My WordPress Website Got Hacked! And I Fixed It!

My WordPress Website Got Hacked! And I Fixed It!

One of my WordPress websites got hacked the other day. I know this because my blog posts, and only my blog posts, kept on redirecting to random malware pages. I, of course, performed a Google Search to find out how to resolve it. Thankfully I had a backup of the website even though I didn’t need it as it wasn’t the core files that were hacked.

It wasn’t…

I tried restoring the WordPress installation from a backup file I had on my desktop computer. After removing the files like index.php, header.php, and footer.php (where hackers like to inject malicious code), I uploaded the backup files that I had. But, that didn’t resolve the problem.

I pretty much did the same thing with my WordPress theme. Removed all the files I thought were infected and uploaded my backup files. I tested my blog posts again, but nope, they were still redirecting to malicious websites.

It was…

I remembered yesterday that I had installed a WordPress plugin called All In One WP Security. The plugin had stated it was the “All around best WordPress security plugin!” Bwahaha! I had installed it maybe two weeks ago to combat comment spam and it was working, I wasn’t getting any more spam or any comments. Come to find out it was the plugin that was redirecting my blog posts and that’s why I wasn’t receiving any comments at all.

After deactivating the plugin and testing my blog posts, I was relieved to find out that it worked. I was no longer hacked! All from a WordPress plugin that was installed for security purposes and this is what I get.

So if you’ve gone through the list of trying to figure out where the malicious code is, next thing try to deactivate some plugins and see if that resolves your problem.

You Might Also Like