In the last half a year we fixed a dozen WordPress websites that were hacked. Some of our clients came to us after they went to a different company and those companies followed the usual step by step of fixing a WordPress website that could be found all over the web.
But here are the important steps that those other companies didn’t take:
- Change Database prefix user name and password – if hackers had access to files on your server they know your DB credentials
- Change FTP user/password to something more secure for all FTP accounts, one of the websites we were fixing was immediately reinfected with the same hack. So we asked our client if there is another FTP account with access to these files and the client answered that indeed they had another FTP account with domain name as user name and password as password. As soon as we deleted the secondary FTP account the hacking stopped…
- Another common error was never requesting the reconsideration from Google through webmaster tools and just waiting for it to happen by itself.
- making sure that WordPress actually sending 404 error code and doesn’t only show nice 404 page while sending code 200, which means hey Google this page actually exists.
Do you have some tips for people hacked with the usual link to Cialis and Viagra? Do you have any tips feel free to share in the comments.