Hacked WordPress Site

How to Clean Up Hacked WordPress Site

by Wordpress Security

Websites can be hacked, this is a bitter reality, and it is very stressful if a WordPress site gets hacked. It has a direct effect on running a website and even greater impact if you are using one to represent your business. In this article, we will discuss a systematic guide to fix a WordPress site after it is compromised.

Few Things to Know Before We Start

Let’s break down what kind of impact a hacked site can have:

  • Lost or reduced search engine ranking.
  • Visitor data can be compromised.
  • You can lose reputation as hackers may redirect your website to scam sites.
  • You might lose your entire site.

 

If your income depends on your site, you must put security on top of the list of priorities. Therefore, it is vital to have a reliable web hosting that helps protect your site and to follow some security practices. Some important things to consider while running your WordPress site are:

  • Opt for a web hosting company you can trust.
  • Have a good backup solution.
  • Make sure to use a firewall.
  • Have good security on your website. Use the Website Security Check or other applications to scan your WordPress site’s files. This will show you potential flaws and vulnerabilities in your site.
  • Use a reliable plugin such as Hide My WP Ghost to improve security. This plugin stands out because it uses security through obscurity to protect you.
  • Staying up to date and informed is one of the best things you can do to protect yourself. Having a better understanding of WordPress will help pick reliable plugins, web hosting, and themes, to minimize the number of potential breach points. It’s a great idea to follow blogs like HostingWiki, which can both help you stay informed and master the CMS.

 

The best thing to do is try to prevent your site from being compromised in the first place. According to statistics, WordPress is the most likely CMS to be hacked, so let’s cover the worst-case scenario and look at what to do if your site gets hacked:

 

1.    Hire a Professional

The easiest and most reliable, but costly solution is to hire a professional. They will help quickly and effectively find the heart of the issue and secure your site. However, you should keep in mind that experts are always expensive.

 

2.     Identify the Hack

There’s a basic checklist you should immediately run through if you suspect that your site was compromised:

  • Enter your Username and Password. Check if you can access your site.
  • Check whether your website is working as it should, or is it redirecting to another URL.
  • Check for suspicious links in your content.
  • Check whether Google has penalized your site or marked it as insecure.

 

3.    Contact Your Hosting Company

A good hosting company has experienced and skilled staff on their customer support teams to help you. While they might not be able to fix your site, they can help find any existing backups, or walk you through potential ways to restore the site.

 

4.     Restore a Backup

If you have a backup of your site, you can restore it to the last uncompromised version. This can easily solve your problem. The only downside to this is the potential of losing any post-backup content or comments from your site. But on the other hand, this is the fastest way to get control of your site back.

5.     Scan and Remove Malware

If you have some WordPress themes or plugins, which are not active, delete them. Hackers can use compromised plugins to find a backdoor or another vulnerability.

 

Additionally, you should scan the website, and install a reliable plugin for security such as Sucuri Security or the Theme Authenticity Checker. After scanning, you can find the location of the vulnerability which can be in various directories or files (upload, wp-config, wp-includes, access). Once the issue is found you can:

  • Remove the malicious code by yourself.
  • Replace the infected file with the original one.

6.     Check User Permissions

Give administrator access to only those whom you trust with your website’s management. Go to the user section and check if any other user has administrator access, or if there are idle or unrecognized users. Be sure to delete anyone suspicious and log out all inactive users.

7.    Modify Secret Keys

WordPress secret keys improve encryption and help better secure your site. If your site was breached you should:

  • Generate a fresh set of secret keys.
  • Add them to your wp-config.php file

8.     Change Your Password

Consider changing the login credentials (both the username and password) for your site’s infrastructure. This includes the WordPress credentials, as mentioned in the first point, and those of your MySQL database, and hosting account. Make sure to use a strong password or use a password management tool that can generate a password that is virtually impossible to brute-force.

 

Summary

Having your WordPress site hacked can be catastrophic for your business. That’s why it’s important to both take steps to prevent such an incident and to know what actions to take if the worst-case scenario takes place. Let’s briefly recap what you should do if your site is compromised:

  1. Consider hiring a cybersecurity professional.
  2. Identify the hack.
  3. Contact your hosting provider.
  4. Restore your site from a backup.
  5. Scan and remove malware.
  6. Check user permissions.
  7. Modify WordPress secret keys
  8. Change your WordPress, hosting, and MySQL login credentials.

We hope this guide will help keep your website safe and sound.

web-push-notification-on-desktop

Top 3 Push Notification Plugins for WordPress

by Wordpress Security

Web push notifications are clickable messages that are displayed at the top of the user’s desktop.  They can be shown even when the user’s browser is not open.  

Web push notifications are a new marketing channel to re-engage your site visitors without knowing their email or other contact details. Allow you to automatically notify your audience when you have published new content on your site or when you have a new offer or important updates. 

When a person comes along to your website they will see a little bell icon which they can click to subscribe to new posts. They will get a notification every time you add something new to your website.

Web push notifications benefits:

drawing user attention even when they're offsite

stay in front of your customers even after they leave your site

it is more visible then email - studies have shown that notifications have 30x conversion rate over email

increase your website traffic

increase engagement with your audience

increase return visitors

it helps increase the sales for e-commerce sites

increase your site user loyalty rate

send instant browser notifications to your subscribers’ phones

easier to subscribe for your users

high click-through rate

 

Plugin Compatibility browsersCompatible devicesPrice
One SignalChrome, Safari, Microsoft Edge, Opera, FirefoxDesktop (Windows PC, macOS) & Mobile (Android, iPhone (iOS)
  • the free plan allows targeting up to 30,000 subscribers
  • paid plan from $99/mo
PushAssistChrome, Firefox, and SafariDesktop & Mobile( Windows & Android OS)
  • the free plan allows Subscribers Limit 3,000
  • from $ 9/month
SendPulse Google Chrome, Firefox, OperaDesktop (Mac OS, Windows, Linux) & Mobile (Android, iOS)
  • Free
  • $9.85 /month – white label

 

1

One Signal Web Push Notification WordPress Plugin

    • Send messages through desktop, mobile browsers
    • Automatic Notifications
    • Target Right Audience – custom segments you can get better CTR, meaningful engagement and high conversions
    • Re-engage Users 
    • Intelligent Delivery – Leverage machine learning to send your messages at the optimal time
    • Automated Messaging –  You can trigger notifications based on user behavior
    • Real-Time Reporting – View delivery and conversion performance for every message
    • Superior Segmentation – Create personalized messages and send them to the right audiences
    • Opt-In Customization
    • A/B Testing – Compare message performance and automatically send the best
    • Scheduled Notifications
    • It’s a free plugin
Try it here
YouTube Help

 

2

PushAssist WordPress Plugin

    • Easy to Setup
    • Multi-Device Support  
    • Real-Time Tracking – Monitor the behavior of your users 
    • Send notification to a particular set of audience based on location, interest
    • Schedule push campaigns
    • Personalization – deliver individualized messages
    • Multi-Channel Messaging 
    • Collect Customer Data
    • Easily inform, persuade & remind potential customers about your website and products you offer
    • HTTP & HTTPS Support
    • Integrated Analytics
    • PushAssist offers full baggage of tools for A/B testing, deep links, referral programs, re-engagement or recurring campaigns.
Try it here
YouTube Help

 

3

SendPulse WordPress Plugin

    • Custom subscription requests – You can choose the look of the subscription request and time when you want to show it.
    •  create automatic notifications based on RSS feeds
    • You can also segment your subscribers by their location or other details.
    •  А/В testing – Test different versions of a notification to see which one strikes a chord with your audience
    • Offline notifications – Users will see your notification as soon as they come online
    • all its features are completely free
    • set up automatic messaging when certain conditions are met
    • Real-Time Stats: See your notifications being delivered in real-time, geography stats, open and click rates and more
Try it here
YouTube Help
7bff4b548b2d33f7a423c15ce19dbd65

Customize the WP-Content Directory in WordPress

by How toWordpress Security

Method #1 – Change wp-content with wp-config.php

This solution is simple, but it involves editing a core WordPress file.

First, access the root directory of your WordPress installation using the File Manager in your web hosting CPanel or using an sFTP client. Then find a file named wp-config.php and open the file to edit.

Then add the following line in the wp-config file at the beginning of the file:

define ('WP_CONTENT_DIR',__DIR__ .'/lib');
define('WP_CONTENT_URL','http://yourdomain.com/lib');
define( 'UPLOADS', 'lib/uploads' );
customize-wp-chatbot-color

WP-Chatbot plugin by MobileMonkey

by Wordpress Security

Chatbots have become extraordinarily popular in recent years. Today’s chatbots are smarter, more responsive, and more useful – and we’re likely to see even more of them in the coming years.

A chatbot (or bot) is a piece of automated software that engages in a conversation with people.

Chatbots are programmed to understand basic questions, provide answers, and execute various tasks.

MobileMonkey helps you create Facebook Messenger chatbots easily for marketing, sales, and support. It’s the world’s most advanced Facebook Messenger Marketing platform in the world.

banner3

Hide My WP Ghost 4.2 is Here With New Security Features

by Wordpress Security

With the launch of WP 5.2, WordPress adds more security to the core to keep users’ websites secure. The problem remains with the lack of security of the themes and plug-ins that can be created by any beginner developer without security knowledge.

Download Hide My WP Ghost Lite
Go to Hide My WP Ghost

Because of the hacker-bots attacks targeting the exact paths of vulnerable plug-ins, more and more companies are adopting the “security through obscurity” method.

This method involves hiding the actual URL and choosing a random URL for the same result. When the hacker-bot accesses the actual URL, it will receive an error message without using the server resources.

Hide My WP Ghost 4.2 brings many improvements to protect all the themes and plugins installed on WordPress. It also comes with several options to hide the common paths of WordPress and to hide the fact that the WordPress CMS is used.

HACKERS ATTACK

2019: Why Do Hackers Want To Attack Your WordPress Website?

by Wordpress Security

We live in a time in which digital security is becoming ever more important. An increasing number of people are becoming extremely proficient at maneuvering around the online sphere and attacking WordPress websites for personal gain.

It may go without saying but if your site is hacked and/or taken down it can have detrimental effects on your business, your branding, and your overall reputation.

Hackers may have a number of different reasons why they may be targeting your WordPress website.

We have listed some extremely common examples to give you a better idea as to why your site may be a target:

  • Inject Malicious Content
  • To Steal Money
  • Steal Visitors’ Personal Information
  • Spread Viruses
  • Steal Business’s Private Information
  • Use Your Web Server to Host Phishing Pages
  • Steal Your Server Bandwidth
  • Overload Your Web Server
  • Vandalize Your Website
  • For Fun or To Get Attention
  • To Disrupt Service
wordpress security

3 Best Security Plugins for WordPress 2019

by Wordpress PluginsWordpress Security

These days, websites can literally be just as valuable as property and real estate. So, keeping yours safe is vital.

The Internet now plays an integral role in modern society, and we are becoming increasingly reliant on online services and processes as a result.

Think about it. We use the Internet for our banking, we shop online, we run our businesses online, and some of us earn our own wages exclusively online in the process.

wordpress backup

How to Initiate a Storing WordPress Backup Safely

by Wordpress PluginsWordpress Security

The best security that anyone can do for his wp website is having a good wordpress backup system.

One thing that security plugins are not going to protect you, is when your web host is attacked.

Therefore, you should frequently backup your WordPress site.

Infrequent backups make your site lose a lot of data in case you have to recover it after a hack. I suggest backing up your site at least weekly or even daily in case you have a news website.

check wordpress vulnerability

How to Check WordPress Vulnerability Before Is Too Late

by Wordpress Security

WordPress is used and trusted by millions but, since the hackers have become more advanced, WordPress has also become vulnerable to various security threats.

To learn how to check WordPress vulnerability before it’s too late, you need to understand what the term means and how much has it affected WordPress security.

WordPress vulnerabilities are basically security issues that make the websites who have a WordPress as their CMS, vulnerable to hackers.

wordpress security

Why WordPress Security is Important for Your Business [Infographic]

by Wordpress Security

A lot of companies use WordPress for their websites. And there’s a reason for that, the platform is very reliable, efficient and it can be adapted to your needs with a lot of ease. But it’s also prone to attacks, especially if you use the vanilla version without any plugins.

Hackers are everywhere online, and they are always ready to capture your company data and sell it to the highest bidder.

You have to protect your business right away, and opting for the best WordPress security tools should be a priority!