A hacked website costs you readers, search engine rank and time and money.
Use these tips to help you find and clean a WordPress website from hacked code and malicious malware links inserted into the website code.
Wordpress hacking
WordPress vulnerabilities ; SQL injection, JavaScript insertion and.htaccess hacks are all common ways to alter the content on your WordPress website.Some hackers redirect users to another website, other hackers insert malicious links and some other hackers use the .htaccess file to steal Google rank. If you think you are hacked, here are some common sings to search for in your website code.
Check Your.htaccess File :
The .htaccess file is always in the root dlretory of your
WordPress site. The .htaccess file lets you control how the
server handles website requests such as Google crawler
access and URL redirections Hackers who gain access to the
.htaccess file insert a few lines of code that redirect
search englnes. The hacked code detects the “user
agent”value, which is passed from a web browser or
search engine to the WordPress server. If the user agent is
“Google,” the hacked .htaccess file redirects Google to
the hacked website. This hack 1s completely invisible to
your WordPress readers, and it only affects Google rank
The following code is an example of hacked .htaccess code:
RewriteCond %{HTT-REFERER} .*google.* [OR]
RewriteRule ^(.*)$ http//hackedsite.com/index.php
[R=301,L]
In the above example, if Googlebot crawlss the website, the
crawler is redirected to the hacker’s wbsite. You must
delete these lines of code from the .htaaccess to fix the
hack.
Inserted JavaScript a PHP Code :
Two functions exist that help hackers mask and hide
inserted malware code: the JavaScript “eval” function
and the PHP “base64_decode” function. A simple Windows
‘Find” procedure on all of your Web pages can be used
to find these functions in your code.
The “eval”function lets a hacker inject JavaScript
code that looks like normal code, but the hacker inserts links or users a redirect that runs after a few seconds on the website. The PHP “base64_decode” function is more popular,because it allows the hacker to encrypt malicious coding statements. The “base64_decode” function decrypts the code upon execution, so it is only seen when the code is opened in a web browser. This PHP function is typically. Usually, the hacker places the malicious code several lines below the main content, so the webmaster misses the statements.Make sure you scroll all the way to the bottom to find the malicious statements.The following code is a random example of a PHP hack you find on hacked Web pages:
eval(base64_decode($_SERVER%7F))%32%E|.+)
All code after the “_SERVER”statement is encrypted
code. In this instance, you must delete this entire line of
code to remove the hack.
SQL Injection Hacks :
SQL injection is the most dffñcult for a webmaster to
understand. because you must know the SQL coding Ianguage
to understand how the hack works. SQL injection works using
database commands against the WordPress database. The
exploit is available on any website that does not use a
process called “scrubbing” in the inline SQL code The
best way to avoid a SQL injection hack on a WordPress site
is to update the software to the Iatest WordPress version.
However, this does not protect from SQL injection on
WordPress plug-ins Make sure your plug-in code is
up-to-date, and mly downlwd plug-ins from the official
WordPress org website.
After you find and remove malware from your site, you must
ensure you know how the hacker was able to inject the
malicious code. Change all passwords, update virus
definition files and run a virus scan on all computers that
have access to the website code. Part of protecting the
site from future hacks is understanding how the hacker
obtained access to your website. If you simply change the
code, you run the risk of being hacked in the future.