What to do if the site is hacked
Posted: Sun Feb 02, 2025 6:37 am
The plugins listed above work if they were originally included in the site software. You can install additional plugins and check the system again with them:
NinjaScanner is a simple tool that catches viruses and pirated codes in files. This plugin examines the contents of the site, and then conducts a comparative analysis with the original samples of files stored in WordPress, plus it performs some other checks.
GOTMLS — during the check process, it can find Trojans, backdoors, all kinds of viruses and other dangerous injections. It functions as a firewall, protecting databases from external intrusions. In order for the plugin to be updated regularly, you must go through the registration procedure (it is free).
Quttera Web Malware Scanner — successfully list of timeshare owners detects any viruses, Trojans, worms, injections and iframes, redirects and a whole list of other threats embedded in databases. It also analyzes whether your web resource has been blacklisted for any reason.
Using the listed plugins, you can scan your resource and identify existing threats. But not all of the named tools have sufficient functionality to eliminate the detected vulnerabilities of sites.
Users, the resource administrator or the provider may notice that the site is not working correctly and that there has most likely been an intrusion. Often, web site owners believe that pirate hacks occur solely due to the fault of hosting providers, in particular due to errors in administration or weak security mechanisms.
However, in reality, in most cases, it is the owners themselves who are to blame for the fact that the site has become easy prey for hackers. In fact, it turns out that the most basic security rules were not followed.
Read also!
"Malicious Code: How to Secure Your Website"
Read more
Therefore, instead of rushing to blame the hosting provider for the problems that have arisen, it is better to quickly establish contact with them and try to resolve the situation together. Believe me, the hosting provider does not want the sites it supervises to be constantly hacked either.
If signs of a pirate invasion are detected, the following actions should be taken:
Try to collect and analyze all information about the attack:
contact the hosting technical support service, ask them to provide you with logs (special logs, there are two types: access_log and error_log) for the maximum available time interval;
make a request for the provision of the ftp server log;
Describe the problem in detail. It would be good if you could specify the exact date and time. Describe what malfunctions were detected. This could be a stream of left links (you need to specify which pages they were inserted on), modification of the main page, incorrect redirection of mobile users. Antiviruses (desktop and search engine) may send distress signals.
Explore all devices through which connections to the resource were made, databases and antivirus updates.
What to do if the site is hacked
Source: Nattakorn_Maneerat / shutterstock.com
Change all passwords (admin on the site, from ftp and host). Generate strong passwords: longer than seven characters, with numbers, uppercase and lowercase letters.
Use a backup copy of your site if its operation is significantly disrupted.
Once the troubleshooting work is complete, take a number of steps to protect your resource from further intrusions.
Use any free scanner like ClamAv, LMD, AI-BOLIT and check your resource. Detected hacker scripts must be removed.
Find the latest version of CMS on the official developer's website and update. In general, install all possible updates (for CMS plugin modules).
NinjaScanner is a simple tool that catches viruses and pirated codes in files. This plugin examines the contents of the site, and then conducts a comparative analysis with the original samples of files stored in WordPress, plus it performs some other checks.
GOTMLS — during the check process, it can find Trojans, backdoors, all kinds of viruses and other dangerous injections. It functions as a firewall, protecting databases from external intrusions. In order for the plugin to be updated regularly, you must go through the registration procedure (it is free).
Quttera Web Malware Scanner — successfully list of timeshare owners detects any viruses, Trojans, worms, injections and iframes, redirects and a whole list of other threats embedded in databases. It also analyzes whether your web resource has been blacklisted for any reason.
Using the listed plugins, you can scan your resource and identify existing threats. But not all of the named tools have sufficient functionality to eliminate the detected vulnerabilities of sites.
Users, the resource administrator or the provider may notice that the site is not working correctly and that there has most likely been an intrusion. Often, web site owners believe that pirate hacks occur solely due to the fault of hosting providers, in particular due to errors in administration or weak security mechanisms.
However, in reality, in most cases, it is the owners themselves who are to blame for the fact that the site has become easy prey for hackers. In fact, it turns out that the most basic security rules were not followed.
Read also!
"Malicious Code: How to Secure Your Website"
Read more
Therefore, instead of rushing to blame the hosting provider for the problems that have arisen, it is better to quickly establish contact with them and try to resolve the situation together. Believe me, the hosting provider does not want the sites it supervises to be constantly hacked either.
If signs of a pirate invasion are detected, the following actions should be taken:
Try to collect and analyze all information about the attack:
contact the hosting technical support service, ask them to provide you with logs (special logs, there are two types: access_log and error_log) for the maximum available time interval;
make a request for the provision of the ftp server log;
Describe the problem in detail. It would be good if you could specify the exact date and time. Describe what malfunctions were detected. This could be a stream of left links (you need to specify which pages they were inserted on), modification of the main page, incorrect redirection of mobile users. Antiviruses (desktop and search engine) may send distress signals.
Explore all devices through which connections to the resource were made, databases and antivirus updates.
What to do if the site is hacked
Source: Nattakorn_Maneerat / shutterstock.com
Change all passwords (admin on the site, from ftp and host). Generate strong passwords: longer than seven characters, with numbers, uppercase and lowercase letters.
Use a backup copy of your site if its operation is significantly disrupted.
Once the troubleshooting work is complete, take a number of steps to protect your resource from further intrusions.
Use any free scanner like ClamAv, LMD, AI-BOLIT and check your resource. Detected hacker scripts must be removed.
Find the latest version of CMS on the official developer's website and update. In general, install all possible updates (for CMS plugin modules).