如何Сlean一个被黑客攻击的WordPress网站

Due to the lack of proper security measures, you may experience a hacked WordPress的网站. WordPress sites can be an easy target since its source code is readily available and 近25%的网站 在WordPress上运行的全局指标. In the Q1 of 2016, 78% of all the hacked sites were WordPress based. Now, the Core development team has been constantly working in order to ensure that there are no security threats in place. 大量插件存在安全错误, defectively-coded主题, 可能服务器端也有问题.

WordPress网站被黑客攻击的迹象

To quote a stat, out of every four hacked websites, three of them run on WordPress. So, 在我们强调如何清理被黑的WordPress网站之前, 让我们关注一下WordPress网站被黑的迹象.

• 服务器上或WordPress安装中的文件不存在.
• 文件显示最近修改的日期. All the files may appear with a modification date of 2016-10-02 and one file is showing its modification date of 2017-05-26. 你应该对最近修改过的文件持高度怀疑态度.
• 访问日志中存在奇怪的请求. This can indicate that the file used to modify other files of your website.

清理被黑客入侵的WP网站的重要步骤

你甚至可以向 专家开发人员 或者自己去做. Let us share some vital information on how to clean a hacked WP website:

• 扫描你的网站

It is recommended to scan your website to get unsafe malware locations and payloads. 按照以下步骤扫描被入侵的WP网站.

使用任何网站 反恶意软件安全软件, login into WordPress as an admin and click on ‘Security’ and then ‘Malware Scan’. 点击“浏览网站”. 如果网站被感染，您将看到一个警告.

If the remote scanner cannot find a payload, go for other tests in this part. It is also possible to check the Links/ iFrames/ scripts tab of the malware scan to check suspicious components. If numerous websites are there on the same server, it is suggested to scan them all. Cross-site contamination is considered as one of the important reasons of repeated infections. Each website owner should separate their web and the hosting accounts.

• 验证核心文件的完整性

你不应该修改WordPress的大部分核心文件. 有些插件是用来验证WP核心文件完整性的，比如 完整性检查程序 其中包括管理和根文件夹检查.

Read on to know the steps to verify the integrity of core file using plugin.

1. Log into WP as admin and enter into ‘Security; and then ‘Dashboard’.
2. 重新检查岩心完整性部分以获得当前状态. A hacked WP site could involve any added, modified or removed files.
3. 如果没有任何修改，核心文件不会被黑客入侵.

• 测试当前修改的文件

It is also possible to check hacked files by verifying if they are modified through audit logs. 执行以下步骤来验证文件最近是否被修改过.

Log in to WordPress as ‘Admin’ and go to ‘Security’ and then ‘Dashboard’. 检查审计日志部分，查看最近所做的更改. It may be highly doubtful if there are unusual modifications in the last 7 to 30 days.

• 检查用户登录

You may check the list of current user logins to verify if passwords are stolen or new susceptible users are made. 你可以使用插件，比如上次登录时间来检查当前的登录. It is suggested to log in WP as an admin and click on ‘Security’ and then ‘Last logins’. 验证用户列表和登录时间. 突然的登录日期或时间表明用户帐户被黑客入侵.

一旦你得到了恶意软件的位置信息, 以及受损的用户, you can clean them from WP and restore your website to its clean state. It is advised to compare current position of the site with old and clean backup to detect hacked files. If you find a backup, you can use it to compare two versions and detect what is modified.

如何清理被黑客入侵的网站文件?

修复核心文件应遵循一些步骤. You may log in to WordPress as admin and then go to Security > Dashboard.

1. 检查核心完整性部分下的警告. Choose removed and modified files and select restore source action.
2. 选中此框以了解该操作可以被恢复. 点击继续.
3. 选择已添加的文件并选择删除文件操作. 再次执行最后两个步骤.

Fresh copies or a current backup can be used to replace custom files. Perform the steps to remove a malware infection manually from 网站文件.

1. 通过SFTP或SSH方式登录服务器.
2. 在进行任何更改之前，对网站进行备份. 检测最近更改的站点.
3. 与用户验证更改日期. It is recommended to repair doubtful files from the WordPress repository. 您可以通过文本编辑器打开任何自定义文件.
4. 从自定义文件中消除可疑文件. 在发生更改后验证站点是否正常运行.

清理被黑客入侵的数据库表

Database admin panel can be used to remove a malware infection from website database and also connect to the database. These steps are crucial for removing a malware infection from your database tables.

首次登录时以admin登录数据库. 建议在修改前进行备份. 您可以搜索可疑内容并手动删除它们. 验证网站在进行更改后是否正常运行. It is recommended to eliminate any tools that are uploaded to access the database.

安全用户帐户

如果有不常见的WordPress用户, it is recommended to eliminate them so that hackers cannot use them. It is important to have only one admin user and provide other user’s role with the smallest amount of privileges.

1. You need to perform these steps to manually to eliminate doubtful users.
2. 在继续之前，请备份数据库和站点. 以管理员身份登录WP，然后点击users. 您需要查找可疑的用户新帐户.
3. 将鼠标悬停在可疑用户上并点击删除.
4. If you think any of your user accounts are changed, the password can be reset.

通过使用插件，可以重置用户密码. You need to log in WordPress as admin and go to ‘Security’ and then ‘Post Hack’.

1. 点击重置用户密码选项卡. 选中您认为已更改的用户帐户旁边的复选框.
2. Check the box to verify that you understand that this option cannot be reverted. 现在单击重置用户密码.
3. 用户将收到一封带有强大临时密码的电子邮件.

Bonus Tips:

1. For robust hacks, always consult a professional so that you do not get your website messed up.
2. If Google has marked your website as ‘Insecure’, chances are that your website is hacked. 注意这个.
3. 聘用优秀人才 可靠的虚拟主机服务 对于你的网站.
4. 总是删除任何可疑的插件或删除不活跃的插件.
5. Update your Passwords regularly and limit the number of login attempts.
6. 使用像Sucuri这样的安全强化器.
7. Use Web Application Firewalls to protect the site from hack attempts. 安全插件 like MalCare offer Firewall that blocks bad traffic as well as protects the login page against brute force attacks.

Summing up

安全漏洞在很大程度上是黑客攻击的根本原因 WordPress的网站. To stay secure, pay attention to several signs which indicate a probable hack. 以防有人闯入, it is recommended to perform the above-mentioned actions to clean your hacked WP site.

If you have feedback or any suggestion, kindly let us know through a comment below.

Related posts

联合你的WordPress内容的利弊

WordPress 101:从这些在线课程开始你的网站

使用WordPress来促进你的自由职业者业务

Should I Use WordPress, Tumblr, Blogger or Squarespace for My Blog?

在WordPress中快速加载图像的四个技巧