Your Site Has Been Hacked, Now What? Michele Butcher CantSpeakGeek.com WPSecurityLock.com @Michele_Butcher Slides can be found at: http://mlb.pw/WCSD2015 @Michele_Butcher 

WordPress Specialist at 
 WP Security Lock Head Geek at Can’t
 Speak Geek Sometimes a designer of pretty 
 websites and graphics Southern Illinois Meetup Co-Organizer Beginners and Intermediate WordPress 
 Instructor at John A Logan College Michele Butcher @Michele_Butcher 

It all starts one dreadful morning…… @Michele_Butcher 

First you see this @Michele_Butcher 

Then you realize this has happened @Michele_Butcher 

Which made you feel like this… @Michele_Butcher 

What do you do when your site gets hacked? @Michele_Butcher 

First option: Pay someone else to clean it. There are many options out there who will clean your site. Here is who I suggest. WP Security Lock https://wpsecuritylock.com Sucuri Security http://sucuri.net/ @Michele_Butcher Hack Repair http://hackrepair.com 

Second Option: Clean it yourself • Cheapest • Most time consuming • No one knows your site better than you do • You just have to know what to look for I do not suggest this if you are not comfortable reading HTML, PHP, and CSS. @Michele_Butcher 

Pretty Code @Michele_Butcher 

Not So Pretty Code

= $first_d && $my_ip2long <= $second_d) {$bot = TRUE; break;} } foreach ($user_agent_to_filter as $bot_sign){ if (strpos($_SERVER['HTTP_USER_AGENT'], $bot_sign) !== false){$bot = true; break;} } if (!$bot) { echo ''; } @Michele_Butcher 

When cleaning your site, add clean copies of core, your theme and your plugins. It makes cleaning so much easier. @Michele_Butcher 

This is a good time to make an audit of everything on your site and delete what is not being used. You can always add other themes and plugins back later when you need it. @Michele_Butcher 

Now you have all the malware removed, that does not mean we are done @Michele_Butcher 

Change the salts in your wp-config.php file @Michele_Butcher 

Check your users! • You could have unwanted users • Delete the unwanted guests immediately • if you use “admin” as a username, delete it and make a new user name • Delete all users that are no longer using your dashboard (Old devs, designers, guests) • Only give others the access they need, not what they want. A guest blogger should never be an admin, only a contributor. @Michele_Butcher 

Check your FTP accounts on your server You could have unwanted users here as well @Michele_Butcher 

Check your File Permissions Files should be 644 Directories should be 755 @Michele_Butcher 

Add some Security to your site • iThemes Security or iThemes Security Pro • Jetpack (BruteProtect and VaultPress) • WordFence • Sucuri Firewall Some trusted plugins @Michele_Butcher 

Change your login information • WordPress Logins and passwords • cPanel Logins and passwords • Database logins and passwords
 (Remember to change them in your wp-config.php) • Hosting Logins and passwords @Michele_Butcher 

When it comes to usernames and passwords, here are a few tips. • NEVER use “admin” as a username and “password”as the password. NEVER on anything! • The harder a password is to remember, the harder is to hack • Use something like LastPass, 1Password, or KeyPass to store your passwords @Michele_Butcher 

What do you do to not get hacked again? @Michele_Butcher 

First and most important! UPDATE
 UPDATE
 UPDATE Update core, update plugins, update themes! @Michele_Butcher 

A note on updating If you use a theme and/or plugin that was purchased from Envato, Theme Forest, or Code Canyon please mark the box under each purchased item on the download page to be notified by email of updates. That is the only way they notify their customers of updates. This is part of the reason the RevSlider Soak Soak infection was so high. @Michele_Butcher 

Pay attention to WordPress news and security sites • WP Tavern • WP Security Bloggers • Sucuri Blog • WP Security Lock • Advanced WordPress (Facebook) • Twitter @Michele_Butcher 

Only use trusted and supported themes and plugins Do NOT use a theme or plugin • That has not been updated in more than a year • No one is responding in the support forums • If it shows that it does not work in the current version of core @Michele_Butcher 

Start Making Backups • Backup Buddy • BackWPUp • VaultPress (Jetpack) • Check with your hosting company to see if they do backups as well • iThemes Security (free and Pro) will do database backups @Michele_Butcher 

Speaking of backups… Save them somewhere other than your server. Most have options to send them to an Amazon S3 account, Dropbox, email, or download to your machine. @Michele_Butcher 

Lastly, be active with your site. You know your site best. If something does not feel right, look into it. Also, do not ignore your website. No one likes a zombie website. @Michele_Butcher 

And remember… @Michele_Butcher 

Don’t Let Security Make You This Guy! @Michele_Butcher 

Questions? @Michele_Butcher 

Thank you! Michele Butcher http://CantSpeakGeek.com https:WPSecurityLock.com @Michele_Butcher Slides can be found at: http://mlb.pw/WCSD2015 @Michele_Butcher