Previously, I have talked much information about why your wordpress site being hacked and also how to identify that hackers want to destroy your site. I will continue about how to secure your wordpress site and this is the other chapter of my tutorial and please re-share this article if you find benefits for you.
Websites get “hacked” all the time, and the symptoms a site experiences as a result differs from case to case. Your website might redirect to a website you’ve never seen before, it might get flagged as malicious by Google, or it might have even developed a keen interest in improving your visitors’ sexual life through medicaments and dating websites.
No matter what your site’s symptoms, there’s almost always a cure. As a fully managed service, we’re on hand to rid your site of all malicious content, but this doesn’t stop you knowing how to do it yourself. In this post I explore how to identify and remove malicious content, and the steps you can take to make sure your site doesn’t surrender to hackers again.
You Receive ‘Forbidden’ Error Message
If a ‘403 Forbidden’ error displays when you visit your website, it’s safe to assume that we’ve identified malicious activity and have gone ahead and disabled your site.
To rid your site of malicious content, you will firstly need to grant your computer access to your website. In order to do this, you’ll need your computer’s IP (the unique number that your computer identifies on the internet with). You can find out your device’s IP simply by visiting www.whatismyip.com
The underlined number is your IP. Jot this down as you’ll need to reference it later on.
How to Identify Malicious Content
Now you have access to your admin panel, you can take steps to identifying and removing the malicious content from your site. To do this, we firstly recommend you install the Wordfence plugin, an excellent anti-malware solution that scans your site for ‘issues’.
Once installation is complete, Wordfence will appear in the left-hand side bar of your WordPress admin panel. Click ‘Wordfence’ then ‘Scan.’ All your websites files will now be scanned for any content that might be malicious. All identified issues will be highlighted with ‘next step’ suggestions.
You can also use Sucuri, an excellent third-party company that specialises in malware detection.
How to Prevent This Thing Happened Again
Keep WordPress and all your plugins updated
More often than not, one outdated plugin is all it takes for someone to exploit your website. Every single plugin and WordPress update introduces security fixes which if are not applied, leave your site open to known vulnerabilities. We strongly advise that you only use plugins from established developers, and that when an update becomes available, run it as soon as possible.
Make sure that your devices are clean
Sometimes a sneaky file might go through with a regular application that you are installing leaving access to your computer open. Common viruses include, keyloggers which send all your usernames and passwords to someone as you type and Trojans which leaves your password file visible to hackers. Run antivirus scans on all the devices you have used to access your website and as an extra precaution reset all related passwords.
Avoid plugins with known exploits
If you are about to install a new plugin, hold back for just 5 minutes. Before you go ahead and install it, carry out a simple Google search to uncover any known exploits – it could save you a lot of hassle. Take extra care to ensure that you do not download anything ‘nullified’ or from an unofficial source.[crp]