It is a common fact that hackers normally plant backdoors to targeted websites. It means that even if we are able to clean out a single backdoors, there could be others hidden somewhere. It is a common technique for hackers to disguise backdoors to look like standard WordPress files. It is important for us to clean up compromised WordPress installation. Due to its popularity, WordPress can be the most vulnerable CMS, not because it’s the least secure, but because many hackers are focusing on it. Fortunately, it is balanced by the fact that WordPress is constantly updated. It means that vulnerabilities can be constantly fixed once they are detected. But this fact, also doesn’t stop hackers from renewing their methods. This has become a constant race between developers and hackers. Users will become the biggest losers if they fail to keep their WordPress installation fully updated. It is important to fix any kind of vulnerability in our website, so it will be much harder for hackers to find a way in.
Here things that we can do:
- Install malware scanner: There are multiple malware scanners in our website, paid or free. We should be aware that free plugins may not be the most reliable and they could actually generate false positives. The best method is to read reviews about the plugin to make sure that it is working properly.
- Delete unused themes: Unused themes could provide various ways for hackers to find their way in. Get rid of themes that we are not using.
- Reinstall all plugins: It is possible that we are using older plugins or our plugins have been contaminated by bad codes. In this case, we will need to delete all plugins and reinstall them. This is obviously a time-consuming method, especially if we need to re-configure them. However, by refreshing our plugins, we have closed a path for hackers.
- Create a new .htaccess file: This file can be infected by redirect code when hackers want to create a backdoor. If we believed that the .htaccess file has been compromised, it is a good idea to delete it and create a new one. It should be recreated automatically when we click the Save button in Settings> Permalinks.
- Reinstall WordPress configuration: This method is necessary when our website is continuously attacked by hackers. It is an important security step to make a backup of wp-config.php file when we install WordPress for the first time. If we are suspicious that the website has implanted backdoors, we should compare the current wp-config.php file with the original one. Our suspicion would be confirmed if there are strange codes in the current one.
There are ways to prevent further attacks to our website. We may change admin username and password each week, using random alphabets and numbers. It is also a good idea to install security plugin that limits the number of login attempts to deter brute force attacks. The WP-Admin directory should also be password protected.