0 votes
528 views
by (1.5k points)

I don't know the exact time but when I today visited my own website, I totally surprised. My site has been comprised by an anonymous hacker. The malicious Jihadi style name appeared as a homepage. Please help me to get rid off from this 

Jihad Adelaide
jihadadelaide@gmail.com

style attack. Please see screenshot for more detail.
Jihad Adelaide hacked website

I am using WordPress as CMS on shared hosting.

1 Answer

0 votes
by (10.3k points)
edited by

Yes, this kind of attacks has now accelerated on WordPress powered websites. The hacker targeting WordPress sites mostly via vulnerable plugins or themes. Because current WordPress versions come with auto upgrade feature, on general upgrade or while new serious vulnerability detected. As WordPress (WP) is free and major websites on the internet are powered by WP. So, naturally most hackers active in compromising WP sites using vulnerability /zero-day bug.

Let's come to the point. Follow below step to clean website,

  1. Login to your cPanel or FTP client (i.e.FileZilla)
  2. Navigate to public_html or www folder
  3. Locate if index.html is there. If yes backup it and delete it.
    Deleting infected index.html
  4. Same way locate index.jpg and delete it
  5. Now see your homepage showing correct content or not.
  6. If not, check index.php file. Compare it with an original version from WordPress repository.
  7. Check .htaccess is present and contents is genuine and not malicious one.

The vulnerability used to comprise the WordPress site

In this type of attack, the hacker used the zero-day vulnerability in Twenty-Twelve theme. This theme itself an official theme of WordPress. So, no doubt most of the WordPress websites have this theme in its backend. Moreover, a hacker can exploit this theme even when it is not an active theme devil. To detect and remove this vulnerability, we recommend to scan your backend with Wordfence plugin.

  1. Login to your WordPress admin panel
  2. Install and activate Wordfence plugin (if not installed earlier) via Admin panel > Plugins > Add new
  3. Go to Admin panel > Wordfence > Scan > Start a Wordfence scan
    Wordfence scan
  4. Click check box in front of Select for bulk repair
  5. Now click Bulk Operation link just above the first scan result
    Wordfence bulk repair
  6. Click Repair files button
  7. When you clean malicious objects completely. Wordfence will show the successful message "Congratulations! No security problems were detected by Wordfence."

It's not all. You should delete twenty-twelve theme if it's not a default theme.

  1. WordPress admin panel > Appearance > Theme
  2. Select Twenty-Twelve theme
  3. Click on Delete link (can be found the lower right side corner)

Alternatively, you can delete extra / unused themes manually in bulk via FTP client like FileZilla.

How to protect WordPress powered website from future attacks

Generally, precaution is better than cure. So, you need to install security plugins like Wordfence to filter malicious request/activity from genuine one. Now these it's essential to install a firewall, virus scanner and file change detection tool on websites for better security. 

 WordFence Security

Sometimes, the name of the malicious file may be vary. You should check it with care. You can see following video for further detail.

https://www.youtube.com/watch?v=rGBLIQsJGAI

Hope it will safely pull out you from this malicious attack. All the best.yes

...