Website hacked - What to do?

Adam · 11 Nov 2013 at 11:02

First of all my host, tsohost, have been great helping me with this but I appreciate there is only so much they can do.

Essentially the website has been hacked twice now, last week was the worst such hack and we found the website had been changed to an Islamic website supporting Palestine with lots of arabic text and the message it had been hacked. Not ideal. I was travelling with work at the time so only got the website back up and running on Friday night. I restored it using a backup from backup vault, took a local copy of the website, updated wordpress and changed the site password. Today the website throws up a 403 error message and tsohost has said the site is infected with malware and seems to be hacked again.

What more can I do and how can I get the site back up and running in the long term? It's my girlfriends website for her business so it's costing her money the longer it stays down.

Adam · 11 Nov 2013 at 15:24

Cheers for the suggestions.

Also the hacked arabic text now appears as a result when searched via Google, how can this be removed? Will Google update over time?

Adam · 11 Nov 2013 at 16:02

I think there must be something in the backups which is causing the issue. My work virus scanner highlighted a file called reboot.php as being malicious.

I understand the basic principles of how wordpress and editing it works, but it did take me a fair amount of time for me to edit the theme, add content etc. What's the best way of me getting up and running again from a clean install? That's the only way I can see myself getting out of this.

Adam · 12 Nov 2013 at 16:49

Thanks for the suggestions, I am back up and running and everything looks good. The risk is that I could have used a backup which is compromised, but I only copied across the theme folder to a new wordpress installation with a new database username and password.

Better WP Security also threw up some suggestions so I hope I am more secure than I was before.

Cheers

Adam · 18 Nov 2013 at 20:57

Oh man it's happened again. This time the site threw up a 403 error. The host has said the site was hacked and they have brought it back online again. Why would the site get in to this state and what can I do to prevent it?

I have followed all of the advice in this thread by changing passwords, using the enhanced wordpress security plugin etc. I'm at a loss as to why this is happening!