Successfully reported this slideshow.

Your WordPress Site Has Been Hacked: What Now?

2

Share

Loading in …3
×
1 of 29
1 of 29

Your WordPress Site Has Been Hacked: What Now?

2

Share

Download to read offline

You find some blog posts on your site that you didn’t publish. Or you get an email from your host telling you your site is sending out spam email. Or maybe you were just browsing your site and you found a file that doesn’t look quite right.

In this talk, we’ll cover everything from the basic steps to take (changing passwords, locking down your theme, and enforcing proper file permissions) to finding the affected portions of your site (checking core, theme, and plugin files against WP.org versions) and removing the malicious code. We’ll also touch on general security practices that can prevent breaches in the future.

Keanan Koppenhaver is a Digital Product Developer and Consulting Engineer with doejo, a WordPress VIP Partner Agency.

While at doejo, he has worked on baking WordPress into the publishing workflow of one of the largest investment news publications in the United States, a WordPress-backed real estate investment portal, and many other projects large and small.

He is passionate about mentoring other developers as well as teaching people that WordPress can be more than just a blogging platform. Keanan writes about all these topics and more at http://levelupwp.net.

You find some blog posts on your site that you didn’t publish. Or you get an email from your host telling you your site is sending out spam email. Or maybe you were just browsing your site and you found a file that doesn’t look quite right.

In this talk, we’ll cover everything from the basic steps to take (changing passwords, locking down your theme, and enforcing proper file permissions) to finding the affected portions of your site (checking core, theme, and plugin files against WP.org versions) and removing the malicious code. We’ll also touch on general security practices that can prevent breaches in the future.

Keanan Koppenhaver is a Digital Product Developer and Consulting Engineer with doejo, a WordPress VIP Partner Agency.

While at doejo, he has worked on baking WordPress into the publishing workflow of one of the largest investment news publications in the United States, a WordPress-backed real estate investment portal, and many other projects large and small.

He is passionate about mentoring other developers as well as teaching people that WordPress can be more than just a blogging platform. Keanan writes about all these topics and more at http://levelupwp.net.

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Your WordPress Site Has Been Hacked: What Now?

  1. 1. You’ve Been Hacked: What Now? KEANAN KOPPENHAVER @KKOPPENHAVER HTTP://LEVELUPWP.NET
  2. 2. Who Am I? • Developer at doejo • Been working primarily on WP projects for the past 3 years • Sites large and small
  3. 3. People on the internet are rude.
  4. 4. Part 1 | Discovery
  5. 5. Your host may tell you.
  6. 6. You may see some strange behavior • Published posts you didn’t write • Menu links you didn’t create • Images you didn’t upload
  7. 7. (Check with anyone else who works on your site)
  8. 8. Google may tell you
  9. 9. Mysterious redirections
  10. 10. Part 2 | Recovery
  11. 11. https://codex.wordpress.org/ FAQ_My_site_was_hacked
  12. 12. Backup Now • Some hosts will disable/take down your site when they find out you’ve been hacked • Peace of mind during the restore process • Useful even if (especially if) you already have an existing backup
  13. 13. Restore from your backup
  14. 14. You’re un-hacked!
  15. 15. Questions? KEANAN KOPPENHAVER @KKOPPENHAVER HTTP://LEVELUPWP.NET
  16. 16. No backup?
  17. 17. Run local scans • Some server infections start with your local environment, make sure that’s clean first
  18. 18. Start from scratch • Difficult to identify everything, even the smallest backdoor could let attacker back in • Fresh (separate) install, bring all content over via WP Export
  19. 19. Post-mortem Site Scan • Sucuri Site Scan • WordFence Site Scan • Command-line diff-ing (on files that aren’t supposed to change)
  20. 20. Change everything • wp-admin password • DB password • FTP/SSH password (maybe use public keys instead?) • Hosting admin panel • SECRET KEYS (to kick out logged in users)
  21. 21. define( 'AUTH_KEY', 't`DK%X:>xy|e-Z(BXb/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|' ); define( 'SECURE_AUTH_KEY', 'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj' ); define( 'LOGGED_IN_KEY', 'MGKi8Br(&{H*~&0s;{k0<S(O:+f#WM+q|npJ-+P;RDKT:~jrmgj#/-,[hOBk!ry^' ); define( 'NONCE_KEY', 'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe' ); define( 'AUTH_SALT', '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G' ); define( 'SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #' ); define( 'LOGGED_IN_SALT', 'w<$4c$Hmd%/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i' ); define( 'NONCE_SALT', 'a|#h{c5|P &xWs4IZ20c2&%4!c(/uG}W:mAvy<I44`jAbup]t=]V<`}.py(wTP%%' );
  22. 22. Part 3 | Prevention
  23. 23. Strong Passwords • Use a password manager (1Password, LastPass) • Don’t share passwords between services (WP, MYSQL, FTP) or installations
  24. 24. Updates • WP Core • Plugins, plugins, plugins (update and clean up) • Themes (update and clean up)
  25. 25. Get a Security Plugin • WordFence • Sucuri • iThemes Security
  26. 26. Hardening WordPress https://codex.wordpress.org/ Hardening_WordPress
  27. 27. Specific Tips • Don’t give the WP user root access to MySQL • Change the default table prefix • Hide the WP version • Change the default login URL (/wp-admin) • Don’t use admin as your username • Block login attempts
  28. 28. Questions? KEANAN KOPPENHAVER @KKOPPENHAVER HTTP://LEVELUPWP.NET

×