Call 888-979-9701

Steps to take if your website is hacked

We will review and secure your site, then have 1-on-1 call to explain what was done.

Step 1

Take the site offline with .htaccess
Add this to your HTACCESS make sure the down.php exists.

RewriteEngine On
RewriteBase /
#add exception for your IP address
RewriteCond %{REMOTE_ADDR} !¹¹¹\.111\.111\.111$
RewriteCond %{REQUEST_URI} !^/down\.php$ RewriteRule ^(.*)$ /site-offine.php [L]

Step 2

Take a full backup of your compromised site and database You can use phpMyAdmin or similar to backup DB Make sure to include server log files

Step 3

Alert your web hosting provider and/or web team.

Step 4

Check your website for malicious code. Quite often it will be enclosed in a “eval” something similar to this below.

eval(base64_decode(“aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snb
XJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9));

Some basic commands to get you started if you are familiar with ssh.

Step 5

Change the passwords on all website user accounts FTP, SSH, MySQL users, WP, etc.

Step 6

Check to see if you have a good backup.
If no backup available:
Take note of all settings
Examine/clean files
Scan & manually check folders/files for suspicious files

Step 7

  • Create a new FTP user account
  • Create a new database/user
  • Restore from a secure backup
  • Reinstall, redo any settings changes

In both scenarios:
Change all passwords; completely wipe files

Step 8

Test and debug the site for any issues, broken paths., and missing media

Bring site back online

After the site back online looks through server logs & site files to discover how you were hacked. To do this use a text file comparison tool like diff
OSSEC is an Open Source Host-based Intrusion Detection system you can use this to analyze server logs and try to pinpoint where/how the attack occurred

http://ossec.github.io/

Report the attack to the FBI via www.ic3.gov Be prepared to share your post-mortem backup

  • What is Hardenedwp

    Hardened Wordpress specializes in securing Wordpress websites from malicious attacks. Our proprietary systems secure your site and prevents hackers from damaging your online reputation with a comprehensive approach that includes automated malware scans, automated repairs and backups.