What to do if the WordPress website is hacked? Share detailed solutions for cool topics

In our daily life WordPress Theme In after-sales work, users often report problems on the website, for example, Alibaba Cloud prompts the backdoor trojan file; Jump to another address after opening; The page is garbled; Other content has been added. According to our experience, this is generally caused by the website being hacked.

How to confirm whether the website is hacked

According to past experience, it can be judged by the following ways:

1. If Alibaba Cloud prompts for a backdoor trojan file, it can basically be confirmed;

2. The website is maliciously redirected to other addresses, especially when it jumps and does not jump, or when it jumps from Baidu, it is also very likely that it will not jump when it normally enters;

3. The website is included by the search engine with abnormal content not added by itself, which may also be hacked;

4. In case of other exceptions, it is recommended that you can enter the website directory to check whether there are other new exception files (not the wp system files, nor self upload, you can download the original wordpress and unzip it to see the file list comparison);

5. If you are interested in Have some understanding of PHP , then you can sort the website files according to the time, look at the recently modified PHP files, and open some randomly to see whether there are confused encrypted codes or other abnormal codes.

Solution for being hacked

At present, the common backdoor malicious code will not only appear in one file, but will infect many files, and generate many new malicious backdoor files, which may be placed in any directory, so the cost of manual inspection is high, and there will also be omissions. We generally recommend directly reinstalling the website, and then restoring the backup, as follows:

1. First, back up all files in the root directory of the website. If you are familiar with WordPress operations and confirm that there are no other files to back up, you can only back up the uploaded attachment directory (normally it should be wp-content/uploads Contents);
2. Delete all files on the website;
3. Download the latest version of wordpress from the official website and upload it to the root directory of the website again;
4. Find the previous backup data, and restore the uploaded attachment directory in the backup data to the website directory separately (normally it should be wp-content/uploads Directory. It is recommended to randomly check whether there are files with PHP suffix in the directory. If there are, there may be backdoor files in the attachment directory. These PHP files need to be deleted);
5. When visiting the website address, you will enter the installation page. After you configure the database information as prompted, you will be prompted that it has been installed, and then use the website account password to log in to the background;
6. Then install the theme and plug-in used before from the theme/plug-in official website channel

Daily preventive measures

1. The administrator account password should be as complex as possible. It is not recommended to use the default user name admin ;
2. Wordpress, themes and plug-ins are recommended to be updated to the latest version, and lower versions may have security vulnerabilities;
3. Download and install wordpress, themes, and plug-ins from the official website. In particular, it is not recommended to use pirate cracking resources;
4. Regularly back up website files and databases, so that problems can be recovered in time;
5. Some security protection plug-ins can be installed;