I will pay more attention to WordPress, but many tips will be useful to people, running on other engines.

People often contact me with the question of cleaning a WordPress site and how to determine that the site has been hacked.. I will tell you what viruses are and how difficult it is to fight them..

Symptom one. google message “Maybe, this site has been hacked”

A very common story, when a client comes to the company, or addresses directly through the blog and says, that finding your site in the issuance of google, he stumbles upon the message “Maybe, this site has been hacked”.

This message appears, if google suspects, actually almost sure, that your site has been hacked. What to do and where to run in such cases? There are not many actions 5:

1. Clean the site from shells and various viruses, more on that later;
2. update wordpress and all plugins from older versions to the latest (better to do a manual update);
3. set up site protection, I'll talk about this a bit later too.;
4. check how good hosting is and transfer to a more reliable, I advise hosting ukraine as before;
5. verify, don't they lie viruses in the database;

Don't forget to make a backup before every action, and also after all 5 stages, make a backup too, in that case, if you failed to clean it the first time and need to look for more sophisticated methods of scanning the site.

If you cleaned everything, and the error "Maybe, this site has been hacked” remained

I would suggest going to Google Webmaster and requesting a site re-verification. Google Webmaster verification speed will depend on the degree of infection.

There are 2 severity of infection:

1. If you have been flooded with malicious code through which they gain access to the site, publish links ... In general, they break only you and harm only you.
2. If your site is hacked and trying to spam or break others.

In the first case Google employees don't even check the site, because the system can do it automatically (I had from 10 minutes to several hours).

In the second case in order to make sure that there are no threats from your site that could harm other sites, Google sends a special person who verifies the site. In the second case, the check may take 1-2 weeks.

I advise you not to delay cleaning the site, because the longer you delay, the worse your positions in search engines will be.

Symptom two. Virus redirects to another site

These viruses are all over the place.. You need to look for such viruses in the htaccess file at the root of the site, if not there, then you can search for the htaccess file in other folders of the site. You can also enumerate redirect functions that can be used in different programming languages. I would advise you to scan the site for backdoors, because you somehow introduced this code. start scan wordpress for viruses, clean, and change passwords.

Hidden redirect from Google or Yandex

A more complex virus with a redirect. Often a redirect is placed under a specific search engine, so it is less visible to the administrator, and here are the users, who come from search queries end up on a site of some nonsense, that they are trying to sell.

I came across a virus on a WordPress site that tried to determine roughly what the user needed by topic and substituted an affiliate program of one large resource for the request, which has a wide range of products.

Redirect from an iPhone or Android mobile device this is an even cooler hidden redirect, which redirects only mobile traffic. Fortunately, search engines see this well in their webmasters., but in any case, it is sometimes useful to access the site from any mobile device and see how it works.

Redirect from all links this is another one up to plain wooden, but a very harmful symptom. Primarily harmful to website promotion. This has happened before in the early days of the internet., when hackers broke a lot and then often didn’t really know what to do with hacked sites. The first thing that came to mind, just redirect all traffic to some affiliate program or try to sell goods, suddenly someone buys something. Their problem was, that traffic was not targeted and sales were extremely rare, of this, as an SEO specialist, I can assure you.

Substitution of Google and Yandex contextual advertising

It was hard to see such a virus, the client accidentally clicked on his ad and got to some left site. He was very surprised and asked me to remove all threats.

Virus symptoms seem complicated, but looking more closely, I saw, that the code there was simple. The hacker turned out to be a brilliant programmer. After removing the virus, I still had to find a bunch of encrypted code that was scattered over all the files on the site. Difficult, but it's all fixed.

Symptom three. The hosting complained that the site is constantly sending SPAM

Oh that spam, thrill he nerves people, but you can’t really expect a return for hackers from this type of advertising, since the audience is often not the target.

What problems arise with the constant infection of the site and spamming??

• Hosting has a headache with the load on the servers,
• sites subsidence in the issuance of search engines.

Everything is bad, but can be treated. Simple Methods, such as updating all plugins and WordPress will not help here, getting harder. There is nothing to apply plantain to the screen and wait for it to heal! :-). Use all the tips for detecting and neutralizing viruses, described in the first symptom. By the way, probably most of the hostings do not provide proper protection., infection can be through their services, and when infected, such hostings will swear at the owners (don't blame yourself!). We'll talk about hosting a little later..

By the way, when mass sending spam, you may simply see an error on the site 503, as the server goes down. I advise you to view, what the server writes in the logs and what file is being processed. By the way spam, who constantly comes to your site can also be the first call, that your site is poorly protected or the protection has not been updated for a long time.

Symptom three. Virus inserts code into every blog post

It's fun that way, for example, you insert an image or some media file into a new article in the admin panel, and with it the code is inserted, which in a hidden form substitutes an infected file. To remove such a virus, I had to go through those pieces of code that the virus inserted to find similar places in the code, use them to find all fragments of the virus in the database and delete it. All in all, cleaning was fun and provocative., all the employees sitting nearby learned a lot of new words.

How to protect a site from viruses with WordPress I do just that

1. Choose only reliable hosting with differentiation of rights between domains, so that by hacking one site on the hosting, the attacker could not get to the rest.
2. Close user logins like this, so they can't be found. Often all sorts of WordPress forum plugins, social networks, stores display them very well.
3. Use only proven plugins and themes, I would recommend downloading plugins and Topics from the official repository. You can also buy themes on well-known marketplaces that have code quality control. I usually use the marketplace if I buy evanto.
   If the topic is old and there is no way to get it from a reliable source, it's better not to use it and choose another. As an alternative, you can give the topic for cleaning to a specialist, but the price can be almost the same as buying a new one.
4. Bought hosting, created a website and set up complex passwords - this is the key to protection, from at least 90% break-ins. impressively, isn't it fair??
5. Put a captcha wherever there are forms. Login form, registration, password recovery, comments. So you can weed out some of the robots, who can crack passwords.
6. Block requests in the address bar, which can lead to errors.
7. Hide error output on the server.
8. Well hide the version of the engine and the engine itself, as much as possible.
9. From time to time make a manual copy of the site to external media.
10. Update all plugins in time after creating a database dump and file copy (and ate for a long time not updated, it's better to update version by version).

If a WordPress site is constantly infected with viruses means, missed a hole or backdoor

1. If the site has been infected, then just do manual system update.
2. Remove all inactive plugins and themes, all rubbish, where can viruses be.
3. Clean all found malicious codes.
4. Only when you clean everything, start protecting.

It is impossible to defend against all hacks, everything that was made by a person can be hacked by him, but good protection can delay such a break-in for years 100.

All types of viruses worsen the performance of the site in the search, and the owner may not even know about them, until a hacker just starts processing his site. In general, I really wish all hackers to find their niche, because people, who make such wonderful and cool code could do it for the benefit of others and themselves, do not make money on hacked sites, but to offer cool services that would bring them a steady income.

I can remove a virus from a WordPress site and set up protection

If it so happened that your site was infected and its performance was disrupted, then write to me and I will try to help you.

/* */