Knowledgebase: Development
My wordpress site was hacked
Posted by Sam Nexus on 21 November 2011 07:30 PM

Follow the following steps to secure your website.


  1. Secure your operating system


Your operating system (e.g., Windows, OS X, or Ubuntu) plays a central role in managing the security of your computer. Keep it safe by:


  • Installing security updates as they become available.
  • Using a built-in or third-party firewall.
  • Enabling file sharing only if needed, and then with security features (e.g., passwords) turned on.


  1. Keep up to date


Not just your operating system, but your web browser, toolbars, plug-ins, security software, and other applications all need to be kept up to date to patch “holes” that can let badware into your computer.


  • Most software has an automatic update feature—use it!
  • For software that doesn’t have such a feature, look in the menus (especially the “help” menu) for a manual “check for updates” option.
  • If there is no update option in the software, check the vendor’s website to see if they have “patches,” “updates,” or other downloads intended to fix security vulnerabilities.


  1. Install security software


Anti-virus, anti-spyware, and other similar products can be useful to detect, stop, and remove badware that has found a way onto your computer despite following the previous steps. Look for a product that:


  • can detect both known and unknown viruses, spyware, and other badware in real time.
  • has a low false positive rate.
  • has been reviewed in established publications and/or tested by independent labs. Do not take the word of the product’s website or ads; instead, check the publications’ and labs’ websites for verification.


It is sometimes helpful to have a second product (from a different vendor) that you can run manually or on a schedule to check for anything that the realtime scanner may have missed.


  1. Remove or disable unnecessary applications.
  2. Other Security Measures

Keep your essential software up-to-date :


Web browser

Browser plugins (i.e. Flash, Java, Adobe Reader, QuickTime, etc.)

Anti-virus and/or anti-spyware tools


Use browser security extensions like NoScript to minimize risks of being infected while surfing the web.

Change all site passwords. Refrain from saving new passwords in FTP programs where malware can easily steal them from.


Update all third-party scripts:

Codex Wordpress

Note: Removing the old content and uploading a fresh copy or restoring the site from backups will be just a temporary solution since the cause of the hack would not be eliminated. Kindly ensure you look in ALL folders and review ALL files. Hackers normally leave scripts which can be used later on to regain control. Also make sure all administrator passwords are changes including in wordpress.
Nexus can offer development services, however, there would be considerable costs due to the development hours required for such tasks.