How to fix your WordPress site if it was hacked. If you have a WordPress site and you’ve noticed that it occassionally redirects to another website, you haven’t lost your mind. No, someone has hijacked your site and redirecting over to their own website. This video will walk you through the steps I took to identify where my site was hacked and how I was able to fix it. After you’ve removed the hack, make sure you change any passwords associated with your WordPress site (database included). If you have multiple authors for your site, you probably want to make sure they change their passwords as well.
For more tutorials and information on how to make money on the web, visit:
http://www.untetheredincome.com/
Site mentioned in this tutorial that had been hacked is:
http://www.headphonereviewhq.com/
Please subscribe to my channel and leave me some comments or feedback. If you have any requests for how-to’s or any other questions, please leave them and I’ll do what I can to answer all your questions.
This video helped me to fix my own hacked website. Thank you so much for sharing.
Thanks for the video, just some pointers and I know this is a long time ago you made this video, but please no background music when explaining something, because is hard to understand what you are saying.
so nice video,
https://goo.gl/KD2zz4
We help create websites. Contact us.
[~/www/ ]# grep -r base64_decode *
I just wanted to say thank you for your video. I read several potential solutions to this problem online and were not applicable. After watching this and decoding the base64 it was super obvious. Every line of that code in every PHP file must be removed. I had hundreds of them to delete. I wasn't able to use the find and terminal process you showed, but OSX preview made it really easy to see the infected pages.
i do not know why my website going to another website when i walk on my website please help me i am using worldpress latest versien and update all plugins
You're very welcome. It's a frustrating thing to have to deal with. I recommend now getting a plugin called BulletProof security to keep your site hack-free moving forward.
NEXT TIME ZOOM IN SO WE CAN ACTULLY SEE SOMETHING
Are you with Bluehost? If not, it might be that your host doesn't allow SSH or SFTP. What you can do, is you could download your code to your own computer, and then search the files in that folder you downloaded – I know what I showed in the video was doing it all remotely on the server, but you could accomplish the same thing. Bring it down locally, find the problem, fix it, and then re-upload the files.
thanks for the video …but i tried but my cpanel will only open in ftp it refuses sftp…when it opens in ftp since its the only site in m domain i finf=d it difficult to open tunnel session…by the way am using a window os 7
Bluehost. I'll try. Thx for the help 🙂
What host are you using? Do you have SSH or FTP access? One thing that I mentioned to Osagie below was you can download your entire site to a folder on your computer and then search the contents of the files for the encode function…once you've found it, remove the lines of code affected and then re-upload your files. I hope this helps.
Hello Osagie – what type of access do you have to your server? SSH? FTP? Probably an easier way of doing this would be to download your site to a folder on your computer, and then search the contents of your files for the encode function I mentioned in the video.
Got accees to everything buy i'm not being able to decode 🙁 i'm noob at this 🙁
pls my site was hacked and also redirecting me to some other sites, and i could not make use of this your video…. pls i need any other simpler way of doing it thankssss… dj osas
Hi Andrea – I seriously apologize – I didn't see this comment until just now. I'm hoping you got this resolved…if not, let me know and I'll see if I can help. The reason you probably didn't have Putty enabled is you likely didn't have it installed. Chances are you needed to download it first – you are on a Windows machine and my video was shown from my Mac – putty is typically needed for doing SSH access (terminal window to the server) on a windows machine.
Hi Lydie – thanks for the suggestion – I plan on doing some more videos in the near future and I will definitely kill the background music. Also, I think it's a permissions thing along with a theme I had installed that was using the Tim Thumb plugin for resizing images – that thing hacked sites all to bits because of one little thing they missed in the coding.
Hey man, I just emailed you with some help. You might want to remove your email from the comment so you don't get spammed to death!
My Site have been hacked
and i don't have SFTP access
i can i resolve the problem need help quick please
Email: patelviraj2@yahoo.com
Heh,. great video, idem for the music maybe fadeout after intro… 🙂
I wonder could permissions be an issue on that settings file.
Thanks!
Allen, great video. However, when I open the connection via SHH (SFTP) it shows the open in PUTTY option greyd out (you call it in your video open a terminal session) in the new version of cyberduck it is called open in PuTTy. This is not enabled in my session, this maybe due to not have generated a private key? is it necessary? How do I do it?
You're very welcome.
You the man…thank you very much. I solved my problem!
Yeah, I'm going to have to redo the video – I'll do it without the music next time…and the corny intro! 🙂
You would actually have to purchase the "mistyped" domain name as well..
If this is too complicated, you can always back up your site using something like the BackWPup plugin, and then just reinstall wordpress and then import that data. This is something that takes a bit of time and knowledge too, but it's easier than actually going through files and removing code.
Yes, it's not the easiest thing to do, but have you tried yet?
@untetheredincome
Yes, the music is very distracted…for next video either turn it off or down
@TheSveamerikan Fair enough! I do appreciate the feedback – honestly, I spent too much time trying to put music over it hoping it would take away from the monotony of clicking around on a screen. I'm curious if others feel the same way.
Thanks for the video, but the background music makes it VERY DIFFICULT TO HEAR. Very distracting. Ditch the corny music. Please.
That actually doesn't sound like it's malware. If you installed a child theme and your site stopped working, it might have invalid PHP (usually a missing closing tag or something along those lines). Have you tried using another theme just to see if it works? Hope this will help point you in the right direction – it really doesn't sound like a hack. If this only started happening with the child theme, that's where I'd start.
I did the Suciri and it is fine. The problem is that I have a child theme and when I preview it nothing shows, when I activates it, it logs the comp. Is there a way that I can scan a single file for malware or something? My site is ok, well right now, it is in error mode. I have to delete the child theme from my host. I was thinking to go through it while in error mode….
@ohappydeals What's your website address? – I'll do a virus check on it too and see if I can help you out a bit.
@ohappydeals If you're not familiar with PHP code, the easiest way to tell is by just looking for a bunch of random text. For instance, in most PHP code, you'll see "mostly" english words or at least readable words – they may not make sense to you, but at least they'll be words. However, if you see a large chunk of random text, then that is a good place to start. However, I recommend running your site through sitecheck.sucuri.net first and it might point you straight to the problem.
Alan, thanks for the video! My site has been hacked and I am ready to pull out my hair. Good thing I found your videos. Ok, I am very green with this. The codes that you are talking about to plug into the 'duck' in Bluehost, that is the thing that baffles me. How will I know what is what? I don't believe my site has been redirected, I tried to view my child theme and the screen was just white….so…please help!