How to Fix a Hacked and Defaced WordPress Website

With millions of WordPress  website owners, this content management system is very attractive to hackers and they are eager to find ways to compromise the vulnerability of WordPress and weak security of hosting providers.

If your WordPress site was recently defaced, I’m sure you’ve ask yourself why these hackers do such acts. The reason why hackers are doing it is either for fun or for profit. Some group of hackers simply wants to make known of their footprints and indicate that they are capable of breaching a server’s security settings. While other group of hackers may be doing it for profit by injecting pharma spam and product links.

If your WordPress site is a victim of defacement, it may look creepy as hackers may change your homepage to a scary page they configured. Other defacement will have the country flag of the hackers and some will just have annoying statements.

While it looks like your WordPress site is doomed because it was defaced, most of the time it is not difficult to restore because the hackers will only make a few changes to your WordPress core and theme files.

A lot of clients come up to me every month and ask me to fix their hacked and defaced WordPress site.

I’m going to show you how I fixed one of my client’s actual defaced WordPress website.  If you want to know how I fix a hacked and defaced WordPress site, here’s how I do it.

A client’s WordPress site was recently defaced by DarkDays hackers. You can see below the defaced home page replaced by the hacker’s page.

defaced wordpress site

 

While checking the website files, I see that the hackers had placed an index.html file in the WordPress root folder. Hackers usually inject an index.html file or modify the WordPress index.php file.

The next step is to search for other injected or modified pages by the hackers. I use my own php search script to find instances of the hacker’s defaced files. In this case I use the term “DarkDays” to search for any modified pages.

The search result shows that the theme files were modified by the hackers. The theme’s header.php, index.php, and footer.php files were overwritten. Looking at the actual files, reveal that the hackers indeed made changes to these WordPress theme files.

To fix this, I replaced the affected files with a fresh copy from the wordpress.org theme repository. In this case the client was using a very old version of the customizr wordpress theme.

How to Prevent WordPress Website Defacements

WordPress sites that are hacked and defaced are usually those that are not maintained. Old versions of wordpress install and outdated plugins with vulnerabilities are the usual victim of defacement. To prevent hackers from defacing your WordPress sites you must update WordPress and plugins whenever there are new versions.

I always recommend that WordPress are manually updated because automatic updates will not remove the left over files from old versions that may be vulnerable and can be exploited by hackers.

Final Thoughts

WordPress website hacking and defacement can be prevented by choosing a secure web hosting provider and by always updating your WordPress website to the latest versions.

You need to avoid using using nulled or pirated premium themes and plugins because they contain malware and backdoor files. It is recommended that you only get these themes and plugins from the original developer’s download site to make sure that you are getting the legit files and you can easily update whenever new versions are released.

wordpress malware removal service main banner

2 thoughts on “How to Fix a Hacked and Defaced WordPress Website”

Leave a Comment