Your website is the key to your successful business. A WordPress admin hack can seriously jeopardize this. It is a threat to your business and also your reputation. If you are not alert, a WordPress admin hack is fairly easier for a hacker. Hence, necessary measures must be taken. A hacker can launch various other types of attacks once they hack your WP admin panel. Most often these attacks include — redirection malware, phishing attacks, Japanese keyword hack, planting WordPress Backdoor etc. In this article we’ll learn how to detect and fix a WordPress admin hack quickly.
Signs of WordPress Admin Hack
Here are some tell-tale symptoms of this hack:
- The website becomes sluggish.
- Unknown WordPress security plugins installed.
- Multiple fake WordPress admin users added to your website.
- Web pages with Japanese text are added to your website.
- Unknown files will be found in the /public_html/wp-admin or /public_html
- Google has blacklisted your website for spam pages.
- Different UI is loading on your WordPress admin page. You will either see a blank or a grey/black screen instead of the login page.
- WP backend credentials have been changed.
Ways to Remove WordPress Admin Malware
WordPress Admin Hack needs to be done away with. Let us see some of the ways.
1. Check for malicious files
Check the /wp-admin folder or the root of the server. You should look for the files that were not created by you. For example:
In case you find these, delete these files after taking a back up of your website.
2. Track unknown WP-Admins
You will find multiple admins as a result of the WordPress admin hack. Check for any new admin users that may have been added. If you do not recognize the accounts then delete them from the User page of your WP admin panel.
These fake users are also used as a backdoor, whose credentials lie with the hacker. Often, these users are added via a script. You need to track down the WordPress backdoor script to your website which is adding the admin users and delete the code so that it cannot further harm the website.
3. Run a malware Scan
A malware scan is necessary for your website to remain secure. You need to run the ‘Virus Scanner’ option in the cPanel/ web-hosting dashboard. It helps in identifying the malicious files in the server. This would also verify and delete the flagged files. You can also use website malware scanners such as that of Astra Security.
4. Check important core files
wp-admin/index.php or index.php should be checked for any kind of modification. <?php @require(’wp-admin/83935’); code is frequently added on top of the index.php file in case of a WordPress admin hack. This contains malicious code and every time WordPress would run, it would be executed. Other malware infections can also be generated by this code. The @require code can be removed simply. the contents of the core WordPress files can be found in their GitHub Repository.
5. Check the ‘Uploads’ directory
The ‘uploads’ directory may contain php files that should be deleted. A hacker may be in a position to upload malicious php files as a result of plugin vulnerabilities. The executable files may contain the following extensions:
If you find files with these extensions then you should delete them.
Note: Be very sure before deleting any files, it may also break your site if done wrong.
How to prevent WordPress Admin Hack?
1. Regular Backup
The database and all the files on the server are archived by using backup. You can initiate automatic backups to keep them archived. Using an external server is intelligent to create a backup. This helps in data retrieval in case of a hack.
2. Disable File Editing
In the WP dashboard, you can disable file editing. Alternatively, you can do it with the configuration file — wp-config.php. Just append the following two lines to disable file editing:
- ##Disable Editing in Dashboard
- define (’DISALLOW_FILE_EDIT’, true);
3. Install a Web Application Firewall (WAF)
Although the WordPress plugins are aimed towards keeping your website safe from the known WordPress hacks, new threats keep on being a trouble. To counter this problem, you can use a web application firewall such as Astra to keep your website safe and secure.
4. Update secure file and folder permission
Specify correct file permissions to your WP files. WordPress Codex general guidelines state the following file permissions:
Source: Astra Security
Further, these permissions must be reviewed on the server from time to time.
5. Specify user roles
Hackers may intend to create fake user accounts and manipulate your website’s code to get a privileged role such as an administrator’s. You should follow the Principle of Least Privilege in assigning roles to these users. Remember not everybody needs permission to do everything on the website.
Your website is vulnerable to WordPress admin hack and other hacks if you’re not proactive with your website’s security. We have discussed here the symptoms, remediation and prevention for WordPress admin hack. So, just being a bit aware of what is going on in your website will keep hackers away. This will not jeopardize your reputation and accordingly, your business will flourish.