WordPress is a CMS that is widely used around the world, and as a result, it can become a spam springboard or fall victim to tampering. There are various causes for this, such as not updating old WordPress, not updating plug-ins, and weak passwords, but here we would like to briefly introduce some of the measures we take when a site is a stepping stone for spam.
2000px-Botnet.svg

Check for malware infection

WordPress is currently being used as a stepping stone for secondary damage by malware (programs created with the intent to perform illegal and harmful actions) that is embedded in the WordPress code and remotely redirected to other sites, links to a large number of other sites, banners, and so on. This method is used as a stepping stone for secondary damage.
Sucuri SiteCheck can check for the presence of this malware.
sucuri
Enter the URL of the site you want to check and click “Scan Website”.
sucuri2
The results of the scan will be displayed.

Back up the site and make it work in the local environment

If your site is infected, first make backups of both the WordPress files and the database.
The entire site can be backed up using FTP software, and the database can be backed up using phpMyadmin or a WordPress plugin.
Also, to make sure the site works in your local environment, move the site to an environment where apache, mysql, and PHP are installed and working.

Clean installation of WordPress and plug-ins

Download the WordPress main unit from the official site and replace everything except the wp-content folder of the infected site. (Move only wp-content/upload and wp-content/theme to a completely new set of WordPress files, as tampered files may have been generated.)
Also, download all installed plugins for the infected site again and put them in the wp-content/plugin folder

Scan the theme and upload folders for tampering

Now the only folders that may be infected are the theme folder and the upload folder. The most reliable way to detect theme tampering is to re-download the current theme and detect the differences between the theme files and those of the infected site. WordPress Doctor uses a tool to detect differences in theme files.
スクリーンショット 2016-02-02 11.52.06
*Example of tampering found
In addition, visually check the upload folder for all files except for images and pdf files, and delete any strange files.

Install security plug-ins and set appropriate permissions

Finally, install security plug-ins and set appropriate permissions on the WordPress folders to prevent them from being rewritten.

We recommend the following security plug-ins
All In One WP Security & Firewall

all-in-one-wp-secutiry-firewall-1-dashboard

However, since the settings are diverse and difficult, the following plug-ins are also recommended if you wish to do it yourself.
SiteGuard

Finally, once you have verified that WordPress is working in your local environment, you can move it to the production environment!

Related Posts:

  1. WordPress site defacement hacking for SEO purposes. what is SEO spam?
    The most common type of WordPress tampering these days is the hacking of WordPress sites for SEO purposes. We will explain this SEO spam....
  2. What are write permission permissions for files that are important for WordPress security?
    This section explains file write permissions, an important WordPress security issue....
  3. What to do when multiple (or all) sites on a single server are infected with malware
    We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering)....
  4. Redirect hack that takes you to another site when you click on a link on a WordPress site.
    A redirect hack is a type of tampering in which a hacker alters site data or theme files to force users to go to a page that the hacker wants them to go to instead of the page they originally wanted to see. The following is an explanation of a common example of a redirect hack, in which clicking on...
  5. Reasons for repeated hacker defacement and malware infection on WordPress sites
    Once a WordPress site has been defaced by hackers, embedded malware, or infected with a virus, the site may be repeatedly defaced even after you think you have removed the malware. We will explain how to deal with such cases....
  6. If you are worried about security with WordPress, but also worried about problems that may occur when updating
    WordPress itself, themes, and plug-ins are rarely found to be vulnerable, and their creators release updates to improve security, but updates can also cause problems with the site. In some cases, the update is forbidden by the company because it causes the site to malfunction. This dilemma always revolves around the operation of WordPress. We will explain how to deal...