It’s so good to be back. I know there wasn’t a break that I was enjoying but as the life was giving me a ride I was not blogging as much as I should. So much so for my ignorance that it went unnoticed at first that my blog website was hacked. Being festive season, I was quite occupied with the festive fanfare that the notifications regarding unauthorised users went unnoticed. But as the few stories demanded attention and I strolled back to my virtual home to share them with you, what I found devastated me.
Here’s what I found:
The glimpse confused me. I thought it might be the network issue and hence the site wasn’t loading properly. I decided to check back later. But the problem persisted even after a few hours. Worried I asked around for my friends to check up on the website, but they reported the same issue. So it was definitely not a network related problem. I contacted my Host Provider to know if there was something at their end. And by the time they reverted, hell has already broken loose at my end.
Meanwhile waiting for the reply from the support team of my host provider, I decided to try logging in. But all I met was a failure. I tried once or twice and all I got was the redirection to a garbage address like this –
The reply from the support team said the site was hacked but their revert was only a formal confirmation. Until then I had already gone through numerous link over the internet and all pointed towards only one possibility – HACKED!
My panic mode was on, I had a train to catch in the next few hours and it felt like my baby had been kidnapped. I posted about the trouble in my blogging support groups and the response was definitely overwhelming. Everyone who could come to my rescue offered me advice about what to do next. I also got to know that many others were affected too.
The most obvious step to take was to ask help from the host providers or the websites which offered website cleaning after such havoc. However, the charges for this were beyond something that I could incur. And I believe there are many people like me. Moreover, my website being a personal blog spending something such huge amount made little sense ( though many might disagree). I was starting to get depressing ideas about losing my 5 years worth of content and hard work behind building this blog. In short, I felt torn. Heart said something and mind suggested logic.
This was when I remembered that my host provider had provided me with the access to C-panel of my website. Being a techie until last year, I confess, I had no idea what it was and how it worked. I had never ever logged into it except once when it was customary to change the password. So I searched for the credentials and logged into it and looked at it blankly for good 10 minutes not understanding what and where to begin.
But first, what is C-Panel?
According to Wikipedia, C-Panel is an online Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a website to the website owner or the “end user”.
In short, it is how you can a website is managed from behind the scenes.
By now, I had gathered some information from online guides, some friends of friends, some years of technical knowledge about what should be done. So here, I share the steps with you which helped me restore and reclaim my website. Also, the following steps are based on assumptions that you’re unable to login to your website and access your database. Moreover that your host uses Cpanel and phpMyAdmin.
Disclaimer: Follow these steps very cautiously as there is database involved and might disturb important settings of your website. Also, keep a track of changes you are making for reversal if required.
First of all, make sure you have access to your Cpanel. Log in with your credentials.
Delete the unauthorised registered users from the Database
After logging in to your website’s control panel, go to Databases and select phpMyAdmin
You will be redirected to another page with your database access. Select the Database name, not the schema.
The left panel will list all tables of your website’s database. Find the table with the name similar to _users. Look for the users that are not authorised and delete them. Do note the user_id against the deleted users. (Your default user id should be 0)
Now go to table and delete the rows which show the user id of the above-deleted users.
Change your password
How obvious it may sound, but it is important to change your password. But since you are redirected from the login page itself, changing the password there makes no sense. It is important that it is changed from the backend itself.
In the same table _users, click on edit corresponding to your username.
Choose md5 in the column next to user_pass and enter the new password in the blank box next to it.
Delete the faulty or corrupt plugin (or the source of breach)
In your website’s control panel, go to Files and select File Manager
You will now get a screen that will show you all the folders related to your website. Look for a folder public_html > wp-content > plugins. This will list all the folders of the plugins installed on your website.
Last step to reclaim the website, changing site URL
For my website, apart from the login, even the homepage was getting redirected to various different URLs. Hence, while inspecting the database I found a particular field which held the garbage address instead of my homepage. To check this go to table _options. Here the first row will be siteurl. Check what’s the address there and change it to whatever your homepage URL is.
It should be the address that you have put here in SiteUrl option in your WordPress > Settings > General
Now check and refresh your homepage URL in your browser to see if your site is loading correctly and also check if you can log in. If now you are able to access your dashboard, Congratulations! You have successfully reclaimed your website. Follow the suggestions post celebration of website restoration.
Check Additional Settings
Now, since you are able to access your dashboard, Go to Settings > General.
Across Membership, Uncheck the box against Anyone can register.
Across New user default role, change it to subscriber to prevent further infiltration.
Install plugin for malware scan
Add plugins to your website that can scan your website regularly for any malware or unauthorised logins. If you have a commercial website, it is recommended to have premium services.
Though these steps helped me, I do not take any guarantee if you will or will not be benefitted from it. Hope this information helps.