You've Been Hacked, Now What? Getting WordPress Up and Running Again

47
You’ve Been Hacked. Now What? Getting WordPress Up and Running Again

Transcript of You've Been Hacked, Now What? Getting WordPress Up and Running Again

Page 1: You've Been Hacked, Now What? Getting WordPress Up and Running Again

You’ve Been Hacked. Now What?Getting WordPress Up and Running Again

Page 2: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Jeremy Green

@greenhornet79 endocreative.com

Page 3: You've Been Hacked, Now What? Getting WordPress Up and Running Again

[photo of freaked out]

Page 4: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Where Do I Begin?

Page 5: You've Been Hacked, Now What? Getting WordPress Up and Running Again

1. Backup Hacked Site Files

Page 6: You've Been Hacked, Now What? Getting WordPress Up and Running Again

• Site files

• Database

Page 7: You've Been Hacked, Now What? Getting WordPress Up and Running Again

2. Got Shared Hosting?

Page 8: You've Been Hacked, Now What? Getting WordPress Up and Running Again

your site infected site

infection

server

Page 9: You've Been Hacked, Now What? Getting WordPress Up and Running Again

3. Update FTP and MySQL Passwords

Page 10: You've Been Hacked, Now What? Getting WordPress Up and Running Again
Page 11: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Option #1 Restore From a Backup

Page 12: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Manual Method

Page 13: You've Been Hacked, Now What? Getting WordPress Up and Running Again

1. Drop infected database tables

Page 14: You've Been Hacked, Now What? Getting WordPress Up and Running Again

2. Import Clean Database Tables

Page 15: You've Been Hacked, Now What? Getting WordPress Up and Running Again

3. Delete Infected Site Files

Page 16: You've Been Hacked, Now What? Getting WordPress Up and Running Again

4. Upload Clean Site Files

Page 17: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Enter URL and Database Settings

Page 18: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Using BackupBuddy

Page 19: You've Been Hacked, Now What? Getting WordPress Up and Running Again

1. Find Backup and ImportBuddy Files

Page 20: You've Been Hacked, Now What? Getting WordPress Up and Running Again

2. Upload Files to Your Server

Page 21: You've Been Hacked, Now What? Getting WordPress Up and Running Again

3. Navigate to ImportBuddy URL

Page 22: You've Been Hacked, Now What? Getting WordPress Up and Running Again

4. Choose Backup File

Page 23: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Enter URL and Database Settings

Page 24: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Enter URL and Database Settings

Page 25: You've Been Hacked, Now What? Getting WordPress Up and Running Again

That’s great, but…

Page 26: You've Been Hacked, Now What? Getting WordPress Up and Running Again

I don’t have a backup…

I don’t have a backup…

Page 27: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Option #2 Start From Scratch

Page 28: You've Been Hacked, Now What? Getting WordPress Up and Running Again

1. Download Everything Fresh

Page 29: You've Been Hacked, Now What? Getting WordPress Up and Running Again

WordPress

Page 30: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Plugins

Page 31: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Theme

Page 32: You've Been Hacked, Now What? Getting WordPress Up and Running Again

2. Delete WP files on Your Server

Page 33: You've Been Hacked, Now What? Getting WordPress Up and Running Again

3. Upload Fresh Files

Page 34: You've Been Hacked, Now What? Getting WordPress Up and Running Again

4. Move Uploads Folder

Page 35: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Go to yoursite.com

Page 36: You've Been Hacked, Now What? Getting WordPress Up and Running Again

6. Update WP Admin Passwords

Page 37: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Enter URL and Database Settings

Page 38: You've Been Hacked, Now What? Getting WordPress Up and Running Again

That’s great, but…

Page 39: You've Been Hacked, Now What? Getting WordPress Up and Running Again

I have a custom theme/plugin/etc…

Page 40: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Check Theme Files for Backdoors

• eval()

• base64()

• <iframe>

Page 41: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Check Theme Files for Backdoors

Page 42: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Sort Files by Date Modified

Page 43: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Check for Suspicious Files

Page 44: You've Been Hacked, Now What? Getting WordPress Up and Running Again

5. Enter URL and Database Settings

Page 45: You've Been Hacked, Now What? Getting WordPress Up and Running Again

That’s great, but…

Page 46: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Hire a professional.

Page 47: You've Been Hacked, Now What? Getting WordPress Up and Running Again

Jeremy Green

@greenhornet79 endocreative.com


Your WordPress Site Has Been Hacked: What Now?

Your WordPress Site Has Been Hacked: What Now?

Evaluation Hacked Media

Evaluation Hacked Media

Don't let your WordPress site get hacked

Don't let your WordPress site get hacked

Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016

Tips for Fixing a Hacked WordPress Site - WordCamp Sydney 2016

Do you know if your WordPress site has been hacked?

Do you know if your WordPress site has been hacked?

Hacked By Turkhacks

Hacked By Turkhacks

WP Sicher betreiben - Das WordPress Meetup in München..."WordPress infections rose from 74% in 2016 Q3 to 83% in 2017." "At the end of Q3 2016, 61% of hacked WordPress sites recorded

WP Sicher betreiben - Das WordPress Meetup in München..."WordPress infections rose from 74% in 2016 Q3 to 83% in 2017." "At the end of Q3 2016, 61% of hacked WordPress sites recorded

Michigan DGS 2015 Presentation - You'Ve Been Hacked Now What - Michael Ashton

Michigan DGS 2015 Presentation - You'Ve Been Hacked Now What - Michael Ashton

2015 Resolutions Hacked

2015 Resolutions Hacked

Everyone’s Been Hacked

Everyone’s Been Hacked

MWEB Business: Hacked

MWEB Business: Hacked

Hacked tax forms

Hacked tax forms

Senior CSIRT Investigator At Privacy, Access and …...“There's now a growing sense of fatalism: It's no longer if or when you get hacked, but the assumption that you've already

Senior CSIRT Investigator At Privacy, Access and …...“There's now a growing sense of fatalism: It's no longer if or when you get hacked, but the assumption that you've already

April 2015 — Hacked

April 2015 — Hacked

3 Hacked Chords

3 Hacked Chords

Bsm Hacked Paper

Bsm Hacked Paper

Legend - Hacked By Foaad Pal | Hacked By Foaad Pal

Legend - Hacked By Foaad Pal | Hacked By Foaad Pal

Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker fadia.ankit@gmail.com Hacked!!!

Http:// HACKED!!! Securing your Business Ankit Fadia Ethical Hacker [email protected] Hacked!!!

HACKED BY Mutarrif

HACKED BY Mutarrif

To be Hacked or not to be Hacked!

To be Hacked or not to be Hacked!