WordPress Tutorials :: Page One Blog

“Help, my WordPress has been hacked!”

Nothing is worse than the feeling you get when you visit your website only to find a huge Google warning that says “Warning: This site might hurt your computer”! The first time it happened to me I wanted to cry. I had worked so hard at getting my site indexed and ranking well and I thought I had lost everything to a hacker.

Once I got over the initial shock, I found it was fairly simple to work through.

What to do if your WordPress has been hacked:

The first thing you need to do is prevent any users from coming to your website. You don’t want to inadvertently infect any of your visitor’s computers. Fixing the hack is usually easy and fast but in the meantime you must take care. Create a simple index.html file stating the site is temporarily closed for maintenance and FTP it into the root directory. (don’t forget to delete this once the site is fixed)
Next you want to go to Google Webmaster Tools and remove any URLs that contain the malware. http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=164734&rd=1 Don’t worry, you will get theURLs re-indexed when the cleanup is completed.
9 times out of 10 malware can be easily be removed by deleting your current corrupted blog theme and reinstalling a clean one. Use your FTP client and navigate to wp-content/themes and just delete the folder that contains your theme files. Once it has been deleted, you can upload a clean version of the theme.
If installing a clean version of your theme didn’t do the trick, the next place to look is your plugins. In your FTP client, rename your plugins folder plugins.bak and create a new plugins directory. Once you have done that, check to see if it fixed the problem. If it did, then delete the plugins.bak directory and do a clean install of all of your plugins.
If none of the above works, then you may have to do a database restore from a backup file. This is exactly why it is important to do frequent backups of your database. If you are unsure how to do a database restore, you should contact your web host. They should be able to remove the database and restore the site with their own backup of your site.
If all else fails, you may need to do a fresh install of your WordPress.

Once you have the site cleaned up, you will need to go into Google Webmaster Tools and submit your site for reconsideration. This is easy to do and usually results in your site being re-indexed within 24 hours. Oh, and don’t forget to change your password!

How to prevent WordPress from getting hacked again

Because WordPress is an Open Source software and many different developers create themes and plugins for it, there are sometimes opportunities for hackers to find a way in the back door and place MalWare or destructive code into your blog.

There are many ways you can protect WordPress from future hacker attacks.

For starters, never use the default “admin” as your log-in username and make your password secure. It might be easier to remember a blog123 password, but it is also pretty easy for a hacker to figure that out. Use at least 8 characters with both upper and lower case, numbers and punctuation.
Install a firewall plugin. This will prevent anyone from being able to alter your code or upload files to your server. WordPress Firewall 2 is a free plugin that I recommend.
Next, install a Security Scan or Malware Scan plugin. WP Security Scan by WebDefender is a very good choice. This plugin will help you create backups and change the file names of the most commonly hacked files.

If you make your WordPress security more difficult for a hacker to easily tap into, they will not waste their time on your site as there are thousands of other sites that are much easier for them to get into.

Technorati Tags: best wordpress security plugins, featured, how to protect your wordpress from hackers, my wordpress has been hacked, warning this site may harm your computer, what to do if wordpress is hacked, wordpress security plugins

Installing plugins on WordPress is very easy and this tutorial will walk you through how to install a plugin on WordPress.
The latest versions of WordPress have the plugin installation process built-in. Just follow the steps below:

	Step 1 Navigate to the “Add New” section of your plugins. You will find this link in the left sidebar under Plugins
Step 2
Type the name of the plugin you want to install in the search field. If you do not know the name, you can type in a keyword such as “firewall” or “contact form”, or any function or feature you are looking to add to your WordPress. Then click on the “Search Plugins” button. If you have already downloaded a plugin to your computer, you can use the “upload” format instead of the search results. Then you will simply select the zipped file on your computer to upload it.
Step 3
The search will result in a list of plugins relevant to your search. All you have to do is decide which one best suits your needs. To make it easier for you to decide, WordPress has a user generated star rating system. The most popular and most stable versions will have a 4-5 star rating. There is also a desciption of the plugin features as well as links to the full listing were you can obtain additional information and any special installation instructions. Once you have chosen the plugin you want to install, you just click the Install Now link. A pop-up window will ask if you are sure you want to install and you just click OK.
Step 4
In a few seconds, the plugin will be installed and you will see the above message stating that the installation was successful. Before your plugin can work, you must activate it. So click on the “Activate Plugin” link. This will return you to the Installed Plugin list.
Step 5
In your Installed Plugins list you should now see the plugin you have just installed. There will be a menu under it with Settings (if you need to configure it, not all plugins require this),. If it says “Deactivate” you know it is currently activated. If it says “Activate”, it means you have not activated it yet and you can do so by just clicking on the activate link. There is also an Edit link but you should not click this unless you are a techie type as this is where you can edit the actual code of the plugin script. If at any time you wish to delete a plugin, you will need to deactivate it first. Once it is deactivated, there will be a delete link.
	Step 6If at any time you need to edit or configure your plugin settings you will most often find them listed in the “Settings” menu. Some plugins may have their own special menu. In that case scroll further down the sidebar and you will see them listed below the Settings menu or look in the “Tools” menu.
Step 7
If at any time you need help figuring out how to properly configure a plugin you can return to the “Installed Plugins” list to go to the developer’s website. Most plugins are well supported and well documented and they will include FAQ and any special instructions or offer support to answer your questions.