Thoughts On Fixing a Hacked WordPress Blog
Over the past few months, this blog was being redirected to a website hosting malware. Every time I fixed the problem, it came back within the next few days. I tried several things, like updating to the lastest version of WordPress and changing all of my passwords, but none of them worked. But after reading an article on the I Was Hacked blog, I managed to solve it permanently. The article is very comprehensive, so I will not bother going into details. Instead I want to summarize the steps that I found helpful in solving my problem.
- The first step was to remove the links to malware from my blog. Since only my theme was affected, I just re-uploaded it. This was very easy, since I keep a backup on my computer.
- I installed the WordPress Firewall by seoegghead plugin. This plugin monitors my blogs activity for funny events, and prevents them from happening.
- Within a few hours, I received an email from the plugin notifying me that it had blocked an “WordPress-Specific SQL Injection Attack”. Also it told me that this attack was attempted through the URL “www.krizka.net/wp-content/themes/classic/comments.php”, which contained a very old theme that I haven’t used in a long time and never bothered to delete. Apparently it has a vulnerability that someone managed to exploit.
- I removed the classic theme.
This was a week ago, and this blog has not been hacked again.