WordPress Hack Warning: Upgrade Immediately

Posted by

Hi,

Now a Days, we are receiving lots of report that wordpress blog has been hacked. All these have been due to older version of wordpress running on their blog.

Security updates are for everyone who use the wordpress at their CMS or blog management. If your blog is running an old version then it is vulnerable.

Basically, once a security problem is fixed then hackers know about it too. They can create scripts that automatically search thousands of sites and hacking each and every one of them by inserting their malicious code.

So if you have not upgraded your blog then it can be hacked. If you do not wait to be hacked then upgrade your blog immediately.

If your blog have been hacked then you wlll have to fix it. Here is some guide to help you:

1) backup the site and database.
2) Make a copy of uploaded files such as images.
3) Download a fresh version of wordpress as well as plugins which you require for your blog and clean template [theme].
4) Delete all the files and folders of your wordpress directory.
5) Re Upload the fresh copy that you have just downloaded.
6) Run the database upgrade at wp-admin/upgrade.php.
7) Immediately change the password and set the strong one.
8) Go through the posts and repair any damage in the posts.

Delete any links or iframes that were inserted and restore any lost content. Google and Yahoo’s caches are often a good source of what used to be there if anything got overwritten. The following query run against the database can help you isolate which posts you want to look at:

SELECT * FROM wp_posts WHERE post_content LIKE ‘%<iframe%’
UNION
SELECT * FROM wp_posts WHERE post_content LIKE ‘%<noscript%’
UNION
SELECT * FROM wp_posts WHERE post_content LIKE ‘%display:%’

Now, your blog can be rehacked even if you have upgraded. The only prevention is to upgrade your blog regularly.

Some Other steps which needs to be taken care of in order to prevent your blog being hacked:

1) Scan your local machine.
2) Check with your hosting service provider for not only your site but the server wide. Specially if you are using shared hosting.
3) Change the password at regular intervals and set the strong password inclduing special character and digits.
4) Take a regualr backup of your blog when you left the work with it.
5) Check your .htaccess file for hacks. Because hackers can use your .htaccess to redirect to malicious sites from your URL.
6) upgrade your blog regularry and leave up to date.
7) Once you have recovered from the hack then check with your site logs to see if you can discover how the hack took place.

Thanks,

Shane G.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.