How to clean malware-infected WordPress sites

WordPress has some loopholes for hackers, In last month my blog was hacked by someone then injected a lot of urls in the database. The way this hacker is injected links is hard to find and compromised whole data to loss in serp rank. Google Webmaster tools helped me in finding the problem to correct the database.

I’ve searched a lot on the net to fix the database without using old database, but I haven’t made a backup after switching to new host,For this reason I have to loss few articles if I restore to the last backup. If I want to remove those of Malware urls are also hard because of compromised database, so the hacker will hack again, whatever the solution is remained to use the last backup that I made.

High volume Searches
High volume Searches

How does this Hacker hacks the Database?

According to my problem, I still don’t know how he accessed the database, but I believe hacked from my computer. Last month that is in January my PC got infected with Trojans and this may be this reason for getting the passwords.

When this hacker had entered into the file manager he applied some scripts directly in the root folder and then inserted some Malware codes in Index file and htaccess file too. My sites have been slowly loading whenever I am to trying to access the site, and thought server problem as it was new hosting for me. After a day or two days, Google had started to show in Firefox (  This site is harmful “Warning message” ) also checked in the Webmaster tools. At this stage removed the malicious code that affected to the files. The site went working properly.

After a month again started to slow loading sites, at this time too thought it shall be a server issue, but this hacker has been using those scripts that are existed from long ago in the server. Same happened this time too by displaying an alert in Firefox and checked whole things, but at Webmaster tools showed Sql injected links that contain malicious codes and these link doesn’t create any page, but pages exist. I had checked in those pages, but the pages are working showing the index page content.

Malware inserted links
Malware inserted links

In Webmaster tools I see numerous error pages that are created by the hacker and the page links exist in the database too, but without the Malware codes. This is showing weird thing that we cannot be able to find the code.

If you had the same problem just restore to the earlier backup database, and copy the remaining posts from new database. Copy tags and comments from the hacked database into the new database. Make sure everything copied neatly instead of correcting the hacked database because it is hard to do. If you are familiar, then do it with your own risk. Google too suggested restore to the backed up database.

Fake Search Queries
Fake Search Queries

My suggestion is changing WordPress password from time to time and remove the unwanted themes, Plugins. Update to the latest version of theme and WordPress.

Some Important clues when a hacker hacks the database or insert Malware codes to find out.

  1. Website loads very slowly
  2. Hard to browse site.
  3. Sometimes it become downtime.
  4. Chrome will recognize the Malware better than Firefox.
  5. Webmaster tools shows a lot of search queries that are used by the hacker in most cases.
  6. Drops in Google serp position.

Related posts:

suresh Author

Endla Suresh is a Professional Blogger and the Founder and CEO of EndlaSuresh.com. Follow him on Twitter , Google Plus and Facebook

Comments

    Kapil

    (May 4, 2014 - 12:45 pm)

    Thanks for this awesome post bro, very helpful. one of my blog is infected, i’ll have to clean it ASAP.

    suresh

    (May 4, 2014 - 12:47 pm)

    If you have any problems, don’t hesitate to ask me. I spent more time on fixing this wordpress blog, but learn’t a lot from injected Malware.

Leave a Reply

Your email address will not be published. Required fields are marked *