27.07.2010 in Home > Theitechblog > Security > WordPress by Namit Gupta

How I Restored TheitechBlog After it Got Hacked

TheitechBlog was hacked recently, but soon I discovered the problem and restored the blog within few hours.

I was in a great dismay when on 24th July morning at around 8 am when I visited my blog, and was faced with a black screen with some arabic text and weird music playing in background.

theitechblog-hacked

I went blank with shock, thinking could this have happened and how could I bring my website back! I was a little relieved when I remembered about the backups, which I had created sometime back. (That is why it is always advisable to have backups of your data.)

How did TheitechBlog get hacked and was recovered consequentially?

I tried logging into dashboard but I couldn’t, the hacker had changed my login password. Then I got into the root directory of WordPress, I checked .htaccess and wp-config.php files for any malicious activity but found nothing. Then I looked for theme files, there I discovered the malicious code in the index.php! the hacker had replaced index.php file of my theme with a malicious code file. I quickly restored all original theme files from the backup. Theitechblog blog was up again!

But it was just a temporary measure, I had to trace the main loophole behind this hack. How did the hacker managed to gain access to my theme files and database was a question which bothered me. I though about it for several hours, and read about WordPress Security all over the internet.

I came to know about the problem of ‘file permission‘ of wp-config file. WordPress stores the database credentials in plain-text in the wp-config.php file, anyone who can gain access to this file can easily gain access to your database!

Theitechblog was hacked by exploiting this loophole. The attacker got access to my database, changed my password and from the dashboard changed the theme files.

If he might have got access to root, he would have changed other files too, like the core WordPress files, .htaccess, wp-config.php, but only theme files were changed which can be access by dashboard.

The hacker may have exploited some other loopholes as well but the facts are pointing more towards wp-config.php file hack.

Ways to protect WordPress wp-config.php

#1. Correct File Permissions

I later checked the file permissions of my WordPress wp-config.php file, the file permissions were incorrect and were allowing others to access the file. I changed the permissions to the appropriate.

This loophole exists in many WordPress blogs by default. WordPress does not changes the permissions of wp-config.php file and generally newbies don’t pay much attention to this or are unaware of this loophole.

Check out the permissions of your WordPress blogs wp-config.php and change it to 750.

#2. Using .htaccess file

Paste this code to the .htaccess file, in your WordPress root directory.

# to protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>

This is how I recovered my website from the hacking attack! But I still have to work a lot on the security of the blog. I will be writing more articles on WordPress security. Ignorance of security can lead to big problems, hence it should be given proper attention.

You can never be too careful about these things. So make sure you have a recent backup of database and other important files.

Have you ever faced any hacking attack on your website? Share you experiences. And let us know about your views on WordPress Security.

  • will do this in my blog. its like a nightmare.

  • OMG! It is scary.

    I will right away check wp-config.php permission and add that chuck in .htaccess file.

    • Yes mate, It was a lot scary but an interesting experience too. :-) File Permission is the most important, .htaccess will surely add more security to it. Thanks for your comment.

  • aks

    can you give the ideal template of htaccess file for wordpress including above code for wp-config

  • Pingback: Must Change Wordpess wp-config file Default Permission()

  • Thanks Namit for coming up with this post and sharing in detail along with the solution.
    I’ll just take the measure right now so that I won’t have to face that.

    • Hey Gourav, security is very essential for any website. Do ensure to take proper security measures well in advance. Thanks for your comment mate. :-)

  • Harry Sehgal

    Getting Hacked is always scary. But doing a Hack always makes attacker smile(always in my case) Lolzzzz. Try to install some usefull security plugins.

  • Hi Namit,

    Thank you so much for this post – I have a number of blogs and they were all being hacked day after day and I did not know why.

    I am implementing these changes and hopefully this will lock the sites down and prevent further attacks.