מאגר מידע

Steps to cleaning your account if you`ve been hacked.

Has your site been hacked or tampered with?  Here are the steps to getting your site cleaned up, and back online.

Why were you hacked?

This is a good question, and one that needs some serious thought before you begin cleaning your account.  Sites can be hacked for a number of reasons, but we'll touch on the most common reasons here so you can address them.

1.) Login and Password that aren't strong enough.  

Admin and Pass are NEVER strong passwords.  Never use passwords that someone can guess.  Always use passwords that are strong, include special characters and numbers.  If you need help with generating a password, we recommend using this password generator: https://identitysafe.norton.com/password-generator

2.) Old and outdated sites.

Please be sure to always keep your sites updated, especialliy if you are using Wordpress.  You'll want to be sure to drop into your admin area and update any time a new version is out.  By using the latest software, you can be sure any security holes are patched.

3.) Poorly written or outdated Wordpress plugins or themes.

THIS IS THE SINGLE BIGGEST PROBLEM WITH SITES THAT HAVE BEEN HACKED RECENTLY

Please read this carefully as we can't stress this enough.  Plugins and themes have been the single biggest problem for users accounts.  NEVER use a plugin or theme that is written by 'fly by night' plugin creators.  Usually these plugins are made to 'just work' and they are written so poorly that they can be exploited by a hacker within a few seconds.

NEVER use a plugin or theme that doesn't receive normal updates.  
NEVER use a plugin or theme that the vendor is no longer available for support.  
NEVER use a plugin or theme that you don't know specifically what it's purpose is.

Plugins and themes have direct access to your site's coding, and if they are exploited, hackers can travel through your entire cPanel account and do what they please with it.  



What to do if you have been hacked?

In most cases, you can clean your account, remove any malicious files, and secure your site by running through these steps.  However, if your account has been extremely hacked and the hackers have had a long time to do what they please with your account, then it may be impossible to remove all 'backdoor' scripts in your account and the only course of action is to completely delete your hosting account.

To attempt to clean your account, the following steps have to be done to ALL sites within your ENTIRE cPanel:

1.) Update Wordpress software to the latest version.

2.) Update all plugins, and remove any that you are not using. REMOVE all plugins that meet critera above in 'why were you hacked'

3.) Update ALL themes, and remove any that you are not using. REMOVE all themes that meet critera above in 'why were you hacked'

4.) Change your Wordpress Admin login to a strong, secure password.

5.) Install Wordfence plugin from the Wordpress plugin repository and run a FULL scan of site, plugins and themes.


To run a full scan within Wordfence, go to Wordfence -> Options -> Scans to Include and select the following:

-Scan theme files against repository versions for changes
-Scan plugin files against repository versions for changes
-Scan files outside your WordPress installation
-Scan image files as if they were executable

Please see this pic for a visual:



As always, if you have any questions please feel free to contact support and we'll do our best to help: http://insty.me/help

Unfortunately, we can't provide site-cleaning services and can't run these steps on your behalf, but we can try to assist if you run into any problems.  

If at any point we determine that your account is a safety issue for our customers and/or servers, we may have to immediately suspend and or remove your account from our servers per our terms of service.  



  • 6 משתמשים שמצאו מאמר זה מועיל

?האם התשובה שקיבלתם הייתה מועילה

מאמרים קשורים

Using Softaculous to keep daily or weekly backups of your wordpress site

Making sure your sites are properly backed up is very important for your hard work.  Using...

Working with Backups in Softaculous - Downloading, Restoring or Deleting backups

This article will discuss how you can take a snapshot backup of your Wordpress sites using...

Why you are not seeing the green lock (or seeing errors) with your HTTPS secured websites.

Serving your websites securely with HTTPS can be tricky!  In this video below, we'll explain the...

Insty.wordpress - Manually adding your Wordpress sites in the Insty.wordpress listing

Manually add your existing Wordpress installs into the Instysites listing.  Do this to add your...