Today I was notified of another website that was hacked. Unfortunately, it seems that WordPress is the target du jour so it’s even more important to keep it safe and secure.  After pondering, researching and googlebot-ing, I discovered several things:
- Several files in specific plugins had odd modification dates.
- Some plugins were active and some were not.
- Reinstallation of WordPress from scratch didn’t fix the issue.
This led me to believe that it was probably plugin related. So, I went through the plugins I didn’t need or that were inactive and deleted them.
Voila! Â The hack was gone!
Then, changed passwords for EVERYTHING, hardened and secured the install and I expect it’ll stay safe now, unless the hackers uploaded a regenerating hack.  If so, then, obviously it’ll take more time to clean it.
So, remember, even if you have plugins you aren’t using, delete them. For the plugins you are using, make sure you need them and keep them current. Â Also, delete unknown users and change all passwords. Â This won’t guarantee your site will stay clean, but it’s a start. Then contact me to learn how I can help harden and secure your WordPress website.
Oh, and the 3 hacked plugins were:
- akismet (This one seems to get hacked most often, so if your site is hacked, check this one first).
- google-analyticator
- simple-facebook-share-button
If you see strange files like this, called native.php in the akismet plugin folder or others, you know you’ve been hacked and it’s time to do something about it: