Upload
wordcamp-sydney
View
51
Download
0
Embed Size (px)
Citation preview
1
Tips For Fixing a Hacked WordPress Site
Vladimir Lasky
http://wpexpert.com.au/
WordCamp Sydney 2016
3
General Recovery Strategy
Assess The Damage
Disinfect Site
Replace Data
Recover Data
Secure Website
Check For Reinfection
5
Files That Are Often Infected:
.htaccess
index.php
index.html
wp-config.php
Theme templates
Plugin Files
6
Files That Are Often Infected:
Anywhere within the installation:
– .htaccess
– index.php
– index.html
– wp-config.php
Within wp-content
– Theme templates
– Plugin Files
7
Common Infectious Payloads:
Shell code (a back door for the hacker)
– Often appears as strangely-named PHP files
Spam to be shown to site visitors
Javascript code to pull in content from external
sites or to attempt to trigger vulnerabilities in the
visitor’s web browser
Boasts about the attacker’s hacking prowess
8
Finding Files Modifed Between Two Dates
find . -type f -newermt 2010-10-07 ! -newermt
2014-10-08
find . -type f -newermt "2014-10-08 10:17:00" ! -
newermt "2014-10-08 10:53:00"
find srcdir -type f -newermt 2014-08-31 ! -
newermt 2014-09-30 -exec mv -i {} destdir/ \;
10
Identifying The Infection
Sucuri Site Check
Google Webmaster Tools
If website still accessible, vulnerability scanning
plugins like Wordfence (or similar plugins)
11
Recovering Site Content
Old Site Backups
WordPress Export
Google's Cache of the site
Archive.org (also called Internet Archive or
Wayback Machine)
12
Conclusion
Slides from My Previous Security Talks:
– Wordcamp GC 2011:
• http://slidesha.re/tr2XA5
• Covers the “Three Pillars of Security”, the aims of attackers and other WordPress security
plugins
– WordCamp Sydney 2012:
• http://www.slideshare.net/wordcampsyd/securing-your-wordpress-website-vlad-lasky-
wordcamp-sydney-2012
Questions and Comments:
– http://wpexpert.com.au/contact-us/