Due to the lack of proper security measures, you may experience a hacked WordPress的网站. WordPress sites can be an easy target since its source code is readily available and 近25%的网站 在WordPress上运行的全局指标. In the Q1 of 2016, 78% of all the hacked sites were WordPress based. Now, the Core development team has been constantly working in order to ensure that there are no security threats in place. 大量插件存在安全错误, defectively-coded主题, 可能服务器端也有问题.
To quote a stat, out of every four hacked websites, three of them run on WordPress. So, 在我们强调如何清理被黑的WordPress网站之前, 让我们关注一下WordPress网站被黑的迹象.
你甚至可以向 专家开发人员 或者自己去做. Let us share some vital information on how to clean a hacked WP website:
It is recommended to scan your website to get unsafe malware locations and payloads. 按照以下步骤扫描被入侵的WP网站.
使用任何网站 反恶意软件安全软件, login into WordPress as an admin and click on ‘Security’ and then ‘Malware Scan’. 点击“浏览网站”. 如果网站被感染,您将看到一个警告.
If the remote scanner cannot find a payload, go for other tests in this part. It is also possible to check the Links/ iFrames/ scripts tab of the malware scan to check suspicious components. If numerous websites are there on the same server, it is suggested to scan them all. Cross-site contamination is considered as one of the important reasons of repeated infections. Each website owner should separate their web and the hosting accounts.
你不应该修改WordPress的大部分核心文件. 有些插件是用来验证WP核心文件完整性的,比如 完整性检查程序 其中包括管理和根文件夹检查.
Read on to know the steps to verify the integrity of core file using plugin.
It is also possible to check hacked files by verifying if they are modified through audit logs. 执行以下步骤来验证文件最近是否被修改过.
Log in to WordPress as ‘Admin’ and go to ‘Security’ and then ‘Dashboard’. 检查审计日志部分,查看最近所做的更改. It may be highly doubtful if there are unusual modifications in the last 7 to 30 days.
You may check the list of current user logins to verify if passwords are stolen or new susceptible users are made. 你可以使用插件,比如上次登录时间来检查当前的登录. It is suggested to log in WP as an admin and click on ‘Security’ and then ‘Last logins’. 验证用户列表和登录时间. 突然的登录日期或时间表明用户帐户被黑客入侵.
一旦你得到了恶意软件的位置信息, 以及受损的用户, you can clean them from WP and restore your website to its clean state. It is advised to compare current position of the site with old and clean backup to detect hacked files. If you find a backup, you can use it to compare two versions and detect what is modified.
修复核心文件应遵循一些步骤. You may log in to WordPress as admin and then go to Security > Dashboard.
Fresh copies or a current backup can be used to replace custom files. Perform the steps to remove a malware infection manually from 网站文件.
Database admin panel can be used to remove a malware infection from website database and also connect to the database. These steps are crucial for removing a malware infection from your database tables.
首次登录时以admin登录数据库. 建议在修改前进行备份. 您可以搜索可疑内容并手动删除它们. 验证网站在进行更改后是否正常运行. It is recommended to eliminate any tools that are uploaded to access the database.
如果有不常见的WordPress用户, it is recommended to eliminate them so that hackers cannot use them. It is important to have only one admin user and provide other user’s role with the smallest amount of privileges.
通过使用插件,可以重置用户密码. You need to log in WordPress as admin and go to ‘Security’ and then ‘Post Hack’.
安全漏洞在很大程度上是黑客攻击的根本原因 WordPress的网站. To stay secure, pay attention to several signs which indicate a probable hack. 以防有人闯入, it is recommended to perform the above-mentioned actions to clean your hacked WP site.
If you have feedback or any suggestion, kindly let us know through a comment below.
使用WordPress来促进你的自由职业者业务
Should I Use WordPress, Tumblr, Blogger or Squarespace for My Blog?
Subscribe to our newsletter and access exclusive content and offers available only to og体育首页Post subscribers.