As part of a long term plan to push the web to adopt HTTPS encryption, Google Chrome is now marking all plain HTTP sites as “not secure,” as of July 24, 2018, with the release of Chrome 68. Previously, the “not secure” warning was hidden behind the security indicator in the URL bar. That warning has become more prominent with the release of Chrome 68. The browser now immediately displays the “Not secure” message in the omnibox for all HTTP pages. Today Google announced a time frame for eventually marking HTTP sites with a red “not secure” warning.
Millions of customers of Australia’s largest banks are the target of a sophisticated Android attack which steals banking details and thwarts two-factor authentication security. Commonwealth Bank, Westpac, National Australia Bank and ANZ Bank customers are all at risk from the malware which hides on infected devices waiting until users open legitimate banking apps. The malware then superimposes a fake login screen over the top in order to capture usernames and passwords.
Every day, cybercriminals compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner. For example, unbeknownst to the site owner, the hacker may have infected their site with harmful code which in turn can record keystrokes on visitors’ computers, stealing login credentials for online banking or financial transactions. In this first step, we explain how and why hacks happen, and review options for recovery.
So, did it hurt? When you landed at the bottom of the SERPs, I mean, and Google slapped a scary red warning message on your site telling people to keep out. If this happened due to an error on your part (bad SEO, shady linking tactics, etc) that’s one thing. But if your site was hacked and now contains malicious code, that’s just adding insult to injury – and can really damage your reputation. A Step-by-Step Guide for Getting off the Google Blacklist…
Compiled from more than two million leaked passwords during the year, the list shows that internet users are still using insecure passwords, such at 123456 and password.
While longer passwords are making their way on to the list, which SplashData have been compiling for the past five years, the simplicity of the password is making the extra length almost worthless.
If you are unfortunate to experience a hacked WordPress site, while annoying, it can be fixed. We have fixed hundreds of hacked websites since 2008 and have developed this checklist to clean up and secure against future malicious intrusions.
This does require knowledge of MySQL, PHP and the WordPress code environment. If you are unsure of any of the steps, there are plenty of articles and videos if you search. Many will be technical so you may need help along the way if you get stuck. Feel free to reach out if you do need assistance.
Step 1. Preparation
- Put the website into ‘maintenance mode’ (optional but prevents people and search engines visiting and experencing undesirable activity)
- Take a complete backup of the website and database (IMPORTANT: Do this before doing anything so you have a point to revert back to if something goes terribly wrong)
- Create a copy of the site to perform the cleanup
- Scan the website to identify infected files and directories
- Scan the content to identify malware, viruses, bad links, and vulnerabilities
- Check logs for information about access and malicious activity
Step 2. Clean Files and Directories
- Remove Unused Themes and Plugins
- Scan Uploads Directory for foreign code
- Check and clean wp-config.php
- Check and clean .htaccess file
- Check and remove foreign files and directories
- Delete Infected Plugins and install clean versions
- Delete Infected Theme (if not customised) and install a clean version
- If Theme has been customised, clean up infections
- Delete WordPress Core and Install a clean version
Step 3. Clean Database
- Scan Database for infection and clean
- Remove Spam Comments
- Remove Post and Page Revisions (to prevent to accidentally reintroducing malicious content)
- Remove suspicious links
- Remove suspicious content
Step 4. Secure
- Change database Prefix
- Set file permissions to 755
- Set Directory Permissions to 644
- Create blank Index files to prevent contents of directories being accessible via browser
- Reset Salt Keys
- Remove ‘admin’ username
- Check User Roles and remove access for suspicious users
Step 5. Plugins (Install and Configure)
- WP Hashcash
- Jetpack and Activate Protect and Monitor Modules
Step 6. Completion
- Remove the infected live site
- Replace with the cleaned version
- Take a complete backup of clean site
- Optimise Database
Step 7. Ongoing Maintenance and Security
- Regular Backups of Website and Database stored securely away from the hosting server
- Keep WordPress up to date as each version is released
- Keep Plugins and Themes up to date as each version is released
- Delete Spam comments
- Keep Passwords strong and secure (Ideally use an application like LastPass.com to generate and securely store login details)
- Monitor and scan regularly for suspicious activity
- If you notice anything suspicious, take action to identify and resolve immediately
Need Help To Fix A Hacked WordPress Website
If you just want to get you website up and running again, or don’t have the time or technical know how to do it yourself, contact us and we will get you up and running again. This can normally be sorted out with a turnaround of a business day. If it is urgent we can down tools and get your website fixed in a few hours depending on the size of the site and the extent of the hacking.
You will need to provide:
- Administrator Access to the WordPress Website
- Hosting cPanel or Control Panel (with FTP and PHPMyAdmin)
- Fresh copies of Premium Themes and Plugins or login details to obtain clean versions
Ongoing WordPress Maintentance & Support
“Prevention is better than cure” – a cliche but so true online. Enquire about the Maintenance Plans available to keep your website safe, secure, backed up and optimised. If your website should be compromised you will be fully operational again in a matter of minutes rather than days. We look after and maintain WordPress sites for a number of clients directly, and for other web design and development agencies.