So, did your WordPress site just got hacked? All your content would be at risk then, and in some cases, you may even get locked out of WordPress. What do you do then? Go back to ground zero, and rebuild everything again?
Not really, even though it may seem a more appealing and less complicated option. Without redeveloping your WordPress website, you can still fix the issue. This is regardless of whether you have or don’t have access to the admin account or database. Here is a way that can get utilized when you do not have any backup to restore content and configurations from.
Let us get down to it!
To start with;
Can you access the WordPress admin dashboard? If not, you should connect to the database. As a result, you should be able to access it. Because, in normal cases it is not compromised if the hacker accesses your website via the front end. Now, recover your content and then move it to a new location. Above all, change credentials for the admin account, and then reset the site.
Also, there can be instances when the hacker gets in through the back-end. This means access to the database would get locked. In such a case, you usually enter through the front end and then start a cleanup process.
Back Up Your Data and Configurations
A safety measure that can prove to be valuable in many situations. You may have deployed the best security controls. And, be using all necessary security plug-ins. But, your site is still exposed to some risks. If you have not backed up your website ever, now is the time to do so. In any case, the site crashes down, or you get locked out, you would still be able to restore content. So, get prepared, now and always.
Access Your Database
You can access the database of your WordPress site through phpMyAdmin, cPanel, and SSH. However, ensure you use your credentials to log in to the account. After that, access the phpMyAdmin interface through the Databases menu. Once the page has loaded, locate the name of your database from the column on the right. And, click on it. You should be able to see a complete list of all the tables.
If you are not sure which database got associated with your WP website, check out the wp-config.php file. Visit the File Manager menu through the files tab. Now, select the root folder of your website. And, open the wp-config.php file install in the location by clicking on the Edit button. If a pop-up gets displayed, choose the UTF-8option from the drop-down menu. And then, press the Edit button. Now, browse the file to search the name of your database. Locate this piece of code, and note down the name of the database at the highlighted position.
// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */define (‘DB_NAME’, ‘database_name_here‘);
/** MySQL database username */define (‘DB_USER’, ‘username_here‘);
/** MySQL database password */define (‘DB_PASSWORD’, ‘password_here‘);
/** MySQL hostname */
define (‘DB_HOST’, ‘localhost‘);
Your wp-config.php file should show the actual database name at the databse_name_here. Now, select this name from the phpMyAdmin panel. It is for managing your WP website via the database tables.
Check the DB history
Go through the history logs first before you begin making changes to the database itself, and note any unusual thing that you may come across. If any of the tables seem to have been accessed or modified, and not by you, then it would probably be the hacker at work.
So why should you check out history? Here are the two main reasons for doing so.
Adding legitimate entries to history is not recommended. Because, it unnecessarily creates more items, which later have to get sorted out. Also, knowing where the hacker infiltrated for access is difficult with more items.
The phpMyAdmin portal records only the last 25 actions. So, you should go through them before you make any changes. Are you working on alterations and you have started accessing the tables? If so, you will be erasing all previous entries that could provide potential clues on the hack.
If you can identify tables that got modified, you can either fix or export them. Besides that, edit the changes and then save the content again.
Locating the DB history
Click the console button, located at the page’s bottom. Now, click the History button near the top of the screen. You will view the last 25 actions taken for the database. Hover over the entries to find out more details. For example, date, time and the infected DB’s name. Check the logs, and see if changes were made. Or, if only the tables got accessed. When you have identified the targeted tables, note down their names. You will be exporting and fixing these later on-wards.
Change Your wp_site_meta_credentials
Account details can get edited through the DB. This means that you would be able to log into your WordPress website once again. Find the wp_users-table, and see if you did not create any doubtful accounts. Also, delete all these entries to prevent the hacker from accessing your site again.
Further, go through the table and site_admins field. See if any of the accounts got tampered with. Moreover, you can change your email address and password to make your account more secure.
Select the database of your WordPress website through the phpMyAdmin panel. After that, select the wp_users table, which should show a complete list of users on your site. Now, find your particular account and click the Edit button next to it. Change the password by clicking on MD5 from the user_pass drop-down menu.
Replace the value given in the field with a new password. The password will get un-encrypted when added. But, as soon as you save changes, encryption get carried out automatically. To change the email of the account, replace the value in the user_email field with your new address.
After making all changes, select the save option from the drop-down box. And, click Go located on the bottom of the page.
Creating a new admin account
Generally, when your website gets hacked, the best way forward is to create a new admin user account. This ensures there is a higher security level from then on-wards. But, you can skip his step if you are entirely sure that you got locked out from your account due to a mistake. In such a case, changing your password through the DB tables should be enough.
Once again, access the wp_users table through the phpMyAdmin account. Now click on the insert tab on the Menu Bar, and fill in the required fields. The ID is an alphanumeric code for the account input a number that has not been used. User_login is the username which you will use for logging into the account.
User_pass is the password. Like before, select MD5 from the drop-down menu, and then enter a password. User_nicename is a nickname. user_email is the associated email address for the account. And, display_name is the name that would be visible from the front end of your WP website. In the user_registered field, select the current date. Insert 0 into the user status field. Click the Go button.
Until now, you have only created a user account. Now, you have to grant admin rights to this account. Select the wp_usermeta table, and then click on the Insert tab. You can leave the umeta_id field empty. But, you will still have to fill up all other fields.
User_id is the same id that you set just a while ago for your newly created account. In the meta_key field, input wp_capabilities. And, for the meta_value field, type the following in the text box.
a:1: {s:13:”administrator”; b:1;}
Click Go so that all changes can be saved. Click the Insert tab again so that a new row can be added to the table. Once again, let the umeta_id field remain empty. In the user_id field, select the same id as before. For the meta_key and meta_value field, enter the following values, respectively.
wp_user_level 10
Click the button again so that you can start using your newly created admin account.
Move the content
Access the admin dashboard with the account that you created. Now, start exporting your content. If, you cannot access the front end, move the material via the database as an SQL file. Or, via the phpMyAdmin panel.
That should fix things up. If you are still facing issues, consider bringing professionals on board. Let them deal with your hacked website.
English