Category Archives: wordpress

Hacked WordPress Account: What To Do

Useful resources to read:

http://codex.wordpress.org/FAQ_My_site_was_hacked

http://blog.sucuri.net/2012/07/website-malware-removal-wordpress-tips-tricks.html

http://pengbos.com/blog/removing-malware-from-a-wordpress-site

http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

http://www.quora.com/How-to-remove-Malware-from-WordPress

http://webenso.com/wordpress-site-hacked-malware-removal/

http://www.gavinwray.com/2013/01/24/ive-been-hacked/

http://blog.sucuri.net/2010/04/conditional-redirects-or-the-htaccess-malware.html

http://www.wpsite.net/how-to-remove-this-site-may-be-compromised-warning/

Useful scans:

http://safeweb.norton.com/

https://www.virustotal.com/en/#url

http://sitecheck.sucuri.net/scanner/

Google Diagnostics page (user can find certain information of the malware by replacing example.com in the following URL with your own site’s URL: www.google.com/safebrowsing/diagnostic?site=example.com. this information is quite general)

http://www.unmaskparasites.com/

Plugins:

http://wordpress.org/extend/plugins/gotmls/ (Anti-Malware (Get Off Malicious Scripts) – absolutely useful to remove malware!

http://wordpress.org/extend/plugins/websitedefender-wordpress-security/ (WebsiteDefender WordPress Security)

http://wordpress.org/extend/plugins/wordfence/ (Wordfence Security)

http://wordpress.org/extend/plugins/bulletproof-security/ (BulletProof Security)

How to install WordPress

  • download the wordpress zip file from http://wordpress.org/download/
  • unzip it to a folder
  • connect to your website through FTP (use FileZilla; note 1 : host=domain without www, before propagation it’s just the IP address provided by the hosting provider; note 2: FTP account needs to be created – with a different username if you use web4web and username is username@siteurl.com)
  • upload the files in the folder (and the files only, not the folder) to public.html, through FTP
  • now, follow instructions at http://codex.wordpress.org/Installing_WordPress, which basically are:
  1. create database (in DirectAdmin)
  2. create username of the database (in DirectAdmin – keep the random password generated by DirectAdmin or choose another one)
  3. if you are hosted by web4web: associate the access host following instructions at http://www.web4web.it/kb/entry/60/come-faccio-a-cambiare-le-impostazioni-di-connessione-database-per-poter-usufruire-dei-nuovi-server.html
  4. rename (in FTP) config-sample.php to config.php
  5. add the required data to config.php (database name, database user, etc)
  6. add secret keys to config.php
  7. launch install script (loading this url: http://example.com/wp-admin/install.php)
    create htaccess file: in WP control panel, go to settings/permalinks/postname/save (if you want the postname)
  8. for some hosting providers: delete index.html (through FTP), otherwise the homepage will keep showing the default message for new websites created by the hosting provider