Skip to content
Jun 9 / kkrizka

Thoughts On Fixing a Hacked WordPress Blog

Over the past few months, this blog was being redirected to a website hosting malware. Every time I fixed the problem, it came back within the next few days. I tried several things, like updating to the lastest version of WordPress and changing all of my passwords, but none of them worked. But after reading an article on the I Was Hacked blog, I managed to solve it permanently. The article is very comprehensive, so I will not bother going into details. Instead I want to summarize the steps that I found helpful in solving my problem.

  1. The first step was to remove the links to malware from my blog. Since only my theme was affected, I just re-uploaded it. This was very easy, since I keep a backup on my computer.
  2. I installed the WordPress Firewall by seoegghead plugin. This plugin monitors my blogs activity for funny events, and prevents them from happening.
  3. Within a few hours, I received an email from the plugin notifying me that it had blocked an “WordPress-Specific SQL Injection Attack”. Also it told me that this attack was attempted through the URL “www.krizka.net/wp-content/themes/classic/comments.php”, which contained a very old theme that I haven’t used in a long time and never bothered to delete. Apparently it has a vulnerability that someone managed to exploit.
  4. I removed the classic theme.

This was a week ago, and this blog has not been hacked again.

Leave a comment