Last Updated: 13th August, 2022
Try imagining, one fine sunny morning, you wake up to discover the vibe of your website all deformed and sabotaged. You’re a website defacement victim. First, let’s understand exactly what it is you are dealing with before reaching any conclusions. And after that we will move to the issue “How to remove Defacement from WordPress Website?”
Table Of Contents
- 1: What’s The Defacement Of The Website?
- 2: How To Remove Defacement From WordPress Website?
- 3: Getting Ready For A Better Secure Future
What’s The Defacement Of The Website?
Website defacement is a website attack that changes a website’s visual appearance or content. It’s a form of virtual vandalism.
Websites are being defaced often by political or religious communities and those who want to create their presence felt. Hackers may likewise deface a website only for the sake of crude fun.
A few hackers additionally deface a website to create a backdoor or vulnerability to observe since defacement attacks are effectively visible and are immediately followed up on. However, such attacks have serious implications for site owners as well.
How Does The Defacement Of Your Website Impact Your Business?
Defacement of your website would cause your users to lose confidence in your brand. Further, these attacks could repulse visitors by culpable them. This might result in the loss of traffic and revenue, undoubtedly.
At the point when your site is defaced, clients/users see and report it. Google is going to take very serious action on these reports and blacklists your website after crawling it. Your site, at that point, winds up with huge red signs, “This site is potentially unsafe” or “This site might be hacked“. This could demonstrate to be awful for e-commerce websites as the potential clients are lost permanently.
How Often Websites Of WordPress Are Defaced?
Defacing a website is very simple and therefore does not require a high level of technical expertise. Annually, more than 10 percent of hacked sites make up defaced websites.
More than 1,500,000 WordPress websites were defaced in February 2017. Hackers abused a critical vulnerability well into the privilege injection that allowed unauthorized users to modify the content of the website. This large-scale defacement led to SEO poisoning as well as Google blacklisted websites.
How To Remove Defacement From WordPress Website?
Being a website owner, you would be under a great deal of pressure to look at your defaced website and blowing your brains out searching for an answer with a solution. The initial step to secure your site is Cool Down Yourself! I know it’s difficult and hilarious, but no other option you have, so follow to the advice.
You are not the first to encounter this and you won’t be the last yet you can stay refrain from this trauma later on and regain whatever is lost. How about we perceive how!
Eliminating The Defacement Page
Sometimes removing a defacement of a page can be as easy as removing the files or posts that are defaming. Many times, files or content is overwritten by attackers. In the event that a significant file is overwritten from the plugin files or CMS core files at that point removing them isn’t an alternative. Rather, they must be replaced by the originals.
Restoration is simple if you take regular backups of your codes. In the event that, restoration isn’t an alternative it is advised that you counsel any expert before deletion of any page or contents.
Scan For Infected Text
Most defacers append their own text and end up leaving their name (individual or association) as a show-off as well. This can be utilized to scan the infected files. For instance, if a defaced page displays a “hacked by” text, simply go to the root index directory of the website through cPanel and run the accompanying command:
grep –ril “hacked by”
This command returns a list of files with that the “hacked by” keyword. When you have the list of infected files, the codes can be analyzed and the infection can be removed.
Recently Modified Files Inspection
The hack might include new or recently modified files. By seeing whether there were any changes being made in them, you can identify hacked files.
You could still list all files modified by navigating to the directory where your WordPress website is and then using the find command if you have SSH access to your server:
find ./ -mtime -15 -ls
The above-mentioned command lists (-ls) all of the files in the last fifteen days (-15) which have the modified time (.mtime).
Plugins, logs, and debug files recently updated might also appear in your list. Analyzing before attempting to make any changes is vital.
Removing The Hidden Backdoor
Almost always, hackers leave behind a backdoor. Identifying and removing all such backdoor are therefore too vital. In order to have access, backdoor typically includes the following functions for PHP:
- stripslashes
- str_rot13
- gzuncompress
- assert
- exec
- system
- eval
- base64
Plugins may also use these functions legitimately, so just be sure to test any changes because by removing benign functions you can break your website.
Scan Your WordPress Installation For Possible Infection
Until the cleaning is done, take a quick scan to look for possible infections and malware left by the hackers. The scan works to help figure out the backdoor and vulnerabilities left behind by the hackers.
Many free options are available, such as Google Scan, but they run a basic surface scan and does not provide a comprehensive report. A thorough, in-depth scan that provides WordPress hardening, removal of malware, vulnerability assessment, blacklist monitoring, etc., such as Sucuri Malware Scanner, is highly recommended.
Getting Ready For A Better Secure Future
Follow the steps when the hack is removed to ensure that the hackers do not have another chance to tamper with your website.
- Reset access for all. One of the very first steps you have to do when you identify a hack is to lock things down so that you can minimize any further modifications. Then you can do this by forcing all users, especially administrators, to reset global passwords.
- Impose web application firewall (WAF) to block malicious traffic from reaching your website.
- Keep up to date your core of WordPress. To keep WordPress safe, WordPress has an expert security team working day and night.
- Define the keys in the config file. The keys enhance the data encryption provided by users on your website.
- Filter the extensions of your website. Only use essential plugins and constantly update them. More that the number of extensions, more probable scammer gateways.
- Delete unused/rarely used files including such old installations of WordPress, unused plugins for WordPress, etc.
- Update the passwords. Use passwords that really are strong.
- Backup your code on a regular basis.
- Scan the local hosting environment and your computer.
- To keep track of all that is happening on your WordPress website, install a WordPress Security Audit Log Plugin.
We strongly recommend everyone to follow and implement the absolute necessary steps from our The Ultimate WordPress Security Guide article with other important related articles, in our Security Category.
