Hacked site on wordpress, how to find and close holes?

Evgeny Belous2020-07-07 22:38:23

Burglary protection

Evgeny Belous, 2020-07-07 22:38:23

Managed a WordPress blog.
Not so long ago there was a hack, a folder with articles of a "different nature" was loaded into the root of the site,
and some files of the site were also changed. The folders were scattered with .htaccess files that blocked CSS, JS, JQUERY. And the admin panel looked like a list of products to buy. I cleaned all the files, deleted .htaccess, restored the site. Changed all passwords, for all users, from hosting and from FTP.
But every couple of days, .htaccess files reappear in the root of the site, which also break the admin panel, and the folder with articles. The conclusion is obvious that the site has a backdoor, How can you find it and close it forever.
I would be very grateful for the help of
Junior Web Dev

Answer the question

In order to leave comments, you need to log in

7 answer(s)

Orkhan Hasanli, 2020-07-07
@azerphoenix

Install the Wordfence plugin and crawl your site
If you have zeroed premium plugins, then look for the problem there
Scan your site. You have already been told what you can use - https://revisium.com/ai/#download

Dim Boy, 2020-07-07
@twix007

https://revision.com/ai/#download

polozatka, 2020-07-07
@polozatka

Download wordpress of the same version and replace all core files. It happened to me a couple of days ago, I found an archive with a Trojan. You can also supply succuri. This is a plugin that will show suspicious files

Vitaly Karasik, 2020-07-08
@vitaly_il1

I will add:
- remove unnecessary, old and unreliable plugins
- update WP and plugins to the latest stable version and do it regularly
- file permissions
- One of Wordfence, succuri, etc.
See https://www.wpbeginner.com/wordpress-security/ for details

CityCat4, 2020-07-08
@CityCat4

Take it to the uyam and restore from the backup on the day when there was no hacking yet. Or demolish it and install it again (completely from scratch, without taking anything from the old site! ) - if as always. And make backups. And of
course, do what Vitaly Karasik advises .

Yaroslav Alexandrov, 2020-07-08
@alexyarik

there is a backdoor on the site

The easiest steps you can take:
How to remove a virus on a Wordpress site?
The most effective way to restore the site is the "Mix" method, a new clean WordPress is raised on the subdomain and the content is transferred to it by export via CSV, the template is rebuilt from scratch if it is left, plugins are minimal. At the same time, an anti-virus service must be connected to the hosting in order to determine in time at what stage the problem will pop up (if it remains). Then replace the main site.
P.S. My advice to you. I struggled with my WordPress site for three years, which I did not do, but it still broke. As a result, as a shoemaker without shoes, I came to the conclusion that saving on the management system comes out as a loss in SEO investment and SEO traffic, an excessive waste of my time dealing with the consequences.
As a result, I transferred the site to the commercial Bitrix system and since then I have never been broken. A website is a tool, any tool must be of high quality.

Alena Selezneva, 2021-01-30
@Alenkaaa

A similar situation happened to me the other day, I added a separate question with all the details and screenshots. I would be grateful for any good advice.