Hacking Book | Free Online Hacking Learning

Home

how to check wordpress website from hackers to other websites

Posted by chiappelli at 2020-04-03
all

Many enterprise websites don't have special security personnel. They don't have enough awareness of website security. How to solve the problem of jumping to other websites after being invaded by hackers? Dad here to share with you the basic screening methods after the website was hacked.

Our website is harassed by malicious crawlers almost every day, but it's not black, so you can't notice it. In case the website is black, don't panic. Follow the steps below to check and solve it step by step.

Step 1: ask the hosting service provider for help

For example, foreign trade people use more SiteGround, or BlueHost, etc. the packages have security items such as malware scanning.

You can send the work order directly to customer service for help.

If the service you buy does not include this project, you can only check it by yourself.

Step 2: check the server file

Log in to the server and check whether there are unknown files or folders in the website directory. Usually, the files with disorderly names are very suspicious.

You can also judge according to the creation time of the file. If you haven't uploaded the file to the server in the near future, the most recent file is very suspicious.

The most reliable way is to find an experienced technician to help you analyze. If you can't find it, you can make a simple judgment by comparing with the default directory list of WordPress (although you may not be able to judge which files are generated by normal plug-ins)

In the red box above is the core file of WordPress.

WP content folder contains some folders uploaded by the website, such as themes and plug-ins.

Wp-config.php is the website configuration file, which is generated when the website is installed.

Step 3: reinstall WordPress

You can back up the website and then reinstall word press.

Note that when reinstalling the website, except for the uploaded image files, other files should not be uploaded to the website server again.

The theme and plug-in are both downloaded from the official website and then uploaded, so as to avoid that the plugin and the theme contain malicious code that you don't know.

Step 4: install a security plug-in

At this time, Trojan files usually no longer exist, but to avoid some malicious code hidden in your article, so we can install some security software to help you solve.

Related articles:

Finish the above work, if the hacker that your website encounters is not particularly troublesome invades, so should have cleared Trojan file.

Next, you need to do a good job in server security.

For example, setting a complex server password, upgrading the server system and components, upgrading the website version and plug-ins, etc.

For more information about WordPress security, please visit the corresponding topic.

This is the 16th / 20th in a series: WordPress security