First sign for many site owners is that there web site or blog has been hacked is a sudden or dramatic drop in there ad sense or affiliate earnings.
I noticed something was wrong when because my WordPress admin panel wasn’t doing what it should have done. Suddenly I couldn’t add new categories in wordpress.
Functions didn’t work properly- I wanted to mass delete users and the drop down menu wouldn’t work.
I would be approving comments and a mouse hover would suddenly reveal random spammy text.
Help ! My website is being redirected to… uniqtext.com or similar spammy sites
One particularly evil hack is random re-directs of your site in Google search engine results ( SERPS) . Usually your most popular posts.
Your pages may being redirected to sites like uniqtext.com.
Hard to catch this one as if you have a cookie from your site the redirect won’t happen- only new visitors will be redirected to the spam site uniqtext.com with this hack.
You can clear cookies and do a search and try.
Repair Your Hacked WordPress Blog
I want to mention here if your site has been hacked initially it can be overwhelming and you might be tempted to something rash- like deleting files, etc. Its important you stay calm and act in rational manner. You may need information from the file you just deleted permanently.
I can assure you that you can fix your site and eventually it will be okay. Just take your time and do things step by step.
Using Web Master Tools to Catch WordPress Hack
Another way to catch a hack is to regularly check your site in Web Master tools ( you need to have a Google Analytics plugin installed your WordPress site) you can add your site and see problems- like pages not found, pages that don’t exist, etc. Look under “diagnostics” on your site’s dashboard in Web Master Tools.
Examples of Hack Code in WordPress Site
Hackers infiltrate your unprotected or out dated word press blog through ftp or as a user.
First thing to check is you current wordpress theme. A hack may be in all of the files or just header or footer.
You may find code that looks something like this:
ugly isn’t it?
If you have hack code in your wordpress theme also check ALL your other wordpress php files. Start with function.php and likely you’ll find hack code there as well.
First Steps to Fixing Your Hacked WordPress Site
This is what I have done when finding the code.
Downloaded my entire site onto hard drive. everything in the root directory.
Backed up my wordpress blog. You can either use a wordpress plugin- like this one to back up or manually export the tables in MyphpAdmin.
Change passwords for FTP client, wordpress admin passwords, and your MySQL database password. ( this is usually done in control panel where you host your site). You don’t want hacker coming in behind you as you clean up.
I would also create a ” Site down for maintenance” file. You can just create simple index.html file and upload to root of server.
Looked on hard drive for CLEAN backed up copy of site ( which most people won’t have) or a clean copy of theme.
If you don’t have clean copy of theme I would start cleaning hacked of theme or i consider downloading fresh copy and starting from scratch.
I am comfortable cleaning the them myself- basically delete the hacked code ( if you aren’t sure download clean copy of theme and compare) Likely the code will be at very top or very bottom ( scroll down past any white space)
You can edit files in ftp or do manually. Be very careful when editing- its easy to accidentally delete a snippet or character that your theme needs.
This is what i did instead of just deleting the entire directory for my site which seemed seemed scary. I created a new directory for site with intent to delete infected directory after new one was all was set up. I am talking about directory on your server, where you upload files and wordpress files sit. I created new directory to upload fresh install of wordpress and cleaned files. In control panel you will be able to point the domain to the new directory. You can always change name back after you delete infected directory.
In my control panel for my sites ( site host i.e. dreamhost, go daddy, etc) .
Upload fresh install of WordPress and for the love of god make sure it is most recent.
Go through INFECTED files cleaning what you need. You will need your images for example.
WordPress Hack in Image Files and Directories
On that note- look through ALL your image files and directories. You may find more hacked code! Might be buried in a file with innocent name like ” log” . I recently found over 2,000 spam html files buried in image folder. Look for weird names that you know you didn’t create. If you are at all unsure don’t delete than at first but don’t upload them either.
At this point you should have fresh install of wordpress. Your theme cleaned and uploaded. Likely all your themes have been hacked so please delete or clean others before uploading or don’t upload at all.
Your plugins have likely also been hacked, Check them for hack code.
I would re- download all your plugins and not take risk of messing with the plugin code or missing hack code.
Upload images and other files you site need. I would do this very carefully. Don’t just drag “images” folder over in your ftp client to upload-check each directory,etc.
Test that your site is working. Activate plugins one by one. Look at posts to make sure images are working.
WordPress Hack has changed Permalinks, Categories or Site Structure
Chances are if your site has been hacked it has affected site structure and the way Google sees your site. It may have been labeled suspicious. It some cases it affected your permalink structure. On one of the sites I fixed the a hack it had changed all the wordpress categories.
Go through your posts and check that this hasn’t happens. Look for lots of posts that are “uncategorized” and assign them to a category. while you are at it add some tags as well.
How to get Site Re-indexed After WordPress Hack
Once you are sure your site is clean and working properly take some steps to get your standing in Google back and your site indexed properly.
Use a plugin that will help with crosslinks ( i.e. related posts plugin , similar posts)
These plugins in will add links to similar posts after post and create instant crosslinks that make sense. You can change how many related posts you want listed. If you want to be aggressive set to 10. More restrained use 5. Normally I would have set to 3.
Add fresh content. Fresh content will bring bots which is what you want.
Update older posts. Again will bring bots.
If you don’t have Google sitemap plugin on your blog get it.
Use Google Web Master tools and Google fetch. You can use these tools to have your site and pages crawled by Google bots. I some cases your site may have been de-indexed by Google. make a request for re-inclusion of your site.
Take steps to Make sure it Your WordPress Site Does not get Hacked Again.
Update to newest version of WordPress. Always.
Change passwords frequently.
Use htaccess file to secure your site. Ther are sveral sites that tell you how to do this, like this one
Link to Webmaster Tools Home Page