How to Fix a Wordpress Blog that Keeps Getting Hacked with Malware
I've been blogging for over 10 years now, and after a while you pretty much go through every hosting account, every possible theme, and eventually you will probably get hacked (if you run a self-hosted domain) at some point. Of course, my last theme, the one I have been using on this site now for over a year, specifically warns you about this, and for good reason. They even inserted this in a text note in the stylesheet.css file.
***** IMPORTANT ***** Don't pirate this theme. Themes are typically hacked and injected with spam files and scripts that will get you 'black-listed' from search engines and create security risks on your server. FYI - http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/
I had never been hacked before I started using this theme a year ago, but because I loved the design I kept trying to fight the hackers and keep my site clean. Today I finally gave up, or gave in, and for the first time in 5 years, I have switched to letting wordpress.com host my blog. There are of course advantages and disadvantages to each hosting choice, if you are interested, check out WordPress.com, WordPress, and WordPress.org.
Once your wordpress blog is hacked, you almost have to completely start all over again to make sure all the backdoor files and logins are completely removed. I managed to stay ahead of them for a year, but just got tired of fighting it. At that point, I either delete all the database tables in my SQL database, rebuild and reinstall everything, or just move over here. If you site has been hacked, check out my top five most helpful sites below.
The first thing you want to do is check your .htaccess file, then go through each directory looking for files that don't belong there. They can even be files that look like they do belong there, like common.php and the like, which usually contain some big source code. Run the site checker (link below), and change the passwords on your SQL database, ftp host/username, and your Wordpress user login as well.
- FAQ My site was hacked
- Free website malware & blacklist scan
- Cleaning Your Site from Google Webmaster Tools
- How To Completely Clean Your Hacked WordPress Installation
- The best way to remove malware from a WordPress blog using GoDaddy
I think most people who have a self hosted site would probably just keep the self hosted site since there are several disadvantages to using wordpress.com, or blogger, etc., one being it will take Google forever to start indexing my site again, but in the long run this will ensure no malware ever gets back on this site again, ever.
Hope you like the new design too, I'm always on the look out for the design with the cleanest look, best typography, and easiest to view, to "chunk" is it for now. If you are looking for all my photography that currently isn't showing up, I'm having to change the url's so hopefully they will all be back up in the next few days.