WordPress is one of the most used and famous open source CMS Script available free to use. As it is one of the widely used CMS Script with having millions of Free themes, plugins and tools to use, this CMS Script is also a heaven for hackers. Where WordPress is one of the most secure script, it is one of the most “easy to hack” script due to various outdated or poorly codded Themes / Plugins.
WordPress is not the only script which can be hacked/compromised, but every CMS Script which get outdated, can get compromised or hacked. So all CMS Script Developers keeps releasing new Updates and keep releasing Security Patches.
As WordPress is world’s one of the most used CMS Script, so it is also responsibility of users to keep it updated and secure to avoid getting their blogs hacked/compromised.
My Website is Compromised and Sending Mail-Spam, How do I Fix it?
Currently one of the most common issue of WordPress CMS is, hacker/spammers use outdated / weak Security WordPress websites to send Email Spam which lead to get account Suspended by Web Hosting Provider. When a website gets suspended, User starts bashing Web Hosting Providers without knowing what is wrong or what actually had happened it is actually their fault and responsibility to keep their website secure.
WHAT ISSUES EMAIL SPAMMING CAN CAUSE FOR WEB HOSTING PROVIDERS?
Email Spamming cause a lot of issues for web hosting providers such as,
*Email Queue Get filled up with thousands of emails, which cause delayed email sending/receiving for legit email users
*Server Main IP gets blacklisted by several big ISPs and Spam Control & Monitoring Agencies such as Spamhaus or SpamControl etc, so once Server IP gets blacklisted, Gmail, Yahoo, Live/Hotmail and all other major email providers stop accepting emails from that Server until the Server IP gets delisted which is very long and painful procedure.
But most users just do not follow the cause and starts bashing their Web Hosting Providers without thinking twice what issues they just caused to the provider willingly/unwillingly.
HOW TO FIX IF MY WEBSITE IS COMPROMISED AND SENDING SPAM?
When Hackers compromise a website, they use outdated plugins/themes or outdated WordPress to upload phpmailer files which cause email spamming. It is very difficult to find such files and remove as there are hundreds of .php files so if a hacker is clever enough to name that .php mailer script to something similar to WordPress Core Files then it is nearly impossible to find such files. But if you somehow locate such file and remove it, you wont know for sure that hacker do not have placed such similar files to somewhere in your other WordPress directories.
To Fix your website Completely, here are the steps you need to follow completely.
- Login to your cPanel and generate a full website backup for emergency.
- Download Fresh WordPress Content from WordPress.org and extract it.
- Login to your cPanel and then go to File Manager =>public_html (or connect to FTP and go to public_html folder).
- Select all files and folders (WordPress related), then deselect wp-content folder and wp-config.php file.
- Delete all Core Files of WordPress (do not delete wp-content folder and wp-config.php file), and place a blank index.html file so no one can access your inner files.
- Go to wp-content folder and remove all files and folders except “uploads” folder. (do not delete “uploads” folder but delete all other folders).
- Check “uploads” folder and its sub_folder for any .php extension file. If you find any, please delete them.
- Login to cPanel again and run a complete scan of your public_html folder by Virus Scanner placed in cPanel.
- Once Scan is completed, rename wp-content folder to wp-content-old.
- Upload New WordPress Core Files we just downloaded from WordPress.org.
- Move “uploads” folder from wp-content-old to new wp-content folder.
- Make sure “uploads” folder is completely moved to wp-content folder, once it is moved completely, remove wp-content-old folder.
- Remove that index.html file we created temporarily.
- Now go to wp-content=>themes folder and remove all default themes of WordPress (unless you are using one of the default theme), and upload your required Theme. Please upload only one theme which is required to be used as main theme for your blog and do not upload any unnecessary themes which are not needed at all.
- Now go to wp-content=>plugins folder and remove all unnecessary plugins and install only those plugins which are required and needed for your WordPress blog.
- Now Login to your WordPress Dashboard by going to yourdomain.com/wp-admin =>Appearances =>Themes => Select and activate the theme you uploaded. Now your Blog is active and functional.
First part is completed as we fixed the “Email Spamming” Issue of WordPress Blog. Now it is recommended to secure it for future too. By Default WordPress comes with general/default settings and it like every other script, it is users responsibility to secure it as much as possible to avoid any issues for future.
- Always update WordPress, Themes and Plugins to Latest Versions. Old/Outdated or poorly codded plugins and themes can easily lead your websites to get hacked or compromised which can cause a lot of headache and stress and can consume a lot of your well worth time.
- If a theme is not needed, do not keep it into your WordPress themes folder, delete all unwanted themes and plugins immediately and keep only those plugins and themes which actually require to run your WordPress Blogs. If you require only 1 theme, install that particular theme and delete all other themes including Default WordPress Themes.
- Never install Nulled Themes. Nulled themes always leads to hacking/cracking sooner or later. So it is advised to not to install such themes and plugins.
- Make sure your wp-config.php file is protected and is not accessible by public. To secure your wp-config.php file, edit your .htaccess file placed in your root folder (public_html folder), and place this code as
<files wp-config.php>
order allow,deny
deny from all
</files> - Most of the time hackers place php mailer files in wp-content, plugins, themes and or wp-includes folder. So it is recommended to protect these folders from public access. To do this, create/edit robots.txt file and add following code as
Disallow: /wp-
- Protect your wp-login.php file. Hacker generally try to bruteforce wp-login.php file for wildguess of Passwords for a WordPress User, so it is highly recommended to protect your wp-login.php, Please Follow this Official Guide to protect your wp-login.php file.
- If you are using a VPS or Dedicated Server for your blog, make sure to install CSF Firewall and configure it for best security. Also make sure Mod_Security is installed and rules are configured properly. It will help to stop several WordPress based attacks.
There are several other methods you can use to prevent hacking, also make sure to keep backups of your WordPress Blog. Always keep a daily or at least a weekly backup copy of your blog/website in your Personal Computer or somewhere in your backup server so you can restore it immediately in case of emergency. If we missed any part, please do not forget to mention it via comments so we can update this Post ASAP.