SlideShare a Scribd company logo

Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016

V
Vlad Lasky

Presentation slides from Vladimir Lasky's talk "Tips for Fixing a Hacked WordPress Site", presented on Sunday 25th September at WordCamp Sydney 2016.

1 of 40
Download to read offline
1
Tips For Fixing a Hacked WordPress Site
Vladimir Lasky
http://wpexpert.com.au/
WordCamp Sydney 2016
2
Bring Back Memories?
3
Wordfence’s 2016 Survey on How Sites Were Compromised
4
7-Step Recovery Strategy
1. Assess The Damage
2. Identify Sources of Replacement Data
3. Remove Infected Data and Restore from
Replacement Sources
4. Disinfect What Cannot Be Replaced
5. Reconstruct What Cannot Be Disinfected
6. Harden the Security of the Website
7. Repair Damage to Reputation
5
Common Hurdles that Delay Repairs
 Obtaining SSH/FTP Access to Client’s Hosting
Server
– Especially when client is not owner/administrator of
their hosting service
 Obtaining Original Installation packages for
Premium Themes and Plugins
– Especially when site was built by someone else
– Often cheaper & faster to re-purchase plugins or
themes. Usually ensures renewed support & upgrades
6
The Goal
 Ensuring complete disinfection
– There can be no remaining malicious scripts or
exploits that can be used to easily compromise the
site again

Recommended

Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting  - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting  - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Vlad Lasky
 
Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Securing Your WordPress Website - WordCamp Sydney 2012
Securing Your WordPress Website - WordCamp Sydney 2012Vlad Lasky
 
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)WordCamp Cape Town
 
WordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessWordCamp Harare 2016 - Site Speed = Success
WordCamp Harare 2016 - Site Speed = SuccessAnthony Somerset
 
Adobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAdobe AEM Maintenance - Customer Care Office Hours
Adobe AEM Maintenance - Customer Care Office HoursAndrew Khoury
 
Improving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetImproving Website Performance with Memecached Webinar | Achieve Internet
Improving Website Performance with Memecached Webinar | Achieve InternetAchieve Internet
 
Varnish and Drupal- Accelerating Website Performance and Flexibility with Var...
Varnish and Drupal- Accelerating Website Performance and Flexibility with Var...Varnish and Drupal- Accelerating Website Performance and Flexibility with Var...
Varnish and Drupal- Accelerating Website Performance and Flexibility with Var...Acquia
 

More Related Content

What's hot

Optimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonOptimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonChris Olbekson
 
Word Press Security
Word Press SecurityWord Press Security
Word Press SecurityRandall Rode
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sitesJason Yingling
 
High performance WordPress
High performance WordPressHigh performance WordPress
High performance WordPressMikel King
 
High Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleHigh Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleExove
 
WordPress MU 101
WordPress MU 101WordPress MU 101
WordPress MU 101Pete Mall
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.AOE
 
Caching objects-in-memory
Caching objects-in-memoryCaching objects-in-memory
Caching objects-in-memoryMauro Cassani
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The SnailMarcus Deglos
 
Memcached B box presentation
Memcached B box presentationMemcached B box presentation
Memcached B box presentationNagesh Chinkeri
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web HostingOVHcloud
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And ScalabilityJason Ragsdale
 
Achieving Massive Scalability and High Availability for PHP Applications in t...
Achieving Massive Scalability and High Availability for PHP Applications in t...Achieving Massive Scalability and High Availability for PHP Applications in t...
Achieving Massive Scalability and High Availability for PHP Applications in t...RightScale
 
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...OVHcloud
 
First fare 2011 website 101 for frc teams
First fare 2011 website 101 for frc teamsFirst fare 2011 website 101 for frc teams
First fare 2011 website 101 for frc teamsOregon FIRST Robotics
 
The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)Venugopal Gummadala
 

What's hot (19)

Apache Web Server Setup 1
Apache Web Server Setup 1Apache Web Server Setup 1
Apache Web Server Setup 1
 
Optimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp HoustonOptimizing WordPress for Performance - WordCamp Houston
Optimizing WordPress for Performance - WordCamp Houston
 
Word Press Security
Word Press SecurityWord Press Security
Word Press Security
 
Speeding Up WordPress sites
Speeding Up WordPress sitesSpeeding Up WordPress sites
Speeding Up WordPress sites
 
High performance WordPress
High performance WordPressHigh performance WordPress
High performance WordPress
 
High Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control ModuleHigh Performance Sites with Drupal and Cache Control Module
High Performance Sites with Drupal and Cache Control Module
 
WordPress MU 101
WordPress MU 101WordPress MU 101
WordPress MU 101
 
Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.Redundancy Rocks. Redundancy Rocks.
Redundancy Rocks. Redundancy Rocks.
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1
 
Caching objects-in-memory
Caching objects-in-memoryCaching objects-in-memory
Caching objects-in-memory
 
Speeding Up The Snail
Speeding Up The SnailSpeeding Up The Snail
Speeding Up The Snail
 
Memcached B box presentation
Memcached B box presentationMemcached B box presentation
Memcached B box presentation
 
Advanced Web Hosting
Advanced Web HostingAdvanced Web Hosting
Advanced Web Hosting
 
Web Speed And Scalability
Web Speed And ScalabilityWeb Speed And Scalability
Web Speed And Scalability
 
Achieving Massive Scalability and High Availability for PHP Applications in t...
Achieving Massive Scalability and High Availability for PHP Applications in t...Achieving Massive Scalability and High Availability for PHP Applications in t...
Achieving Massive Scalability and High Availability for PHP Applications in t...
 
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
Web agencies: An analysis of the OVH infrastructure to optimise your web proj...
 
First fare 2011 website 101 for frc teams
First fare 2011 website 101 for frc teamsFirst fare 2011 website 101 for frc teams
First fare 2011 website 101 for frc teams
 
VMWare Lab For Training, Testing or Proof of Concept
VMWare Lab For Training, Testing or Proof of ConceptVMWare Lab For Training, Testing or Proof of Concept
VMWare Lab For Training, Testing or Proof of Concept
 
The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)The secret life of a dispatcher (Adobe CQ AEM)
The secret life of a dispatcher (Adobe CQ AEM)
 

Viewers also liked

WordPress News - March 2017
WordPress News - March 2017WordPress News - March 2017
WordPress News - March 2017WordPress Sydney
 
Feedback Controversies
Feedback ControversiesFeedback Controversies
Feedback ControversiesSumeet Moghe
 
UFO Menyambut Th 1980 Planet Bumi
UFO Menyambut Th 1980 Planet BumiUFO Menyambut Th 1980 Planet Bumi
UFO Menyambut Th 1980 Planet BumiNur Agustinus
 
5. DSLR Photography 101 - Colour Management
5. DSLR Photography 101 - Colour Management5. DSLR Photography 101 - Colour Management
5. DSLR Photography 101 - Colour ManagementSumeet Moghe
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsSatapon Yosakonkun
 
M-libraries snapshot January 2013
M-libraries snapshot January 2013M-libraries snapshot January 2013
M-libraries snapshot January 2013Keren Mills
 
Attraction Social Media Intro
Attraction Social Media IntroAttraction Social Media Intro
Attraction Social Media IntroLars Toftefors
 
Kesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoKesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoNur Agustinus
 
Contributing to Drupal: patches, CVS, issue queues
Contributing to Drupal: patches, CVS, issue queuesContributing to Drupal: patches, CVS, issue queues
Contributing to Drupal: patches, CVS, issue queuesJaza
 
Jealousy and how to deal with it
Jealousy and how to deal with itJealousy and how to deal with it
Jealousy and how to deal with itNur Agustinus
 
การจัดการรายการบรรณานุกรมด้วย Zotero
การจัดการรายการบรรณานุกรมด้วย Zoteroการจัดการรายการบรรณานุกรมด้วย Zotero
การจัดการรายการบรรณานุกรมด้วย ZoteroSatapon Yosakonkun
 
Reputation API presentation slides
Reputation API presentation slidesReputation API presentation slides
Reputation API presentation slidesJaza
 
Kuroneko Design Tutorials
Kuroneko Design TutorialsKuroneko Design Tutorials
Kuroneko Design Tutorialskuroino
 
Presentasi Fenomena UFO di Universitas Ciputra
Presentasi Fenomena UFO di Universitas CiputraPresentasi Fenomena UFO di Universitas Ciputra
Presentasi Fenomena UFO di Universitas CiputraNur Agustinus
 

Viewers also liked (20)

Five Minute SEO
Five Minute SEOFive Minute SEO
Five Minute SEO
 
WordPress Security Best Practices
WordPress Security Best PracticesWordPress Security Best Practices
WordPress Security Best Practices
 
WordPress Theming 101
WordPress Theming 101WordPress Theming 101
WordPress Theming 101
 
WordPress News - March 2017
WordPress News - March 2017WordPress News - March 2017
WordPress News - March 2017
 
Feedback Controversies
Feedback ControversiesFeedback Controversies
Feedback Controversies
 
UFO Menyambut Th 1980 Planet Bumi
UFO Menyambut Th 1980 Planet BumiUFO Menyambut Th 1980 Planet Bumi
UFO Menyambut Th 1980 Planet Bumi
 
5. DSLR Photography 101 - Colour Management
5. DSLR Photography 101 - Colour Management5. DSLR Photography 101 - Colour Management
5. DSLR Photography 101 - Colour Management
 
OpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference toolsOpenSource Software for Thesaurus & Reference tools
OpenSource Software for Thesaurus & Reference tools
 
e-Publishing
e-Publishinge-Publishing
e-Publishing
 
M-libraries snapshot January 2013
M-libraries snapshot January 2013M-libraries snapshot January 2013
M-libraries snapshot January 2013
 
Attraction Social Media Intro
Attraction Social Media IntroAttraction Social Media Intro
Attraction Social Media Intro
 
Presentasi ikiduit
Presentasi ikiduitPresentasi ikiduit
Presentasi ikiduit
 
Kesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufoKesaksian astronaut tentang ufo
Kesaksian astronaut tentang ufo
 
Contributing to Drupal: patches, CVS, issue queues
Contributing to Drupal: patches, CVS, issue queuesContributing to Drupal: patches, CVS, issue queues
Contributing to Drupal: patches, CVS, issue queues
 
Jealousy and how to deal with it
Jealousy and how to deal with itJealousy and how to deal with it
Jealousy and how to deal with it
 
Pebisnis Sosial
Pebisnis SosialPebisnis Sosial
Pebisnis Sosial
 
การจัดการรายการบรรณานุกรมด้วย Zotero
การจัดการรายการบรรณานุกรมด้วย Zoteroการจัดการรายการบรรณานุกรมด้วย Zotero
การจัดการรายการบรรณานุกรมด้วย Zotero
 
Reputation API presentation slides
Reputation API presentation slidesReputation API presentation slides
Reputation API presentation slides
 
Kuroneko Design Tutorials
Kuroneko Design TutorialsKuroneko Design Tutorials
Kuroneko Design Tutorials
 
Presentasi Fenomena UFO di Universitas Ciputra
Presentasi Fenomena UFO di Universitas CiputraPresentasi Fenomena UFO di Universitas Ciputra
Presentasi Fenomena UFO di Universitas Ciputra
 

Similar to Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016

Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyWordCamp Sydney
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Brad Williams
 
Wordpress For Begineer
Wordpress For BegineerWordpress For Begineer
Wordpress For BegineerBinita Neupane
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
How to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressHow to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressOtto Kekäläinen
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsBastian Grimm
 
Anatomy of a Wordpress theme
Anatomy of a Wordpress themeAnatomy of a Wordpress theme
Anatomy of a Wordpress themeDave Wallace
 
WordPress Architecture for Tech-Savvy Managers
WordPress Architecture for Tech-Savvy ManagersWordPress Architecture for Tech-Savvy Managers
WordPress Architecture for Tech-Savvy ManagersMario Peshev
 
WordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteWordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteBrendan Sera-Shriar
 
Professional deployment
Professional deploymentProfessional deployment
Professional deploymentIvelina Dimova
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertChetan Soni
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentBrad Williams
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress developmentSteve Mortiboy
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With LoveUp2 Technology
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup   ehermits - how to keep your blog from being hacked 2012Neo word press meetup   ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012Brian Layman
 
Wordpress development: A Modern Approach
Wordpress development:  A Modern ApproachWordpress development:  A Modern Approach
Wordpress development: A Modern ApproachAlessandro Fiore
 
Creating Your First WordPress Plugin
Creating Your First WordPress PluginCreating Your First WordPress Plugin
Creating Your First WordPress PluginBrad Williams
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening StepsPlasterdog Web Design
 

Similar to Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016 (20)

Tips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad LaskyTips for Fixing A Hacked WordPress Site - Vlad Lasky
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
 
Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010Now That's What I Call WordPress Security 2010
Now That's What I Call WordPress Security 2010
 
Wordpress For Begineer
Wordpress For BegineerWordpress For Begineer
Wordpress For Begineer
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
How to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPressHow to publish your plugin as open source and contribute to WordPress
How to publish your plugin as open source and contribute to WordPress
 
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, LeedsWordPress Optimization & Security - ThinkVisibility 2012, Leeds
WordPress Optimization & Security - ThinkVisibility 2012, Leeds
 
Anatomy of a Wordpress theme
Anatomy of a Wordpress themeAnatomy of a Wordpress theme
Anatomy of a Wordpress theme
 
WordPress Architecture for Tech-Savvy Managers
WordPress Architecture for Tech-Savvy ManagersWordPress Architecture for Tech-Savvy Managers
WordPress Architecture for Tech-Savvy Managers
 
WordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media InstituteWordPress 2.5 Overview - Rich Media Institute
WordPress 2.5 Overview - Rich Media Institute
 
W pthemes
W pthemesW pthemes
W pthemes
 
Professional deployment
Professional deploymentProfessional deployment
Professional deployment
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
Intro to WordPress Plugin Development
Intro to WordPress Plugin DevelopmentIntro to WordPress Plugin Development
Intro to WordPress Plugin Development
 
Getting started with WordPress development
Getting started with WordPress developmentGetting started with WordPress development
Getting started with WordPress development
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With Love
 
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
Neo word press meetup   ehermits - how to keep your blog from being hacked 2012Neo word press meetup   ehermits - how to keep your blog from being hacked 2012
Neo word press meetup ehermits - how to keep your blog from being hacked 2012
 
Wordpress development: A Modern Approach
Wordpress development:  A Modern ApproachWordpress development:  A Modern Approach
Wordpress development: A Modern Approach
 
Creating Your First WordPress Plugin
Creating Your First WordPress PluginCreating Your First WordPress Plugin
Creating Your First WordPress Plugin
 
Wordpress Security & Hardening Steps
Wordpress Security & Hardening StepsWordpress Security & Hardening Steps
Wordpress Security & Hardening Steps
 

Recently uploaded

sql ppt for students who preparing for sql
sql ppt for students who preparing for sqlsql ppt for students who preparing for sql
sql ppt for students who preparing for sqlbharatjanadharwarud
 
P1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetP1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetMatthewTHawley
 
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이ssuser82c38d
 
Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Jeffrey Haguewood
 
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkDBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkTimothy Spann
 
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTSi-engage
 
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAutokey
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
 
LLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowLLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowNaoki (Neo) SATO
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20Shane Coughlan
 
killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfssuser82c38d
 
Getting Started with Trello for Beginners.pptx
Getting Started with Trello for Beginners.pptxGetting Started with Trello for Beginners.pptx
Getting Started with Trello for Beginners.pptxmavinoikein
 
Embracing Change - The Impact of Generative AI on Strategic Portfolio Management
Embracing Change - The Impact of Generative AI on Strategic Portfolio ManagementEmbracing Change - The Impact of Generative AI on Strategic Portfolio Management
Embracing Change - The Impact of Generative AI on Strategic Portfolio ManagementOnePlan Solutions
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)GDSCNiT
 
SPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementSPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementISPMAIndia
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriISPMAIndia
 
maximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsmaximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsssuser82c38d
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfssuser82c38d
 
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...ISPMAIndia
 

Recently uploaded (20)

sql ppt for students who preparing for sql
sql ppt for students who preparing for sqlsql ppt for students who preparing for sql
sql ppt for students who preparing for sql
 
P1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 SmartsheetP1 Inspection Types in Municity 5 Smartsheet
P1 Inspection Types in Municity 5 Smartsheet
 
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
killingcamp 광고삽입문제 풀이, killingcamp 광고삽입문제 풀이
 
Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)Automation for Bonterra Impact Management (fka Apricot)
Automation for Bonterra Impact Management (fka Apricot)
 
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and FlinkDBA Fundamentals Group: Continuous SQL with Kafka and Flink
DBA Fundamentals Group: Continuous SQL with Kafka and Flink
 
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
100 TOOLS TO MEASURE AND ANALYSE YOUR DIGITAL MARKETING EFFORTS
 
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdfAUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
AUTOKEYUNLOCKER-BRANDS-SUPPORT-STANDARD-VERSION.pdf
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 
LLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flowLLMOps with Azure Machine Learning prompt flow
LLMOps with Azure Machine Learning prompt flow
 
OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20OpenChain AI Study Group - North America and Europe - 2024-02-20
OpenChain AI Study Group - North America and Europe - 2024-02-20
 
killingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdfkillingcamp longest common subsequence.pdf
killingcamp longest common subsequence.pdf
 
Getting Started with Trello for Beginners.pptx
Getting Started with Trello for Beginners.pptxGetting Started with Trello for Beginners.pptx
Getting Started with Trello for Beginners.pptx
 
Embracing Change - The Impact of Generative AI on Strategic Portfolio Management
Embracing Change - The Impact of Generative AI on Strategic Portfolio ManagementEmbracing Change - The Impact of Generative AI on Strategic Portfolio Management
Embracing Change - The Impact of Generative AI on Strategic Portfolio Management
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
 
eLearning Content Development Company Code and Pixels.pdf
eLearning Content Development Company Code and Pixels.pdfeLearning Content Development Company Code and Pixels.pdf
eLearning Content Development Company Code and Pixels.pdf
 
SPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product ManagementSPM 2024 – Overview of and benefits of AI in Product Management
SPM 2024 – Overview of and benefits of AI in Product Management
 
AI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit BendigiriAI Product Management by Abhijit Bendigiri
AI Product Management by Abhijit Bendigiri
 
maximum subarray ppt for killing camp students
maximum subarray ppt for killing camp studentsmaximum subarray ppt for killing camp students
maximum subarray ppt for killing camp students
 
killing camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdfkilling camp week 6 problem - maximal matrix.pdf
killing camp week 6 problem - maximal matrix.pdf
 
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
Product Manager vs Product Owner – Why Do Companies Still Struggle 23 Years A...
 

Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016

  • 1. 1 Tips For Fixing a Hacked WordPress Site Vladimir Lasky http://wpexpert.com.au/ WordCamp Sydney 2016
  • 3. 3 Wordfence’s 2016 Survey on How Sites Were Compromised
  • 4. 4 7-Step Recovery Strategy 1. Assess The Damage 2. Identify Sources of Replacement Data 3. Remove Infected Data and Restore from Replacement Sources 4. Disinfect What Cannot Be Replaced 5. Reconstruct What Cannot Be Disinfected 6. Harden the Security of the Website 7. Repair Damage to Reputation
  • 5. 5 Common Hurdles that Delay Repairs  Obtaining SSH/FTP Access to Client’s Hosting Server – Especially when client is not owner/administrator of their hosting service  Obtaining Original Installation packages for Premium Themes and Plugins – Especially when site was built by someone else – Often cheaper & faster to re-purchase plugins or themes. Usually ensures renewed support & upgrades
  • 6. 6 The Goal  Ensuring complete disinfection – There can be no remaining malicious scripts or exploits that can be used to easily compromise the site again
  • 7. 7 1 - Assessing The Damage
  • 8. 8 Identifying The Infection  Sucuri Site Check – https://sitecheck.sucuri.net/  Google Webmaster Tools – https://www.google.com/webmasters  If WordPress admin is still accessible, vulnerability scanning plugins like Wordfence – https://wordpress.org/plugins/wordfence/
  • 12. 12 2 - Identifying Sources of Replacement Data
  • 13. 13 Recovering Website Content & Stylesheets  Past Website Backups (Files and Database)  Cached Version of the Website in Google Search – E.g. to see the most recently cached version of website.com, visit google.com and perform the following query: • site:websitehostname.com  Archive.org (also called Internet Archive or Wayback Machine)
  • 14. 14 Example - Accessing Google’s Cache
  • 16. 16 Recovering WordPress Itself  The latest version of WordPress can always be downloaded from this URL: – https://wordpress.org/latest.tar.gz  Previous versions can be found here: – https://wordpress.org/download/release-archive/
  • 17. 17 Recovering Website Themes & Plugins  Common Download Locations for Free Plugins: – WordPress.org Theme and Plugin Repositories – GitHub – Theme/Plugin Author’s home page  Premium Themes/Plugins – Ask clients to search their emails for • original theme/plugin installation packages • login details for theme/plugin marketplaces i.e. Envato – Sometimes original theme/plugin packages have been left on the server by a previous developer
  • 19. 19 What is Secure Shell (SSH)?  Allows you to access a UNIX (Linux) shell on your hosting server - similar to the Command Prompt under Windows  SSH access must be enabled by your web host  Some hosts enable by default, others require a special request, a minority forbid it   Recommended Windows SSH Client is PuTTY – http://www.chiark.greenend.org.uk/~sgtatham/putty/
  • 20. 20
  • 21. 21 Why use SSH?  Saves time spent in uploading/downloading files to/from the web host  Lets you run many useful UNIX/Linux shell commands to help quickly locate and repair damage  Avoids triggering infected PHP code within your WordPress installation
  • 22. 22 Common Infectious Payloads:  Shell code (a back door for the hacker) – Often appears as strangely-named PHP files with obfuscated content  JavaScript code to run in the visitor’s browser that: – retrieves content from external sites (often spam or spam links) – attempts to trigger vulnerabilities in the visitor’s web browser  The attacker boasting about their achievement
  • 23. 23 Precautions When Making Changes  Backup the site files and database before making any changes – cp –pa public_html prev OR – tar zpcvf prev.tar.gz public_html  Also make backups during each step of disinfection process just in case you make a mistake and have to revert
  • 24. 24 WordPress Files That Are Often Infected:  Root Folder – wp-config.php – wp-load.php  Anywhere within the installation: – .htaccess – index.php – index.html  Within directory /wp-content/ – Theme templates – Plugin Files
  • 25. 25 Disinfecting with Wordfence  Wordfence has the ability to compare and replace WordPress core files, theme files and plugin files with official repository versions  Powerful, but still often misses things  Cannot help with custom/premium themes and plugins  Should always be followed up with manual disinfection procedures
  • 26. 26 Replace WordPress Core Files  Move WordPress core files/folders within the website’s root folder to a quarantined location – Folder wp-includes – Folder wp-admin – Files matching wp-*.php (except wp-config.php), index.php, xmlrpc.php  Download the latest WordPress into a temporary folder and move the new copies of the core files/folders into the website’s root folder
  • 27. 27 Inspect Site Content Folders  Any remaining issues are likely to be contained within the folder /wp- content  Be suspicious of: – .php files with unusual names – ANY .php files within wp-content/uploads (should not normally be there)  Index.php outside of the root folder files should normally only have something like: – <?php // Silence is golden. ?> – Their purpose is to prevent users from being able to list the directory contents
  • 28. 28 Finding Files Modified Between Two Dates  Between two dates: – find . -type f -newermt 2010-10-07 ! -newermt 2014-10-08  Between two dates & times: – find . -type f -newermt "2014-10-08 10:17:00" ! -newermt "2014-10-08 10:53:00"  This command will find and move the files to “destdir”: – find srcdir -type f -newermt 2014-08-31 ! -newermt 2014-09- 30 -exec mv -i {} destdir/ ;
  • 29. 29 Comparing Site Files With A Good Version  The utility diff compares two files/directories and displays lines of text that differ between them.  Comparing with a good version from a backup or installation package may reveal the infection, allowing it to be manually removed with a text editor – E.g. comparing the theme folder with one from a backup • diff –qr mybackup/wp-content/themes/mytheme public_html/wp- content/themes/mytheme – E.g. Comparing an installed plugin with a downloaded package • diff –qr downloads/myplugin public_html/wp-content/myplugin
  • 30. 30 Searching Contents of Files for Infections  To search within a directory for files containing a search string (regular expression): – fgrep –R foldername “searchstring”  These PHP functions are often present in obfuscated code, so searching for them by name can identify its presence: – base64_decode – gzinflate – eval
  • 31. 31 Infected Widgets  On occasion, some attacks may result in malicious JavaScript code is inserted into text widgets  Look through your widgets for anything that should not be there
  • 32. 32 Disinfecting .htaccess  .htaccess contains settings that override the default behaviour of the Apache web server  Malware often overrides the web server’s error handler with its own actions  Detailed topic, but you can delete the .htaccess file in the root folder and recreate it by going to Settings- >Permalinks and selecting “Save Permalinks”  If you are using a page caching plugin that modifies .htaccess, you may need to reconfigure or save its settings again.
  • 34. 34 Failsafe Disinfection (Last Resort)  Record the installed plugins & themes by: – Accessing WordPress admin or – By inspecting contents of /wp-content/plugins and /wp- content/themes  Use the WordPress Exporter plugin to export page, post and menu content into an export file – https://en-au.wordpress.org/plugins/wp-exporter/  Quarantine the entire WordPress root folder  Setup WordPress from scratch, install the required plugins and themes, import content from the previous export file – https://codex.wordpress.org/Importing_Content
  • 35. 35 Common Disinfection Hurdles  A theme/plugin with a security vulnerability is no longer maintained – Hire a developer to audit the code and fix its security weaknesses – Replace with a newer theme/plugin that provides similar functionality
  • 36. 36 Reconstruction  Common Reconstruction Tasks – Reconfiguring Off-the-shelf Plugins & Themes – Rewriting Theme stylesheets and re-uploading graphics – Reconfiguring widgets – Reposting content
  • 37. 37 Security (Re)Hardening  Reset users’ passwords  Change the MySQL database password  Update WordPress, Themes and Plugins to latest versions – May require renewal of support for Premium themes/plugins
  • 38. 38 Beware of UTF-7 Encoding  From WordPress Admin go to Settings->Reading  Is this visible?  An attack has weakened WordPress’s character encoding settings to facilitate future XSS (Cross- Site Scripting) attacks.  Change this setting back to UTF-8
  • 39. 39 Repairing Damage to Reputation  Remove Google warnings by submitting a reconsideration request in Google Webmaster Tools that outlines: – That you have disinfected your site – What you have done to prevent a recurrence, e.g. Updated software to address security vulnerabilities, installed a Web Application Firewall (WAF)  Inform users & readers of your site
  • 40. 40 More Information  Wordfence’s article “How Attackers Gain Access to WordPress Sites” – https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/  Google Webmaster’s help for hacked sites: – https://www.google.com/intl/en/webmasters/hacked/  Slides from My Previous Security Talks. Old but good  – Wordcamp GC 2011: • http://slidesha.re/tr2XA5 • Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security plugins – WordCamp Sydney 2012: • http://www.slideshare.net/wordcampsyd/securing-your-wordpress-website-vlad-lasky-wordcamp- sydney-2012  Questions and Comments: – http://wpexpert.com.au/contact-us/