Being transparent comes with both awesomeness and risk. Recently several websites on one of my servers got defaced.
There is a difference or I should rather say a thin line between hacks, malware and defacing. Defacing doesn’t hurt as much as malware infection. Then why do hackers practice defacing? Well, the primary reason is to prove that your server is vulnerable. And second, it’s just fun to see n00bs freak out 🙂
Of course, hackers do not have any personal issues with you or me and yet we are the victims. They don’t really choose who they want to attack. They usually scan the entire network for security holes and once they discover it, they simply plant a root-kit or inject malware into the server which then spreads rapidly from one domain to the rest.
In today’s case, my friend Nicko texted me saying that his website got hacked. I am hosting his website which is just a simple portfolio. I only host a handful of websites on this server and thank God, it’s one of my least important ones.
Since I never created a video on defaced wordpress website and how to fix it, I decided it was the best time to do so. Watch the quick 5 minutes video where I walk you through and show you how to restore the defaced websites to their original state.
Disclaimer: I am 100% transparent and you can see that I haven’t blurred out anything in the video. I have a feeling the hackers will come after me again since now they have more details right in front of them 🙂 However, it’s always a learning experience and the risk is worth taking for my beautiful audience.
On the second note, please consult with a wordpress expert or a security consultant before you delete or modify your files. Not all wordpress themes are similar and not everyone will have similar issues. If you are not wordpress savvy then you might end up deleting important files which might screw up your entire server and websites. Sometimes you can use common sense when dealing with such incidences.
I was able to restore my websites. Most of the websites on this server have simple wordpress themes installed so it wasn’t that difficult to fix them. I removed all the malicious files and modified the index.php.
When your website is defaced, it’s usually the index file so; just making some simple changes can bring it back to normal state.
However, please note that sometimes you might have several other files infected. In that case, you might need to consult with a wordpress security team.
Just for your convenience, I am posting the default wordpress code for index.php. This should work in most cases. Refer to the video for details.
Last but not the least, I am glad that the websites were only defaced and not severely infected. Infected websites usually have malware in their databases which hurt visitors. I checked and didn’t find any malware in my database which is a good sign.
I hope you enjoyed the video and I would appreciate if you share it with your friends. I gave up perfection for authenticity so expect ton more sloppier and newbie videos from me 🙂 in the near future.
Security is a huge issue and it should be your top priority. Let me know if you have any questions and concerns. What other ways can you restore a wordpress website from the deface mode?