Cleanup a wordpress site after it was attacked/hacked and blacklisted

Something that anyone can expect anytime. Its a very bad situation and It happens to best of us.

Yes our site gets hacked!

Ok, its a reality. And now you should go through all this mess and get back your site back online. At the end there is a surprise!

70% of the recovered sites still manages to keep the loopholes open for the same attacker to get through again and again.

Its a very hard thing to find the problem in first place. It can take a lot of troubleshooting with the existing plugins on the site to identify the problem.

The important thing that we should all consider is to minimize the use of plugins on the site. The more plugins you use means there can be more ways to get into the site as well.

And the more common plugins/themes are also the favorites of attackers, that is because, if they where able to find a vulnerability with any of those plugins, they can probably get into many of the site which use those plugins and themes.

And try use a theme that is not so common and is build by a professional.

Below are some measures to do in first place if there was an attack.

1) Install the Wordfence plugin
:: This is a super fence for your site. It is a great plugin with lot of options. Free version is lot enough.

wordpress_wordfence

2) Check all the plugins used on the site for any issue reports on web
:: Important, as this will let you know regarding any known problems with any of your plugins used.

3) Upgrade WP and all plugins to its latest version available.
:: Always important! and critical.

4) Check all the server for any other files other than that of wordpress.
:: Always important, this happens most of the times.

5) Check all files for any code like mkdir or upload or something related.
:: Always important, this happens most of the times and is a key to create new files and folders on server.

6) Change the FTP passwords
:: For an additional safety.

7) Change all the site related passwords
:: As an additional safety measure.

8) Change the file permissions of those header/footer etc to read only.
:: As an additional safety measure.

9) Change your admin-panel url
:: As an additional safety measure.

Thats it!

Believe me, It worked for me! Not just once but many, many times!