Getting your WordPress site hacked is something that I can almost guarantee you will happen at least once in your online career. It is no different to having a windows machine, WordPress is so common now that hackers target WordPress sites. It may not happen now, but your website will get infected by malware and need to be cleaned. The problem I have found is, once a site gets infected or hacked, even when you clean it up, it seems to keep getting infected over and over. They must install a backdoor of some kind to keep letting them in. So I want to show you how I deal with an infected WordPress site and how I deal with it. Below you will see a video on how to do it as well. This was on Youtube but for some reason they flagged it as malicious or misleading content and took it down and issued me a strike. I can’t get it. So instead I added it to my Vimeo account and posted it here.
I know some of you don’t like video and prefer to read so here you go. If you need to, you can download a PDF of this below.
Be careful of shared hosting
So it is important to caveat this by saying, if you are using simple shared hosting, this may not work for you. The problem with using shared hosting is once one site gets infected, all the others get infected as well. Instead, I use Reseller hosting. Reseller hosting allows you to set up individual CPanel accounts for every website you create. In fact I even use it to create sub domains. This segregates and separates sites from each other. You can also most likely do this with a managed VPS. Just look for something that has both CPanel and WHM. The reseller program I use starts at $17.95 a month so maybe about $10 more a month compared to the shared hosting plan you have. And yes, even if you got the $2.99 a month special, after the first year they normally raise the monthly charge to upwards of $7.95 to $12.95 a month. This tutorial will assume you are using a reseller program.
Procedures for a Clean WordPress Website
WordPress allows you to export your content with having to export all the code. If you go into your Tools > Export…
The following page will come up.
From here I always export each items individually. So if your theme has more options and you are using them, make sure you export those. I don’t use Projects often but I make sure I export Posts, Pages, Layouts and Media. This will export everything as an XML. The content will be there but none of the malware. If your theme allows you to export settings, go ahead and export those as well. I use Divi a lot of times and I can export the settings via JSON files. Again, it doesn’t export the malware.
Time to set up a test site
This is where your Reseller account comes in handy. By going into WHM, you can set up a completely separate subdomain. It might be like something repair.thisdomain.com . I then go into its very own cpanel and go through my website process. This includes installing Let’s Encrypt SSL (this is included in my reseller account) and then installing WordPress via Softaculous. I then add in the theme (Divi in this case) as well as plugins. After that I upload the JSON so the settings match. You may require you to add in the Logo and Favicon. After you are ready, go into Tools>Import and import all those XML files. There could be anywhere between 3 -8 different files. Set up your Menu’s and and set your home page and your site should be cloned. Your content should look the same, your posts should be there and your pages as well.
Blow out the Live Site
Now this will mean your site is down for the short period of time this takes you to do it, but go into your cpanel, and completely erase the existing site. Remove WordPress, remove the database and if you are worried, you can even terminate it in WHM and set up a new CPanel. If you are using Softaculous, just go in and X it out. Once it is done, go ahead and install WordPress again. Now here is the easy part. Whether you use BackUpBuddy, WP Clone, All in One Migrate, go ahead and migrate the test site to the main site. While it hasn’t been updated in a couple years but WP Clone works great for me but I also have BackupBuddy. On customer sites that are quite small, the cloning over takes less than 10 minutes. I have done a BackupBuddy tutorial below:
Because you have a fresh install, your site no longer has the malware installed. Your content is all the same, your permalinks are all the same, and at this point you can request Google remove your hacked site penalty. Any time I do this I find the hacking and malware disappears. In my limited experience have found using Fantastico or Simple Installer leaves something there that can be exploited. Your best bet is to do a manual install but I have not had issues with Softaculous. The two sites that have been hacked (one of mine and a customer) were set up with Fantastico and Simple Scripts. After you have done this, make sure you install something like a security suite. I recommend iThemes Security Suite Pro.
This does not discount using something like Sucuri to clean your site but I just feel more comfortable blowing out the site. Let me know what you think. Would this work for you or do you have a different process.