Firstly, it's important to address this as soon as possible. The longer it's left, the more damage can be done, including your Google rankings and email spam blacklist rating for your domain.
Send an email to info@warrenchandler.com and the site will be scanned and investigated. Sometimes what appears to be a hack can be something far more innocent, such as a failed WordPress auto-upgrade.
Should the site have been compromised, you'll need to follow the steps below to get it back to full (and more importantly, secure) working order. If you're unfamiliar with what follows, you're looking at about three to four hours work for a developer to put it right.
Typically we charge £125 for a complete hack fix, with a six months guarantee and monitoring. If it happens again in this period, you will not be charged again.
18 STEPS TO FIXING YOUR COMPROMISED WORDPRESS WEBSITE
0. Change FTP, MySQL and ALL WordPress passwords. Delete any users that are admins and shouldn't be there.
Send an email to info@warrenchandler.com and the site will be scanned and investigated. Sometimes what appears to be a hack can be something far more innocent, such as a failed WordPress auto-upgrade.
Should the site have been compromised, you'll need to follow the steps below to get it back to full (and more importantly, secure) working order. If you're unfamiliar with what follows, you're looking at about three to four hours work for a developer to put it right.
Typically we charge £125 for a complete hack fix, with a six months guarantee and monitoring. If it happens again in this period, you will not be charged again.
18 STEPS TO FIXING YOUR COMPROMISED WORDPRESS WEBSITE
0. Change FTP, MySQL and ALL WordPress passwords. Delete any users that are admins and shouldn't be there.
1. See what front facing hacks are visible - https://sitecheck.sucuri.net. Fix each manually via FTP.
2. Download the entire site and run it through my PCs virus checker and malware checker
3. Find the WordPress version from your WP-Admin footer.php file. Remove WP-Content and WP-Includes folders and replace them with the exact same WordPress version files from the WordPress repository
4. Manually go through the WP-Content upload folders and root directory, checking for anything that's not a media file, and all .htaccess files
4b. Log in to WordPress if possible. Update anything that's out of date.
5. Log in to Control Panel and make sure there are no Cron jobs running that have been added. If there are, check where they are pointing to.
6. Install Sucuri and scan. Use Sucuris plugin updates module to reinstall all plugins. Deactivate after use.
7. Install Wordfence and scan. Deactivate after use.
8. Install LookSee security scanner and scan. Deactivate after use.
9. Re-activate one of the security modules from points 6 or 7
10. Install a brute force plugin to protect logins
11. Check MySQL database for usernames with no password
12. Delete the sitemap and re-generate a new one.
13. Delete any error logs
14. Protect/harden all WordPress folders and leaks. Sucuri has an option to do this.
15. Reset permissions. 755 for all folders, 644 for all files.
16. Configure a software firewall plugin. I use Wordfence's online one.
17. Set up some kind of login notifications for admins, and things like notifications if a plugin/file has been changed. I set up a separate Gmail account for these.