My site has been hacked & used for Phishing on WordPress. What do you do now?
It is most likely that you had no idea your site had been hacked and used for Phishing on your WordPress site. In my case, I had an IT company email me and let me know I had been hacked. Then a few days later, I had an email from Webmaster tools that my site was being used for Phishing.
The question is, how did I get hacked? I am really not sure, my guess was I did not update a plugin that had a vulnerability in the code until it was too late.
The common sense thing to do once you are hacked is to remove the folder where the Phishing files are located. I did this and thought all was a-ok. Well two days later a different folder appeared with new phishing files. I delete this folder and a day later one of my other websites has a phishing attack. Again I remove the folder, took a big deep breath, did some reading online on how to remove a Phishing hack on your site, and what I found was, nothing you can do but find the actually source file. So after looking in my folder structure and sorting by modified date and going about 5 folders deep. I found the source file where the hacker would call through URL to get access into my site and install the phishing files. Once this source file was removed, I have not had any instances of a Hack!
How to clean your wordpress website from a Phishing attack
- If you do not have a Google webmaster tools account for your site, get one! If something is wrong with your site, Google will let you know!
- Update your plugins!!! Update WordPress to the latest version, update your Theme to the latest version!!
- Hopefully you have backed up your site, just in case you have to restore
- You are now hacked, what do you do… First remove the phishing folder, then you will have to spend some time and scan every WordPress folder by modified date and look for something that does not belong. In my instance my hack was located in the /wp-admin/css/colors/ocean/ folder. Here was an asap script and an administrator restore htm file that was giving him access to my site. A hacker can place the hack file anywhere in your WordPress folder structure so look through every single folder until you find files that do not belong.
- Since the Hacker had access to your site, he likely has your password. Change your password NOW!!! Change your cpanel password, wordpress login password and any ftp user passwords that you created.
- These steps should clear you of the phishing attack, it worked for me, and I am hoping these small little tips will help you to. It took me over a week to figure out exactly what to do besides wiping out my site and re-installing WordPress.
- If anyone else has tips on how to clear your site from a Phishing attack, please leave comments below