Quick tips for cleaning up a hacked site

One of the least fun things is to clean up hacked WordPress sites. Much of these points goes without saying but after recovering don’t forget to do this:

1. Change password for FTP-account

Beware the big lists of passwords is circulating the Internet. A quick check at Pwned can reveal this. Don’t think you are smarter and it can be brute forced!

2. Change username for your FTP-account

Don’t use the same username as your domain, make this much harder to guess and brute force the password.

3. Keep an eye on index.php and .htaccess

The most common hack nowadays seems to be to alter the index.php or .htaccess. The site owner or visitor does not see anything special, but the Google bot does.

Keeping an eye on changes on index.php or .htaccess can give you a quick alert if anything suddenly changes.

// https://mydomin.com/secret/md5.php

echo md5_file('index.php') . '-' . md5_file('.htaccess');

Then put a free site monitor to check for the output of this script. If the keyword changes you know something fishy has happened immediately.

4. Keep an eye on Google Index now and then

Add Google Webmaster Tools and keep an eye on how many index pages your site has. A sudden rise of pages indicates that your site is hacked. For sure.

Tip: clean up an hacked site

Do a free text search for these functions. Even the hackers get better and better at obfuscating this is usually the functions involved: