before you can start cleaning, you need a link. To do this, you need to download a clean install of the WordPress core, plugin, and theme files. You can download them from the WordPress repository. But make sure you are uploading the same versions as on your site. Otherwise, there may be differences in the code and you will not be able to compare files.

4. Reinstall WordPress Core

Now the hardest part. You will have to reinstall the core files on your site. Start with the wp-admin and wp-includes folders. You can directly replace these two folders as they do not contain any custom content.

Once this is done, check the wp-uploads folder. This folder should not contain any malicious PHP files. So if you come across any, delete them. Now you should start looking for strange code in the files. Look into these files specifically:

  • index.php
  • wp-config.php
  • wp-settings.php
  • wp-load.php
  • .htaccess

I understand that strange code is a vague explanation, but there is no specific code that is malware. So you have to be especially careful. Especially since these are core files, don't delete anything unless you're sure it's malware.

5. Clean plugins and themes

Moving on, it's time to clean up the plugin and theme files. You will find these files in the wp-content folder. You will need to compare the clean installs with the files on your site. This can take a significant amount of time, so we recommend using the online diff for this. This will help you find any differences between the two files. You can start by looking for the following active theme files:

  • header.php
  • footer.php
  • functions.php

Note. Given that themes and plugins are customizable, customizations may appear as additional code. Therefore, if you remove any code other than a clean install, it may wipe your settings or stop plugins and themes from working.

6. Clean up database tables

The last step in the main cleanup process is the database. To clean up the database tables, you will need phpMyAdmin with which you can download and open the database tables and take a look at the code.

Now take a look at the database tables and see if you find any weird code or scripts. Start with existing pages and posts because you know what they should look like. You can find them in the wp-posts table. Also, look for recently created pages and posts and see if you find any that weren't created by you. Next, you can look into the wp-options table. These two tables often contain malware.

7. Remove all backdoors

Cleaning up files is only half the battle. Malware came from backdoors on your website, and as long as the backdoors are still there, your site is still at risk. Therefore, the next step is to remove all backdoors.

Backdoors can be present anywhere on your site, so you need to look for them carefully. You can search for popular backdoor keywords such as eval, base64_decode, gzinflate, preg_replace or str_rot13.

Note. These keywords are often found in backdoors, but they also have legitimate uses in plugins and themes, and removing them can cause problems for extensions to work.

8. Reupload Clean Files

It's time to re-upload all your cleaned files back to your site. You need to delete the existing files and database first and then re-upload any files you have cleaned up. You can use file manager and phpMyAdmin for this.

9. Clear cache

The last thing to do is clear the cache on your WordPress site. The cache is used to create copies of your site so that it loads faster. But if your website is hacked, chances are that the cached versions also contain traces of malware. Thus, even after cleaning, malware may remain on your website.

Therefore, to completely remove malware from your site, clear the cache from your site completely.

10. Use a security scanner to confirm

The worst is over, cleanup is over! Now all you have to do is use a security scanner to make sure your site is free of malware. This step is important because it tells you if your attempt was successful. If yes, then you can move on. But if not, then you will have to double-check everything again. In this case, it is better to invest in a security solution.

What are the consequences of a hacked website?

A hack can blacklist your website, suspend your web hosting account, and leave you without a website. This is all? The impact of a hacked website goes much deeper than the immediate consequences. If not corrected in time, the consequences of hacking can worsen significantly. Here are some of the ways a hack can affect you:

  • Loss of income
  • Loss of traffic
  • Falling SEO Rankings
  • Loss of customer confidence
  • Damage to brand reputation
  • Cleaning costs
  • PR costs
  • Legal problems

This list is by no means exhaustive. Depending on your website, the nature of your business, and the data on your website, the impact of a hacked website can be much wider.

How to recover damage from site hacking?

A website hack affects your business and users in many ways. As I discussed earlier, huge damage has already been done after a website has been hacked. You will need to take steps to repair this damage. Here are a few steps you can take to recover from a hacked site.

  • Scan your site for vulnerabilities.
  • Ask Google to remove your site from the blacklist.
  • Change all your passwords and make sure you use strong passwords.
  • Review all user accounts and check for any privilege escalations.
  • Never use blank themes or plugins.
  • Use a security plugin with a strong firewall.

How to prevent your site from being hacked again

Your site is now free of malware. But did you know that a hacked website is more likely to be hacked again? You may have spent hours or days cleaning up your website, but in a few weeks you will still see another hack. It can be discouraging, but there are ways to avoid future hacks.

Use a security plugin

The easiest way to keep your website secure is to install a security plugin. The security plugin does a great job of scanning and cleaning up hacker attacks, but also performs a protective function.

Plugins like MalCare or Wordfence Security can protect your sites from a variety of threats, including bots, spam links, and more. Using advanced firewalls and intelligent threat detection, such plugins can keep your website protected even from new threats.

Update your website

Update everything on your site, no exceptions. Your themes, your plugins, your WordPress core, everything you have installed on your website should be updated to the latest version as soon as possible.

The reason for this is simple - updates fix critical software vulnerabilities. If you ever take a look at the changelog of your latest updates, you will notice a list of bugs and vulnerabilities that were fixed in this update. These vulnerabilities are usually discovered by security researchers who inform the creators of that theme or plugin, allowing them to fix them immediately. Once a patch is released, the vulnerabilities become public, allowing hackers to attack any website that runs the vulnerable code.

Unfortunately, many websites are not updated regularly because the owners are afraid that the updates might break something. While this is true, the fact remains that not updating your website is much more likely to result in losses than any delays caused by updating it.

In addition, there are ways to safely update your site. You can make regular backups of your website, which can be restored if an update breaks your website. But the safest way to update your site is to use an intermediate server. You can safely test new updates and features on a staging server before deploying them to your website, so updates are processed without impacting your website.

Strengthen Your WordPress Site

WordPress recommends a list of measures that a website administrator should take to protect their websites. This is known as WordPress hardening and includes a list of things like using strong passwords and two-factor authentication.

Use two-factor authentication

Two-factor authentication allows you to add an extra line of defense to your login page that prevents attacks on your login page such as brute force attacks. Two-factor authentication usually asks you for a one-time password after your login credentials so that your site is further protected from being hacked.

Install SSL

SSL is essentially encryption that secures any communication that happens to your website. By installing SSL on your site, you guarantee that no data will be intercepted by hackers when sending or receiving requests from other servers.
SSL also helps improve SEO as Google has begun to actively penalize sites that do not use SSL.

Use strong passwords

This may seem like a common sense measure, but even today, weak passwords are one of the most common reasons why websites are hacked. Administrators usually choose a simple password so they can remember it. But this can affect the security of your site.
I recommend using a password manager so you can choose a strong password without having to remember it every time you log in.

Reset user accounts

User accounts are often responsible for hacks. Hackers gain access to one account and sneak into the rest of your site through the account. Therefore, to ensure that your accounts are secure, change the credentials for all accounts from time to time.

How did your site get hacked?

Given that your website is made up of code, hacks are common. Because the code cannot be reliable, and there are no 100% secure websites. But that doesn't mean you can't prevent hacks at all. In fact, by taking the right steps, you can actually protect your site really well.
So if you're wondering how your site got hacked, it's probably one of the following reasons.

Undiscovered backdoors

As we discussed in the previous section, backdoors are a big risk. Backdoors are essentially loopholes in a website's code that hackers use to gain access. These backdoors are usually introduced through malware in one way or another. Because hackers design malware to stay hidden, backdoors often go unnoticed unless you have a reliable security plugin.

Vulnerabilities in themes and plugins

Your theme and plugin files may have vulnerabilities that are used to hack your website. Vulnerabilities are errors or oversights in the code of a website that occur due to human error. Vulnerabilities themselves are inevitable. But hacks can be prevented by updating your site frequently.

Developers fix vulnerabilities as they are discovered, but in order to get a patch, you need to update your themes and plugins. If you have a reliable security plugin, it will detect vulnerabilities and also help you update themes and plugins from the control panel itself.

Poor user management

If all of your users have more access than they need or their accounts are not secure, this can lead to a hack. The best course of action is to follow the principle of least privilege and only transfer access as needed.
Also, it is important to remove old or inactive user accounts as they can be used by hackers to gain access.

Web hosting issues

While this is a rare occurrence, your web host may be responsible for your site being hacked. This hack may be related to cPanel itself or one of the programs your web host is using. When this happens, all websites on the web hosting servers become vulnerable to hacking.
If you can't find another reason for your site being hacked, look for a recent post from your web host. Most web hosts usually inform their customers if there is any problem on their end.

Unsecured communication

If your communication is not secure, it could be intercepted by hackers or anyone on the same network as you. To avoid this, it is important to use SSL on your site.
SSL encrypts communication with your website so that no data or information falls into the wrong hands.

Why are websites hacked?

Attackers hack websites for several reasons. But the main reason why websites get hacked is because every website has value. Websites have resources that can be used in the event of a hack. Even small websites can be used as part of a botnet or their data can be used to

Because bots are easy to use, brute force attacks don't require much effort. Hackers need to do very little to try and break into your site, and the returns are still pretty good. Some hackers also break into websites to obtain confidential information or financial data that they can use for their own purposes.

Given that hackers have virtually nothing to lose when they attack your websites, the responsibility for security lies with the website administrator. It is best to use a security plugin to protect your site from any potential attack.

Conclusion

Website security is not a one-time task. You need a security plan that is updated frequently and is being worked on. To do this, you also need to be aware of the security of the website.

One of the best ways to secure your website in the long run is to use a security plugin. The firewall protects your site from attacks and warns you if it detects something suspicious on your site.

FAQ

My site has been hacked, how do I recover a hacked site?

If you think your site has been hacked, scan the hacked site to confirm your claim. Use a deep scanner that will scan your entire website and notify you of any malware if found.

What happens if your site is hacked?

A hacked site can have far-reaching consequences, including but not limited to loss of customers, loss of revenue, legal issues, loss of data, business interruption, loss of brand reputation, loss of customer trust, and a dramatic drop in SEO rankings. These consequences can seriously affect the survival of a business if not addressed in time.

How was my site hacked?

There are several reasons why a website is hacked, such as:

  • Undiscovered backdoors
  • Vulnerabilities
  • Weak passwords
  • Web hosting issues
  • Insecure user accounts

Can a hacked site be fixed?

Yes, you can fix a hacked site. Depending on the malware and the extent of the hack, you'll need to assess the damage and then take action to fix it.

Here is how you can recover a hacked site:

  1. Scan your site with a security plugin
  2. Access your site if it is blocked
  3. Clean up your site with a security plugin
  4. Remove your site from any blacklists

Reading this article:

Thanks for reading: SEO HELPER | NICOLA.TOP

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 548

No votes so far! Be the first to rate this post.

Метки:

Читайте также:

Добавить комментарий

Your email address will not be published. Обязательные поля помечены *

one × 3 =