If you still can’t get your website back to normal after reading the previous article “Solutions to Hacker Attacks on WordPress Websites (1)”, I deeply sympathize. Having your database hacked can be quite frustrating, but I hope this article can help get your website back up and running.
1. Strengthen WordPress security
It is recommended that you refer to the WordPress Security Comprehensive Guide to implement some preventive measures. In addition, users who use virtual hosting are reminded to ensure that the permissions of wp-config.php are 750 instead of 604 (see "File Permissions" for the reason).
2. Change database password
This is very necessary because hackers may be able to enter your database just because your database password is too simple. It is best to use a combination of letters, numbers and special symbols for the password. To change the database password, please refer to the host provider's help documentation or consult the host provider's customer service staff.
3. Modify the database and delete the passwords of all users
Using phpMyAdmin, go to your database and click "Browse". You will see information about the users and hackers on the site. You will need to:
a) Copy the displayed user_email value, which may be the hacker's email address.
b) Click the "Edit" link on the affected "row".
c) Delete the user_pass field.
d) Change the user_email field to your own.
e) Click 'Confirm' to save changes.
4. Log in to WP Admin
As usual:
a) Enter the WP Admin interface through the address http://www.mysite.com/wp-admin/ .
b) If you see a prompt to upgrade the database, the first thing to do is to confirm with the hosting provider whether they can provide the latest PHP version, and then click 'Upgrade WordPress Database'.
c) Click 'Continue'.
d) Click "Forgot your password?"
e) Enter your username and email address and click 'Get new password'.
f) Check your email, you will receive an email from "WordPress" ( [email protected] ), which contains a link to reset your password.
g) Check your email again. You will receive the new password. Copy the new password.
h) Log in with your new password, change the password if necessary, click "Yes, go to personal page" to change the password, or click "No, don't remind me again".
5. Is everything normal?
Click and check whether your blog posts, pages, categories, tags, etc. are all normal, and modify or delete abnormal content.
6. Switch to default theme
a) Go to Appearance->Themes and click "Activate" one of the default WordPress themes below:
- WordPress Classic 1.5, by Dave Shea
- WordPress Default 1.6, by Michael Heilemann
- Twenty Ten 1.0, produced by WordPress team
b) If your website content displays normally after switching themes, you need to repair your theme files (hope you have a backup).
7. Restore recently modified files
It is possible that only the main index.php file has been modified. Replace these modified files with your corresponding backup files.
8. Activate your theme again
a) Go to Appearance->Theme and click "Activate" The theme used before the website was hacked.
b) Refresh the homepage and hope everything goes back to normal.
Finally, in order to strengthen WordPress security, I recommend the following plugins to everyone, in no particular order:
WP Security Scan plugin, scans WordPress installations for security vulnerabilities and provides remediation measures.
1. Password.
2. File permissions.
3. Database security.
4. Version hiding.
5. WordPress Admin Protection/Security.
6. Delete the WP generated META tag from the core code.
The Secure WordPress plug-in provides help for WordPress security: delete error messages on the login page, add index.html to the plug-in directory, and delete wp versions except the admin area.
1. Delete the error message on the login page.
2. Add index.php to the plugin directory (virtual).
3. Delete the wp version except the management area.
4. Remove really simple findings.
5. Remove Windows Live Writer.
6. Delete core program update information for non-administrators.
7. Removed plug-in update information for non-administrators.
8. Removed the theme update prompt message for non-administrators (only applicable to WP 2.8 and later versions)
9. Hide the backend WordPress version from non-administrators.
10. Add string for WP scanning.
11. Block destructive queries.
12. Verify your website with SiteSecurityMonitor.com, a free malware and vulnerability scanner.
The Ultimate Security Check plug-in helps you discover security issues. It scans your blog and gives you a security "level".
Database backup is always indispensable. In order to make it easier for you to back up the database, after installing the following database backup plug-in, you can back up the database in the management background.
The WP-DB-Backup plugin allows you to easily backup core WordPress database tables.
Article source, please indicate when reprinting: http://www.wordpress.la Webmaster Communication Group: 82468412
The personal space of the author jiol This article only represents the author's views and has nothing to do with the position of the webmaster.com.