What To Do If Your WordPress Site Has Been Hacked

Learn what to do if your WordPress site has been hacked or compromised.

WordPress Security TutorialsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we show you what to do if your WordPress site has been hacked or compromised.

***

What To Do If Your WordPress Site Has Been Hacked

Note: If you are browsing this section and your site has not been compromised by an attack, then we recommend downloading and printing the accompanying “WP Hacked” report provided at the end of this tutorial as a safety precaution. This report contains a summary of the main instructions presented in this tutorial.

Backups are absolutely vital for website security and peace of mind!

As Benjamin Frankin once famously declared, “an ounce of prevention is worth a pound of cure.”

WordPress is a secure platform. If, however, your website has been compromised and you did not back up your WordPress site and data, then, unfortunately, there is very little you can do other than to reinstall WordPress and start again from scratch, or go through the painstakingly difficult process of trying to clean and recover your WordPress installation.

If you have set up the WordPress Maintenance System recommended in our WordPress Management Tutorials, then you should have all of your website’s data and files backed up, as well as a record of your email accounts, copies of any downloadable files you offer on your site (e.g. bonus reports for subscribers, etc.), additional content, etc. and this will make getting everything back up and running a lot easier, a lot faster and a lot less painful.

If your WordPress site has been hacked, or if you suspect that someone has compromised the security of your site, then follow the immediate steps provided below.

warning

Note: Depending on your site, the urgency and nature of the attack, and the level of damage caused, you may not want to go through the process below yourself. If so, we recommend using the services of a professional website security expert!

WordPress Site Hacked - Immediate Action Steps Flowchart

WordPress Site Hacked – Immediate Action Steps

Here are the immediate action steps to take if you suspect that your WordPress site has been hacked:

Stay Calm

The first thing you need to do with any incident that involves security is to stay calm. This will help you think clearly as you go through the next steps, and prevent you from making any mistakes that can make your situation worse.

So … take a deep breath and calm yourself down before you do anything else …

Assess The Situation

The next step is to assess the situation. You want to be sure that your site has indeed been hacked before you take any drastic measures like shutting your entire business down online and/or deleting your entire site.

Sometimes things just act up. It could be that a plugin or application displays a weird WordPress error message, or your server temporarily goes down and your database stops working, or something just goes screwy.

For this reason, it’s important to stay calm. If you are not sure whether your site has indeed been hacked or not, then do the following:

1. (Optional): Go through our WordPress Troubleshooting Section information and make sure that you’re not just experiencing an error with your site that can be easily fixed.

To learn how to fix common WordPress errors, see the tutorial below:

2. Download and install the Exploit Scanner plugin if you can log into your site. This plugin can help detect any damage to your site so that it can be cleaned up.

Exploit Scanner

Note: The WordPress Exploit Scanner plugin searches for malicious strings in your database but it doesn’t remove them. You have to remove all infections manually.

To download the Exploit Scanner plugin, go here:

3. If you can’t log into your site or if you detect anything suspicious, notify your host immediately.

4. If you detect or suspect that any malicious code may have been injected into your website, then your machine may have been compromised. You will need to scan your hardware devices (e.g. laptop) for malware.

To learn more about securing your devices, see the tutorial below:

WordPress Site Hacked: Recovery Action Steps

WordPress Site Hacked – Recovery Action Steps

Try To Regain Control

The next step is to try and get control of the situation if you can.

Depending on the nature of the attack, you may or may not be able to access your site.

In some cases, it may be possible to ‘clean’ up your WordPress installation and remove any malicious code your site has been infected with.

Tip

Tip: If you can’t login to your site, try simply deleting your .htaccess file. This usually solves many WordPress-related problems. If you have followed our WordPress maintenance tutorials you should a backup of your files, including a copy of your .htaccess file.

If you can access any of your hacked files or your WordPress database, then we recommend backing these up to a removable stick drive before deleting them from your hard drive or server.

This way, you can analyze your files for problems later (open source tools like OSSEC can analyze your logs and help you find where/how the attack happened), or send them off to a security expert for a ‘forensic’ investigation, or refer to them if you ever need to. Just remember to label the files as your ‘hacked site backup’ to avoid recreating the problem.

If you can access your site and you have determined that you site has been compromised, then do the following:

1. Change Passwords

Change passwords immediately for all of the following:

  • Your WordPress Site Login Password – If you can access your WordPress site, see this tutorial: How To Reset Your WordPress Password.  If you can’t access your WordPress site, try changing your password inside your MySQL file. Change passwords for all users, especially Administrators and Editors. This is especially important if you upload files to your site via FTP.
  • Your WordPress Database Password – see this tutorial.
  • Your FTP Password.
  • Your Webhosting Account Password.
  • Your Email Account Passwords.
  • Any other passwords associated with your site.

Important Info

Note: Changing some of the above passwords will most likely “break” your site (i.e. your website will stop being visible). Given the nature of the circumstances, however, this may not necessarily be a bad thing.

If your site has indeed been compromised and unwanted messages (e.g. spam) were being displayed on your site, then having your site no longer being visible will prevent your site visitors from seeing any offensive, disturbing or inappropriate content, protect the reputation of your site and help you avoid getting blocked by search engines, or even shut down by your host.

To learn more about Password Security, see the tutorial below:

2. Reinstall WordPress

In the most severe of circumstances, if your site has been badly compromised, or you have been locked out of your own site and can’t get back in, the safest thing to do is to simply delete everything and reinstall the latest version of WordPress.

Info

If you have a recent back up of all of your site’s data and files, you can simply delete and recreate your hosting account, then perform a new WordPress installation and re-import all of your backed up data.

See the relevant tutorials in the training modules below for help reinstalling WordPress:

Note: Finding and removing malicious code from web files is a technically difficult area, and, therefore, outside the scope of these tutorials.

To learn more about cleaning up your WordPress installation and removing malicious code from a hacked website, read the articles below:

3. Update Plugins And Themes

After reinstalling WordPress, make sure that all of the plugins and themes you have reimported are up-to-date.

For help updating WordPress plugins and themes, see the tutorials below:

4. Update Your Security Keys

If a hacker steals your login details and they are logged into your site, they will remain logged in even if you change your password, because their browser cookies are still valid, and WordPress stores login session information using browser cookies.

To disable the cookies, you will need to create a new set of ‘security keys’ and replace your existing keys with the newly-created ones.

To learn how to create ‘Security Keys’ and how to add these to your WordPress site, see the tutorial below:

WP Site Hacked: Prevention Action Steps

WordPress Site Hacked – Prevention Action Steps

Analyze What Happened

If you can find out how your website was hacked, you can help to prevent it from happening again (or at least try and prevent it from happening again in the same way!)

Here are some things you can do:

Google Your Site

Depending on how long it took to detect the hacking attack, your site may or may not have been picked up by search engines like Google as being potentially malicious to other users.

Google blacklists infected websites and warns visitors in its search engine results that clicking the link to visit the website could harm their computer …

WP Site Hacked: Prevention Action Steps

It’s important, therefore, to check and see if your site has been blacklisted by Google.

To do this, simply Google your site address to see if a warning message like the one shown in the screenshot above (“This site may harm your computer”) is displayed.

If a warning is displayed, log into your Google Webmaster tools account …

Google Webmaster Tools

After logging into your account and selecting your domain name, click on the ‘Security Issues’ section …

WP Site Hacked: Prevention Action Steps

The ‘Security Issues’ screen displays all the security issues that Google has found and recorded for your site …

WP Site Hacked: Prevention Action Steps

Even though you may have fixed these issues, Google will still blacklist your site until it is completely satisfied that all issues have been fixed.

To remove your site from Google’s blacklist, you will need to make sure that all of the security issues listed have been addressed and fixed before requesting Google to review your site.

To learn more about Google’s malware and hacked website notifications, visit the Google help page below:

For additional information on how to fix Google’s warning messages, visit the sites below:

Check Your .htaccess File For Hacks

Hackers can use your .htaccess file to redirect your site visitors to malicious sites.

If your WordPress installation is located in a subdirectory of your domain (e.g. yourdomain.com/blog), then look in the main folder’s .htaccess file as well. Hackers will try to hide their code at the bottom of the file, so scroll down.

Something else that a hacker may do is change the permissions of the .htaccess file to prevent you from editing the file. To make your file editable, change the file permission back to 644.

To learn how to set permissions for WordPress files and folders, see the tutorial below:

Upgrade Everything

Once you have a clean WordPress installation, make sure you upgrade your WordPress installation, plugins, and themes to their latest version. Older versions are more prone to hacks than newer versions.

Secure Your Site

After successfully recovering or reinstalling your site, make sure you secure it by implementing at least some of the recommended security measures in this training module (WordPress Security Tutorials).

To learn how to start making your WordPress site secure and protected from new attacks, see the tutorial below:

Change Your Passwords Again

If you only changed your passwords after discovering the hack, change them again after securing your new WordPress installation and making sure that your new site is clean.

Start Backing Up Regularly

After recovering from the nightmare and heartache of having your website hacked, it’s vitally essential that you learn how to start performing regular backups of your WordPress database and files.

This way, if your site ever gets hacked again, all you will need to do is restore your data and files from your last clean backup, and change your passwords and secret keys, and you’ll be back to normal again.

To learn how to create an effective WordPress maintenance and backup routine, see the relevant tutorials in the training module below:

Install Security Plugins

WordPress offers many great security plugins. Install one or more security plugins to protect your site from hackers and to prevent future attacks.

Check out the security plugins below:

Review Our WordPress Security Checklist

After completing all of the above steps, review our WordPress Security Checklist to ensure that your WordPress site is now fully protected and secure.

To view and download a printable copy of our free WordPress Security Checklist, see the tutorial below:

Useful Tip

The report below contains a summary of the action steps outlined in this tutorial. Download and print this document as a preventative measure in case your WordPress site gets hacked or ends up becoming compromised.

***

"I am beyond impressed with what you have put together. I can tell that you put a ton of hard work into building what you have. You have the absolute best content on WordPress I have ever seen!" - Robert T. Jillie

***

How To Change Your WordPress Database Password

In this tutorial, we show you how to change your WordPress database password.

WordPress Security TutorialsThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, you will learn how to change your WordPress database password.

***

How To Change Your WordPress Database Password

If you need to change your WordPress database password, follow the steps below:

Log into your cPanel account …

Log into cPanel

(Log into cPanel)

Go to cPanel > Databases > MySQL Databases

cPanel - MySQL Databases

(cPanel – MySQL Databases)

Scroll down to the ‘Current Users’ section, select the user account  and click on ‘Change Password’ …

MySQL Database: Users - Change Password

(MySQL Database: Users – Change Password)

Change the password. Make sure you choose a very strong new password and copy this password to a plain text file …

MySQL Databases - Set New Password

(MySQL Databases – Set New Password)

After changing the current user password, you also need to change the password inside your wp-config.php file. Otherwise, you will experience an “error connecting to the database” error.

If you have been following our WordPress maintenance tutorials, you should have a backup copy of your wp-config.php file stored in your hard drive or remote storage location.

You can edit the wp-config.php file by going to cPanel > Files > File Manager

cPanel:Files - File Manager

(cPanel:Files – File Manager)

Or edit a copy of the file and then replace the wp-config.php file on your server using FTP …

wp-config.php

(wp-config.php)

Replace the ‘DB_Password’ field in your wp-config.php file with the same password used earlier. Note: Make sure to replace only the string inside the single quote marks and check that there are no spaces or misspelled characters to avoid errors. Save the file to update …

Change password in wp-config.php file

(Change password in wp-config.php file)

Remember to test your site to make sure that everything is working correctly.

Congratulations! Now you know how to change your WordPress database password.

***

"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum

***

Understanding The Mindset Of Hackers

This tutorial explores reasons why individuals are motivated to hack into computer networks, computers, and websites.

Understanding The Mindset Of HackersThis tutorial is part of our tutorial series on WordPress Security. In this tutorial, we look at some of the reasons that motivate individuals to hack into computer networks, computers, and websites.

***

Understanding The Mindset Of Hackers

As we’ve discussed in the overview of our WordPress Security Guide For Beginners, WordPress is a secure platform for websites, but a WordPress site doesn’t exist alone. Overall web security comprises of various components that malicious users can exploit if weaknesses or vulnerabilities are found.

Despite the impression that media reports may give about certain sites being specifically targeted for attack by ‘hacktivists’ pursuing a personal political agenda, very rarely do hackers attack a website for personal reasons. Typically, most hackers will target any website that provides them with opportunities to improve their skills, obtain sensitive information, wreak havoc and disruption on hapless website owners, or where there is some potential for financial gain.

Some computer security industry experts argue that those individuals that we commonly refer to as “hackers” i.e. people who seek to exploit weaknesses in computer systems or computer networks for profit, protest, or challenge, should really be called “crackers” because their main intention is not to “hack” code, but to “crack” into computers and computer networks.

Additionally, it’s important to understand that there are different types of “hackers”, such as:

  • White hat – this group of hackers includes computer security experts employed by professional companies to test the security of computer systems
  • Black hat – this group epitomizes what we often fear in a computer criminal, and are the people that we referred to as “crackers” above. Black hat hackers violate computer security for malicious purposes or personal gain and often break into secure networks to destroy data or make the network unusable for those who are authorized to use the network.
  • Grey hat – this group is a mixture of white and black hat and includes people who surf the net searching for security vulnerabilities in computer systems so they can break into the systems and notify the system administrators of the security vulnerabilities (which they often then offer to fix for a fee).
  • Elite – these are highly skilled hackers who have attained a degree of notoriety and social status in the hacking community.

Hackers are by no means limited only to the above categories. Hacker definitions can also range from the brand new and inexperienced neophytes, to script kiddies who use hacking software packages, to blue hat hackers (people who test security systems but are not employed by security companies), hacktivists (people who hack to promote a specific social, ideologic, religious or political message), Nation State hackers (intelligence agencies and cyberwarfare operatives of nation states), and organized criminal gangs, whose sole motivation is to commit cybercrimes for profit.

In this tutorial, we’ll use the word hacker to mean the type of hacker most people generally think of when they think of someone breaking into computers and websites to cause malicious damage with criminal intent …

Understanding Hackers

Regardless of what category a hacker belongs to, they are usually intelligent and inquisitive individuals who typically begin their careers when they are young and have a lot of time on their hands and enjoy the feeling of power that comes with being able to control machines like computers.

Why Hackers Break Into Websites

There are many reasons why hackers break into computer networks, computers, and websites, including:

  • Because they can and/or need to satisfy their curiosity or need to feel challenged.
  • To improve their hacking skills.
  • To gain social status, notoriety or approval from their peers and/or claim bragging rights.
  • To obtain or steal sensitive data for personal or financial gain using methods like searching through personal data files, adding malware like keylogging software, etc.
  • To use your computer as a way to hack into other people’s computers.
  • To wreak havoc on hapless website owners and disrupt people’s lives and businesses.

As a website owner, you should be concerned with the reasons why people would want to gain access to your website.

Just like thieves who break into homes or rob stores, rarely do hackers commit crimes because they hold a personal grudge against the home or store owner. Most of the time, thefts and robberies are opportunistic crimes committed by people seeking cash or home valuables and products from stores that can be easily and quickly traded for cash.

Likewise, hackers seek vulnerable websites that can provide them with opportunities like:

Host Malicious Scripts On Your Server

Hackers who create malicious scripts for distribution need somewhere to host these. They can’t set up sites under their own names as this would give their identity away, so they look for trusted sites where they can upload their scripts.

Redirect Your Visitors To Their Sites

Website owners use files like .htaccess and robot.txt to provide search engines with better indexing for their websites. The robot.txt file, for example, tells search engine robots what they can and can’t index, while the .htaccess file tells search engines how the site should be indexed.

These files, then, instruct search engines to do things like index the entire site, ignore specific parts of the site, or load certain web pages instead of others. By gaining control of your site, a hacker can get search engines to follow their instructions instead of yours.

Steal Your Money

Many sites like niche blogs, etc. use monetization methods like affiliate links, AdSense, banner advertising, etc. By hacking into sites that are monetized using the above methods, hackers can replace affiliate links and Google AdSense publisher IDs with their own, and divert earnings from those websites to their own accounts.

Blackhat SEO

If hackers gain access and control of your site, they can insert keywords and backlinks pointing to their own sites, and attempt to artificially boost their own search engine rankings while simultaneously destroying your site’s reputation in the process.

Comment Spamming

Aside from the problem caused by comment spammers, many hackers exploit commenting features to promote websites that may contain malicious software and infected download files. Often, this kind of spamming is done automatically using software, which makes it overwhelmingly difficult for website owners to manage and keep on top off.

Phishing Scams

Most people nowadays have heard of ‘phishing’ scams, where people are lured to fake websites designed to obtain their personal information, such as usernames, passwords, bank account details, and more.

Hackers can change your DNS (Domain Name System) record information using methods like DNS hijacking, to point visitors to a site designed to imitate the original site. When visitors arrive at the fake site, they are then fooled into trusting the site (depending on how convincing the imitation is and how sophisticated the methods of deception being used are), and enter personal information, which can then be exploited by the hacker.

The above are just some of the reasons why hackers crack websites with security vulnerabilities.

Getting Inside The Mind Of A Professional Hacker

Just as many criminal and forensic investigators try to get ‘into the mind of the perpetrator’ in order to solve their cases, as part of the process of learning how to secure your website, it’s important, therefore, to try and understand how a hacker thinks.

Let’s start then, with the most common methods that hackers will use to try and penetrate your online defenses.

Data Gathering And Analysis

Many hackers begin by trying to understand the underlying web technologies used by your website. This can be done by collecting information about your website’s host and the web technologies installed on your server.

Website Analysis Tools

There are anumber of website analysis tools that you can search for information about a website for free.

For example, if you go to a site like www.builtwith.com

Understanding Hackers

And type in a website address, then click ‘Lookup’ …

Understanding Hackers

You will get a list of all the web technologies used for that website …

Understanding Hackers

(BuiltWith.com)

Another free online tool that is available to anyone who wants to know details about your site such as estimated traffic, server configurations, IP address, name servers, and domain name registration and renewal dates is Who.is

Understanding Hackers

(Who.is)

AboutUs.org is a meta search engine that gathers information about websites such as company details, website analysis and domain name information from different sources, and presents these details in one combined results page …

Understanding Hackers

(AboutUs.com)

Another useful tool for providing information about websites is Alexa.com

Alexa.com

(Alexa.com)

Alexa provides useful information about sites stored in its huge database of indexed websites like contact details, visitor demographics, and internet traffic stats.

If you want to search for information about a website that is specifically related to the WordPress platform you can use a tool like hackertarget.com

hackertarget.com

(https://hackertarget.com/wordpress-security-scan)

The above are just some examples of tools that anyone can access and use to gather information about a website’s technology.

Hackers use the above plus a range of other sophisticated software tools, scripts and methods to analyze websites and search for specific technologies with versions containing known security vulnerabilities.

Source Code

Even your own website can divulge important information that could be used by hackers to exploit your site.

For example, if you use Firefox to browse the web, you can easily view any website’s underlying code by selecting Web Developer > Page Source

Understanding Hackers

The source code for the web page you are viewing will then display on your screen …

Understanding Hackers

By browsing the source code of a web page, hackers can identify what scripts, applications, and programming languages are being used, explore information in hidden fields, and read programmer’s HTML comments.

Tip

Tip: Comments in web page code can make it easier for hackers to understand and reverse engineer your source code. If you plan to get any web development work done on your website, ask your web developer to provide you with a separate document describing the variables, functions and/or methods used, and store this file in a secure offsite location.

Investigative Research

In addition to the above tools, hackers can also use subtle methods, such as examining a website’s cache, which leaves no trail for webmasters to detect in their web analysis tools. This method is explained further below.

Search engines store web pages in caches, as do internet browsers (for example, when the back button is pressed, the local cached version of a page may be displayed instead of a new request being sent to the web server).

Having a cache of your website provide no search engine benefits and gives hackers an opportunity to obtain information about your website. It’s a good idea to remove cached web pages from the Google Index.

To learn how to remove the cached version of a web page from Google, see the article below:

Social Engineering

Another way that hackers can gather data about your website without arousing suspicion is through social engineering.

Essentially, social engineering is when people with malicious or criminal intentions piece together an elaborate lie, con or impersonation based on accurate information gathered from their victims, which they then use to try and deceive, defraud, steal from, or harm the victim and others. These lies can be very hard to spot because they are based on actual, verifiable information about the victim.

As an example, by accepting someone that you don’t know as a new “friend” on Facebook, you could be giving a potential hacker access to personal information about you, such as your partner’s name, how many children you have (and their names and ages), which school you went to, where you live, shop, play sports at, where you regularly go to eat, what you recently bought or traveled to, what you love doing as a hobby, personal details about your family, friends, and so on.

Once a hacker knows some things about you, like your interests, hobbies, the type of work you do, etc. they can then search through other social networks, forums, and web properties to get a better idea of who you are and what you do.

For example, they can visit LinkedIn and get details about your work history, current and past employment or business details, read your resume, etc …

They can also follow you on Twitter and gain an understanding of your social and political views, opinions, affiliations with organizations, current activities, etc… all based on the content of your tweets.

They can visit sites that allow you to search for information about people, like Pipl.com

Pipl.com

And uncover more links on the web about you that allow them to continue building up a profile of who you are …

Pipl.comAll of this information about you that is available on the web can be used by a hacker to falsely impersonate you. They could then request information from your service providers while posing as you (e.g. login or account details, etc) and get access to your web properties, or pose as one of your service providers and entice you to provide them with the additional details they need to hack your website and victimize you.

Data Mining

Once a hacker knows what they are looking for, they can use data mining methods to find the information they are looking for and pinpoint ideal target sites to attack.

This can include something as simple as performing advanced search engine queries looking for sites that match specific conditions, or using automated scripts that go out searching for servers that contain known vulnerabilities and potential security leaks.

Tip

Tip: By monitoring your website’s stats, you can identify what search queries visitors are using to find your site, and spot any unusual queries (see below).

Google – A Hacker’s Tool

Google is not only a great search tool for online users, it also allows hackers to perform advanced search queries that can help them identify potential target sites.

Google Site Search Query

For example, you can use the ‘site’ search query shown below to perform advanced searches on Google (note: leave no spaces in the search query) …

Understanding Hackers

Using the ‘site’ operator in your search query returns all the pages that Google has indexed for a specific website …

All pages indexed in Google

Hackers can use this operator to learn more about your site. For example, they can use it to reverse engineer your site’s file structure.

Google Cache Search Query

Hackers can also examine cached web page URLs, which allows them to work undetected.

To view the cached version of a website or web page, use the operator shown below …

Understanding Hackers

This returns the cached version of the web page you have just searched …

cached version of a website

Google Link Search Query

Another operator that is commonly used when studying websites is ‘link’ …

Understanding Hackers

Running a Google search with the ‘link’ operator returns a list of inbound links to a URL (i.e. links pointing to a website from other domains) …

Understanding Hackers

Hackers can also filter down the results of web sites that contain many pages (e.g. an active forum) using multiple keywords.

As an example, consider the search results shown in the example below for a very popular online forum …

Understanding Hackers

Using additional keywords in the search query has significantly reduced the number of results and refined these to very targeted listings for the specific topic being searched …

Understanding Hackers

Now that you understand a little more about how Google’s advanced searches using operators works, how exactly is this useful for hackers?

Well, let’s start with something simple …

Hackers can use advanced search queries to find files in websites that the site owner may not know are exposed, which may contain private data that the site owner never intended to share publicly. This could be a list of customer emails and phone numbers, or downloadable files for registered users of that site only.

For example, the site in the screenshot below sells downloadable information products in the form of .pdf files and is potentially losing thousands of dollars in sales, because the owner has not secured their files (i.e. their product), as the search below of their site plus the operator ‘filetype:pdf’ reveals …

Understanding Hackers

Hackers will search for all kinds of files that may contain useful data. These include the following file types …

Understanding Hackers

Tip

Useful tip: Search your own website for any files that may contain sensitive data and get these files protected from public access as soon as possible.

Simply enter the following search query into Google (replace ‘abc’ with the filetype extension, e.g. ‘pdf’, ‘xls’, ‘doc’, etc …)

Understanding Hackers

To learn more about securing downloadable files on your website, see the tutorial below:

Hackers can also use advanced search queries in Google to find websites that have known security vulnerabilities.

For example, let’s say that a potential vulnerability is discovered in an older version of WordPress, e.g. version “3.4.2”.

All a hacker needs to do to find WordPress sites that are still running on the older version, is go to Google and type something that is unique to WordPress sites (called a ‘digital footprint’), such as “powered by WordPress” …

Understanding Hackers

And add the version number to the search query …

Understanding Hackers

Hackers can easily automate the above process using software that searches and finds WordPress sites and the versions containing the known security issues, as well as a range of other query strings that helps them quickly identify sites that have no security and are thus easy to target.

To learn how to hide information about your WordPress site like plugins, themes, installation versions, etc., see the tutorial below:

Escalation Of Attack

Once hackers find security vulnerabilities that allow them to gain some kind of access to your system, they will explore your site deeper, looking for weaknesses in your site’s configuration that can be fully exploited. If a hacker is eventually able to bypass your site’s login restrictions and make themselves an administrator, then your site will become fully compromised and be under the hacker’s complete control.

Worse still, there may not be any obvious sign that your site has been compromised. Experienced hackers know how to ‘keep the door open’ so that they can log back in anytime they want to, and modify log files to avoid being detected. You could end up running a hacked website without even knowing that someone else is using your site for their own malicious or criminal benefit.

This is why WordPress security is so important and why we recommend going through the tutorials in the WordPress Security module to learn more about how you can keep your WordPress site secure and protected.

Understanding The Mindset Of Hackers

(Source: Pixabay)

***

"I have used the tutorials to teach all of my clients and it has probably never been so easy for everyone to learn WordPress ... Now I don't need to buy all these very expensive video courses that often don't deliver what they promise." - Stefan Wendt, Internet Marketing Success Group

***