Is WordPress Site hacked or compromised? How to check / audit/ analyze any WordPress Site? This is three-part series “WordPress Security Guide Step by Step”.
In first part of the series, we learnt about WordPress Vulnerability, Testing, and Audit via online malware scanners. We tried to answer the following questions in this video:
What are the symptoms of a hacked WordPress Website?
What to do when the website is in trouble?
Why is the WP site loading slow and / or inaccessible?
How do WordPress Websites get compromised?
Why do WordPress Websites get hacked?
How do hackers create backdoors?
Disadvantages of nulled themes and plugins?
How many types of hackers are there?
What are some famous attacks e.g. DDoS, XSS, Man in the Middle, Cloaking, Clickjacking, Pharma Hack, SEO Spam Hack, Redirections, SQL Injections, Malware etc.
How to create Security Audit Reports?
Symptoms of Hacked WordPress Website:
You feel something is going on behind the scenes. Site is too slow to load, or it is inaccessible. Server resources are excessively used.
There are weird behaviors.
Visitors / customers / fans report some issues.
Host team notifies you if there is some malware attack.
You get alerts from WordPress if the site is hacked.
Search engines tell you about security issues / concerns.
What do we do when site is in trouble? We scan to understand the nature of attack.
Google the website. Analyze the results. You may get indications such as ‘this site may be hacked’ or ‘site ahead contains malware’ notice.
If google has flagged your site or blacklisted it, it’s time to crack the nuts.
Why hackers do this? Multiple reasons. To earn money via affiliate links. Redirection. Cloaking (different information presented to different users etc.)
Extra pages / posts might be indexed (whole new site map). You might not be aware of the malicious process.
Unauthorized popups. Rogue or weird mouse behavior.
Phishing to ask people via your website to provide credit card info etc.
White screen of death / error / blank pages / redirections / spam pages / posts etc.
Check google analytics for sudden increase in traffic spikes / increased bounce rate, conversions reduced.
Look for pharma hack. Also known as google viagra hack. Why? Because even google indexes pharmaceutical products / pages/ posts such as viagra, xanaz, levitra etc.
Following is the list of websites (Online Malware Scanners) we used in the tutorial:
1) isithacked.com
2) sitecheck.sucuri.net
3) Google Safe Browsing Transparency Report
4) getastra.com/seo-spam-scanner
5) Google Search Central Docs (For Webmasters and Developers)
6) site:yourwebsite.com
7) hackertarget.com/wordpress-security-scan (Also created Security Audit Report)
8) urlscan.io
We also discussed Errors :
HTTP 500 Internal Server Error (“Error Establishing a Database Connection,” “Internal Server Error,” or “Connection Timed Out.” ). It can be because of hacking or server misconfiguration.
HTTP 502 Bad Gateway Error or 503 Service Unavailable Error : Indication of server-side problems. Sudden Spike in traffic, too many http requests (اگر آپ کی ویب سائٹ پر زیادہ ٹریفک نہیں لیکن زیادہ ٹریفک دکھائی دے تو اس کا مطلب یا تو سائٹ ہیک ہو چکی ہے یا پھر کسی پلگ ان وغیرہ میں مسئلہ ہے۔ یہ ایرر اس وجہ سے بھی آ سکتا ہے کہ ویب سائٹ کی سیکیورٹی فائروال درست کام نہیں کر رہی یا سی ڈی این میں گڑبڑ ہے یا کوڈ وغیرہ میں گڑبڑ سے بھی یہ ایرر آ جاتا ہے۔ بعض اوقات یہی ایرر انترنل سرور کے مسائل کی وجہ سے بھی آ سکتا ہے۔ شیئرڈ ہوسٹنگ پر یہ ایرر اکثر آ جاتے ہیں۔ سرور پر موجود ایک ویب سائٹ بھی مسئلہ کرے تو باقی ویب سائٹوں پر اثرات آ جاتے ہیں۔
401 Unauthorized, 403 Forbidden & Connection refused by Host : اس کا واضح مطلب ہے کہ آپ سے سرور ناراض ہو چکا ہے یا آپ کے کوائف تبدیل کئے جا چکے ہیں۔ بعض اوقات یہ ایرر غلط الارم کی طرح بھی بج اُٹھتا ہے۔
In the end, we also discussed a test case of hacked WordPress Site.
WordPress Spartans 300 Facebook Group (Very vibrant community)
https://www.facebook.com/groups/wordpressspartans300
Freelance Pakistan Facebook Group
https://www.facebook.com/groups/freelancepakistancom
Regards,
Farooq
Freelance Pakistan
#wpspartans300 , #FreelancePakistan, #wordpress , #HackedSite, #SecurityAudit