Wordpress Download Posts Site Hacked

2.4 Remove Hidden Backdoors in Your WordPress Site. Hackers always leave a way to get back into your site. More often than not, we find multiple backdoors of various types in hacked WordPress sites. Often backdoors are embedded in files named similar to WordPress core files but located in the wrong directories. Losing access to your site or perhaps credibility due to a hack is one of the worst things that can happen to a website owner. Despite the fact that WordPress is generally quite safe, it’s also very popular among hackers because even a bit of knowledge in website management can provide a possible gateway for a hacker. Outdated themes and plugins are one of the most common reasons sites get hacked, but it’s also easy to miss an update (especially if you’re using lots or managing several sites). WordPress 5.5 gives you the new option to set themes and plugins to automatically update when a new version releases, so you can automate the process on a per. In my all sites there was automatically malicious pages generated and it will shown on google and these pages were not shown in my wordpress dashboard and in posts sections. Please Help me to find codes and get secured from this hacking I have losted many traffic from my WordPress site.

Having your website hacked is not a pleasant experience. If you open your site and are being redirected to inappropriate sites, traffic plummets, getting blacklisted by search engines, browsers, and major antivirus software all point to one common thing; that is your site is hacked. If not blacklisted from search engines, then opening up your website in Chrome might display a notice “Site May Be Hacked” on the browser page. In a nutshell, it is a nightmare of an experience. Today, I plan to talk about how you can get away with it.

Thousands of WordPress websites get hacked every year. These hacks are not because the CMS is insecure. It is mostly the fault of the website owners, who might have used a weak password or have failed to update the software when a security update gets released. Not to overstate the obvious, but if you chose to self-host your website, you are responsible for keeping it up to date.

Although, there are many other reasons for a website to get hacked, however, an outdated version of WordPress or a WP plugin/theme is one of the key reason.

Getting hacked is one thing that I have talked a lot about in this security series. Another more pressing issue is that of backdoors. In this post, I will talk about what is a backdoor and how to detect and remove backdoors from a WordPress site to make your sites secure again.

Why WordPress Sites Are Hacked?

Throughout this security series, I’ve been persistently highlighting about the factors which may lead to a hacked website. A weak password, bad hosting service, outdated WordPress or WP plugins and themes, poorly coded plugins all of which are some of the major reasons of sites getting hacked. For any website, security is of paramount importance. But with intelligent security strategy, all these threats can be very easily prevented.

Here are some interesting yet scary statistics by WPWhiteSecurity.com:

  • In 2012, more than 170,000 WordPress-based websites were hacked
  • Out of 170,000, 41% were hacked due to poor web host
  • In 2013, of 40,000 WordPress websites in Alexa top 1 million, 70% were vulnerable to be hacked
  • Out of those 40,000 websites, 30.95% were using a vulnerable version of WordPress i.e. 3.6. As of this writing, more than 10% websites are on version 3.x

So, based on the points mentioned above, the best tip to stay secure is keeping WordPress and its plugins up to date. From time to time, security loopholes are discovered which are fixed by releasing a new version of the CMS or the product. If you do not update your site to the new version, your site will be vulnerable to security loopholes from the old version.

What Is a Backdoor?

A backdoor is a hidden method of gaining access to WordPress dashboard bypassing normal authentication. Backdoors are special because they allow admin access even after the vulnerable point that led to hacking has been fixed. As soon as hackers exploit a vulnerability, they create backdoors for future access. This way, backdoors survive patches or WordPress updates too. Backdoors can be plenty harmful as they allow hackers to sneak back in undetected.

Types of Backdoors

In most cases, you won’t even know if a backdoor exists unless the hacker has defaced or taken the site down. Therefore, smart hackers don’t use the site itself . Instead, they use the server to send spam. There are different types of backdoors. Some let PHP code be executed through a web browser. Others employ to execute SQL queries, send emails through server or use DNS to do the damage.

Locations Where Hackers Hide Malicious Code

The first step in detecting a backdoor is to know where it might be uploaded. Following are the most common hideouts for backdoors.

Inactive Themes and Plugins

Malicious code is not probably found in the active theme and plugins. Hackers usually upload backdoors to inactive themes and plugins. Most users don’t bother updating inactive themes, so are strung hard as a result of the backdoor. This is why you should never keep inactive and idle themes or plugins on your site — which you do not use. Thus outdated inactive themes and plugins are especially an easy target.

Uploads Directory

Tell me the last time you browsed this directory from its head to toe. Never, right? Most people know that this is the place where all media files are stored. In an average WordPress installation, uploads directory contains thousands of files. So, it’s rare that you will ever check this directory entirely. It is very easy for uploads directory to be targeted for two reasons.

  • One, no one ever bothers checking this directory.
  • Second, this directory is writable, so it can used to execute malicious codes.

The wp-config.php File

The wp-config.php is the most critical file in a WordPress installation. It contains database connection details as well as certain installation parameters. Hackers also like to put backdoors in this file. Make sure you check that as well as while you are at it update the site salts.

The wp-includes Directory

The wp-includes dir is a core WordPress installation directory. Sometimes hackers use it to upload their backdoors. The problem is that unlike uploads directory, this folder contains mostly .php files. So you can’t differentiate unusual files from the original ones unless you know all core files by name. Some hackers name their malicious file to make it sound like a core file. Or some even affect the core files where you should check the security hash of these files.

Detecting and Removing a Backdoor

A backdoor lets unauthorized people access the WordPress undetected. A vulnerable plugin, theme or outdated installation could let the hacker in and create backdoors. So even after you clean up the mess and update everything, the backdoor can still be used to regain access to the site. Unless you get rid of backdoor, you are still vulnerable to more hacking attempts.

The hard part of getting rid of a backdoor is detecting it. How do you find it in the first place? How do you clean up the site? Here are some ways of doing it:

Scan the Files and Database

Use the Exploit Scanner plugin to find the presence of malicious code. This plugin, however, won’t itself remove any code or file. That is totally on the user to do. It also looks for base64 (used for notorious tasks) through files and database. Plugins also use base64 to accomplish various tasks. Which BTW is a bad practice! You should not be using any such plugin/theme.

So if you are not a plugin developer, better not to mess with plugins by deleting their base64 code. You can also use Sucuri (their premium service) to scan your site for malware. Sucuri is the most trusted name in the community. Not only will they detect the backdoor, but they will also close it down for you.

Delete All Inactive Themes

What’s the point of keeping themes you don’t use? They just make good prey for hackers. Instead, delete inactive themes right away. Even default themes like Twenty Thirteen and Twenty Sixteen are pointless to keep. Once you delete all inactive themes, scan your site again. If one of your inactive themes had the backdoor, it is gone. So your site should be clean. If your website is still getting infected, try out other methods in this post.

Delete All Plugins

The Exploit Scanner plugin can tell you where is the malicious code hidden, and you can delete it. But, the only risk associated with it is to ensure that you are deleting the right file, and not breaking your site down.

A better decision would be to delete all the plugins. Yes delete all the plugins and install fresh copies of each one of them again. This way, you can guarantee site’s clean state afterward. To make sure all plugins are deleted, check the wp-content/plugins directory.

You may wonder why I am not suggesting you to update the outdated plugins? Let me tell you another interesting fact here then i.e. sometimes backdoors remain unaffected from updates. Hence, deleting the outdated plugins wouldn’t do much good.

Fix wp-config.php File

Your wp-config.php file might contain malicious codes as well. To make sure it is fine, compare its contents with the wp-config-sample.php. If you find anything out of the ordinary, get rid of it right away. It is advised that you consult with a security consultant here.

Inspect Uploads Directory

Uploads directory mostly has no items other than the media files. So while inspecting, if you find a .php file hidden inside the upload folders, better get rid of it. Such .php files might contain the malicious code that’s letting hackers in. Since most users don’t regularly check this directory, hackers upload the backdoors here.

Careful there, if you use caching plugin or a custom framework, such plugins also put their caching related files in there. It’s better to consult with the developers or find a security consultant if don’t know what you are doing.

Delete .htaccess File

.htaccess is the second most important file after the wp-config.php. Hackers may put their codes in there to create backdoors. To make sure it is clean, just delete it. Don’t worry; it is a file that automatically regenerates itself with the default content. If it is not recreated, go to Settings > Permalinks, and save the settings.

Careful there, this can prove to be a site breaking suggestion. Have your backup ready to be restored in case something screw ups.

Hire Security

The finest solution for beginners is to use a security service like Sucuri. Sucuri provides solutions to secure WordPress sites. They perform regular scans of your WordPress site to make sure it is clean of malware. Sucuri also has a website firewall, which prevents hacks to a great extent. If your site has a backdoor, hire them to fix it.

Do Take Backups

There are Updraft Plus, BackupBuddy, CodeGuard, VaultPress and many other backup services. These services allow you to take backups of your site and its database. That way, if your site gets hacked, you can easily restore it from an earlier point in time when it was clean. It is the most overlooked advice regarding website security. Most of the said backup solutions may take 10-20 minutes to set up. You can also use a free plugin like BackWPup to create backups.

Conclusion

When it comes to website security, you should never hesitate to make an investment. A hacked website can always be recovered, but that is not the point. The point is your website’s reputation — once it is tarnished, you won’t get it back.

Hackers use your server to send spam, redirect your site to inappropriate sites and consequently, you are blacklisted by search engines and major antiviruses. This hurts both website brand and your credibility.

I’d again like to advise you to hire a security consultant for this kind of stuff. I have an interesting post coming up at the end of this series where I will talk about what you can expect from security consultants.

Has your site ever been hacked? How did you manage to handle the situation? Let us know in the comments. There are always so many interesting and insightful stories there.

Finally, you can catch all of my articles on my profile page, and you can follow me or reach out at Twitter @mrahmadawais; to discuss this article. As usual, don’t hesitate to leave any questions or comments below, and I’ll aim to respond to each of them.

FirstSiteGuide is supported by our readers.When you purchase via links on our sitewe may earn a commission. Read More

We don’t condone, approve nor encourage any illegal or malicious behavior! The purpose of this article is to explain how to hack or regain access to a WordPress site that belongs to you, or that you have rights to edit, admin, and access. Whatever you do, you’re doing it on your own.

We’re not responsible for your actions. This guide serves for educational purposes only.

Described methods will help you regain access to the site even if you no longer have an account, but will require some info about the site and they won’t help you hack into any random WordPress installation.

How to hack into a WordPress website, the complete guide

Situations you can help yourself in

If you’re in one of the following situations, our methods will help you regain access:

  • you forgot the username or email address
  • reset password option does not work on the hosting server
  • reset password emails are not coming through
  • you no longer have access to the account’s email address
  • you know the username & password, but the combination just does not work

To use the methods described below, you’ll need only one of the following:

  • FTP access to the server, or
  • cPanel access to the server, or
  • access to the MySQL database and the ability to connect to it remotely
Hacked

Method #1 – the MySQL way

Use this method to change the password (or username if needed) of an existing user or to create a new account. You’ll need cPanel access or direct MySQL access to the site’s database. Let’s get started by changing the password of an existing user.

If you’re using cPanel, login (cPanel can always be accessed via the https://yoursite.com:2083 link), locate and open phpMyAdmin. The list of databases and tables is on the left. You’re looking for the table that ends in _users. It’ll probably be wp_users, but if you have more than one WordPress site installed on the server, you have to find the right one.

The right table will have the user you want to edit in it. Follow the same procedure if you’re connecting to MySQL via some external client like SQLyog. Once you locate the table and the actual user record, it’s time to change the password.

As you’ve probably figured out by now, the password is saved in the user_pass field, hashed using the MD5 algorithm. Open the online MD5 generator enter the password you want to use and click “Hash”. Copy the generated string and replace the original password with it. In phpMyAdmin, you can edit the field by double-clicking on it. The procedure is similar to other MySQL clients. Save changes and login to WordPress with your new password.

Still on method #1 – creating a new user

Creating a new user is a bit more complicated but still manageable in less than a minute. Create a new record in users table and populate: user_login, user_pass (hashed, using the MD5 function described above) and user_email. All other fields can remain empty; they don’t matter. Save the new record. Once saved, MySQL will give it a unique ID. It’s the number in the ID field. Remember it.

Now go to _usermeta table. Remember, the table’s prefix has to be the same as the users’ one. For instance wp_users and wp_usersmeta. If the prefix is not the same, you’re editing the wrong table (of some other WP installation) and the new account won’t work. We’ll create two new records. Ignore the umeta_id field for both of them. Set user_id field to the value you just remembered (the new ID value in users table). For the first record set meta_key to wpct_user_level and meta_value to 10. For the second one meta_key to wpct_capabilities and meta_value to a:1:{s:13:'administrator';b:1;}. Save both. You’re done – login!

Method #2 – the functions.php way

This approach can be utilized either by editing functions.php through cPanel or by using an FTP client to do so. If using cPanel find File Manager and open it. First, we have to find the active theme’s folder.

Go to public_html/wp_content/themes folder. If you immediately see your theme and know which one it is – great. Open its folder and start editing functions.php. If not, open the site, right-click anywhere, select “View source”. Then press Ctrl + F and start typing /themes/ soon you’ll have a lot of URLs highlighted, and you’ll recognize the folder name of the active theme.

Find it in the file structure, open, and start editing functions.php. Copy/paste the following code at the end of the file. Mind the closing ?> PHP tags if you have them. They have to be on the last line. So, insert the code before them.

Edit only the first two lines of the code to reflect your new account. If there’s already a user in WP with that email a new account won’t be created, so make sure it’s new. Change the password as well – don’t get hacked by script kiddies. After saving the file simply open your site, the code will be run, a new account with administrator privileges created and you’ll be able to login with it.

After you do so, remember to delete the code from functions.php.

Other hacking methods

By knowing the FTP, cPanel or MySQL password you’re proving that you have legitimate access right to the server and therefore should have access to the WordPress installation(s) as well. If you don’t have any of those accounts, then you’re up to no good (hacking into other people sites), and that’s not nice!

Please remember that gaining unauthorized access to any computers, sites or servers is a serious crime and is promptly dealt with in most countries.

If you don’t have time to set up your blog, let us know so we can try to help.

How to create a backdoor in WordPress

When the front door is closed, you might try the back door. This might sound like a malicious way of using the code for entering the site without having the access to it, but there are actually times when you need to control your own site if somebody stole it.

If it’s creating websites for other people something you do, sooner or later there will be a client who will refuse to pay you for your work; a client who will delete your login information and take over control of everything you have done. Sometimes, it will be enough to create a new user via FTP or to reset a password. When that’s not enough, you might want to hack your way back in or create a backdoor access to your admin pages.

But if you decided to hide a small piece of code in your WordPress environment, you might save yourself some dignity and gain access to the WordPress site with administrator privileges. And that’s where the games begin.

No matter how many times this thief deletes your information or restores a backup on a server he probably owns, there is a chance he doesn’t know anything about backdoor entrances. If he did, he probably wouldn’t even need your help in setting up WordPress, right?

Create a backdoor:

Wordpress Download Posts Site Hacked Free

OK, enough with the talk; here’s a piece of code you will need to get the job done:

  1. Open functions.php file
  2. Copy/Paste following code:
  1. Save changes

If you leave the code as it is, all you would have to do to create a new admin on the site is visit http://www.yourdomain.com/?backdoor=knockknock.

After the page was loaded, your new username is “name” and password “pass”.

Of course, you can change that in the codeabove by changing ‘name’ and ‘pass’ to whatever you want. You can also change the link to your back door by changing ‘backdoor’ and/or ‘knockknock’ to anything you come up with.

Try the function – not only it is fun but it can really help you sometime in the future when you’re about to make a website for someone you can’t trust completely. You should also level up your WordPress and blogging skills.

How to create a new user account via FTP

Creating new user accounts on WordPress is very easy. As an admin, you need to navigate to Users admin page where you can create a new account for any user role. That can be done in a matter of seconds and a newly created user can immediately log in with given username and password.

But what happens if you lose access to your WordPress admin? Things might get a bit more complicated, but don’t worry – we have a function for you which can save your admin life.

Whether another admin deleted your account, whether you have deleted all users from the database by mistake, used a malfunctioning plugin or got hacked, you can still get back in control. Sometimes you might be able to get access only to your FTP server while the HTTP one will be out of your reach and you will need to create a new admin. While that might be a rare case, the following function will save you.

To create a new account outside WordPress admin environment, all you will need is an FTP access to your site. As an admin, you should have all the needed information to log in to your server and you can quickly create a new account by creating a new function in your theme.

Create a new user account via FTP:

  1. Open FTP client and connect to your account
  2. Navigate to wp-content/themes
  3. Open the folder of the theme you are using
  4. Search for functions.php file and edit it
  5. Copy and paste the following function:
  1. Change username, password, and email to something unique
  2. Save changes

Make sure that username, password and email address which you set in the function are unique or otherwise the function won’t work properly. Once you have saved the changes, you’re done and you can navigate to your WP login panel. Use new information to log back in and once you have verified the account, you can delete the function from the functions.php file.

The function shown above creates an admin account but you can easily modify it to create an account with any other user role. Simply change the role on the 8th row of the code to the editor, author, contributor, subscriber or any other user role you have created.

Unfortunately, if you have lost your admin account, you have also lost all the posts written under that username. That’s why you should always keep a backup which you can easily retrieve. If you’re reading this while having your admin account, take this as a reminder to create a backup immediately and bookmark this article just in case you need to create an account outside WordPress in the future.

10 signs your WordPress site is hacked

WordPress is a huge blogging platform. There are millions of users and it seems that the number is rapidly growing each and every day. People even tend to transfer their websites created in other content management systems to this open-source system more often than you might think. And, while this is good, this means that hackers will also put WordPress in a number-one spot when trying to invade random sites.

Usually, if you get hacked, you will know about that instantly. Your site will become inaccessible; you won’t be able to log in and sometimes a hacker will even leave a message on the front page. But more often than not, you might not even notice that something has changed. In this part of the article, we’re about to show you several signs that might show you that your WordPress site got hacked and a few solutions to the problem.

1. Unsuccessful login

This sign is pretty much evident. If you have used a username and password combination for a while without ever having trouble, you may get suspicious if suddenly WordPress doesn’t recognize your account. If a hacker got to log in to your site, the chances are that he will quickly change your admin privileges.

Maybe he got to change your password or completely deleted your account. Before you start to panic after the first time WordPress messages you about incorrect username/password, please consider the fact that you might have entered a wrong combination or that you may have turned on the caps lock button.

Solution: Try recovering the password via email or use another account to log back in. To make sure that your login stays safe, we recommend installing Login Ninja plugin for WordPress.

2. Malicious content is added to your site

If you start noticing unfamiliar content on your site, you may start worrying. When they get a chance to access your admin area, hackers will be able to change your core and both your theme and plugin files. That means that they get to change anything they want.

While some hackers will drastically modify the looks of your site and maybe even spell out that you got hacked, the other ones will be much more subtle about it.

Solution: Try looking for hidden content in the website code. There might be links to malicious sites hackers planted in the footer of your site, or they might have installed popups which will open on a regular basis to your customers. Use Security Ninja to scan your site or continuously monitor your site for such problems.

3. Suspicious visits

If you are not tracking your website, you should start doing so immediately. A simple way to do is using Google Analytics which, among many other features, can tell you how many visits do you get and where are those visits coming from. After some time, you will get to know your website. That means that you will know where are the visits coming from, you will know when you launch a new campaign and when there are new promotion links released in the wild.

But if you suddenly notice that your site is getting a huge number of new visits from the suspicious domain, you will want to investigate this further because your site might just get hacked. Usually, that kind of visits will result in a 100% bounce rate which means that only one page was accessed. Hackers will frequently use automated systems that will lead other bad sites to yours. Whether it’s the bad code that gets executed on your site or you have become a part of a spamming network, things can get serious, and you will have to check your site for malicious code.

Solution: Use Google Webmasters Tools to find suspicious domains.

4. A sudden drop in traffic

Unlike the last mentioned sign of getting hacked, this one might alert you because there is suddenly a drop in the number of visits. Instead of referring new visits to you, a hacker might send visits away from your site. This might happen because a hacker redirected your site to another one. The other reason for getting fewer visitors is that Google blacklisted your site. This action would show a message to every user who may choose not to open your site because it is infected.

Solution: Use Google’s Safe Browsing Site Status to check if your site is marked as unsafe and is currently dangerous to visit.

5. Search engine results are strange

If you haven’t noticed any changes on your site, but you do find out that search results in Google and other search engines are strange (show different titles and other meta-data), this might be a clear sign of a hacked site. A hacker might have changed your content in a way which can be visible only to an expert. Still, the change would be visible in the search engine results.

Posts

Wordpress Website Hacked

Solution: Check your site with Google Webmasters Tools, and check if your site got hacked with this free online tool.

6. You can’t send/receive emails

Once a hacker gets access to your site, he will probably want to use your server for spamming everyone else. When you find out that you can’t send or receive new emails from your WordPress, this can be a clear sign that you got hacked. Check your email once again, then check it with your provider to make sure that there aren’t any errors.

Solution: Test your WordPress mail function with this free plugin.

7. Site doesn’t exist

There are times when hackers won’t access your site to plant malicious code, redirect users or use your email for spam. Sometimes, all they will want to do is to crash your site. Rarely, a hacker will successfully delete everything from the entire server. That’s why it is important that you host your files at a renowned hosting company that will take of security and also keep daily or at least weekly backups of your website. It’s a good practice that you also do your own backups from time to time so that the site can be quickly restored.

Solution: Install one of the best plugins for backup management in WordPress.

8. Suspicious files

Similar to malicious content which may be added to existing files, a hacker might plant extra files anywhere within your root folder. It’s a good thing to know your way around WordPress, but if you’re not that experienced, you should have a security tool at your disposal which can check all of your files and activities. Recently, we reviewed the Security Ninja which is a perfect tool for checking all of your WordPress files.

Solution: Try looking for files that don’t belong to your WordPress installation. Use the Security Ninja to scan your site on a regular basis and find those files automatically. Then delete the files or remove the malicious code from infected files. Don’t forget the Core Scanner add-on for Security Ninja.

9. New members

Depending on your site, you might be the only one able to add new members. In that case, an email telling you about newly registered users might trigger an alarm. If there are other admins who have the ability to add new members, check with them about suspicious activity.

Solution: Change login URL with a free plugin, limit access to your WordPress login page by using .htpasswd file and use Login Ninja to protect your login form all the time.

10. Check out scheduled events on your server

Sometimes, a hacker won’t do a thing to your website once they find their way in. Instead, they will leave scheduled events which may harm your site sometime in the future. This technique is dangerous because a hacker can leave inexperienced victim clueless at first. You may be infected and know nothing about it.

Wordpress Download Posts Site Hacked 2017

Solution: Check your CRON jobs on a server you’re using and make sure there are no suspicious scheduled tasks.

Wordpress Download Posts Site Hacked Version

Wrapping up

We hope that this article will help you manage even a safer WordPress site, and that it will help you regain access to it in bad situations. And even if your site is clean, please don’t take that for granted. Always make sure that your blog is as safe as it can be. We suggest security plugins for WordPress which can save you at most times. Still, don’t be the one using unsafe password, and be careful when hacking into your own WordPress site.

  1. Hi there! Quick question that’s completely off topic.

    Do you know how to make your site mobile friendly? My weblog
    looks weird when browsing from my iphone.
    I’m trying to find a theme or plugin that might be able to fix this problem.
    If you have any recommendations, please share.
    Many thanks!

Leave a Reply