WordPress Hacked – Cleanup and Prevention

Image by Chanpipat http://freedigitalphotos.com
Image by Chanpipat

WordPress Hacked  – Cleanup and Prevention

Well, most of you who have visited my blog since May 28 or so, realize that my WordPress blog had been hacked; something that all of us try to prevent.

Speaking from experience, I can tell you it is one of the most frustrating experiences of my life.  Why?

Because all the right things were in place and someone still got in!  The funny thing is my hosting company says I was not hacked.  I say Bah! Humbug!  But that’s another issue.

In the meantime, I’ve learned a little bit about cleaning up the mess if you’ve been WordPress  hacked.  I also found another issue with the site being hacked.

All traffic was stopped from coming to my site, including Googlebot!  The search engines had stopped crawling my site!  Google sent a message indicating something was wrong. Man, oh man, if I could ever find that invader I’d #@$@%!

hackerblog-7Google was stopped from crawling my site so all my Analytics and keywords were affected.  ALL of my keywords that I had ranked for in Google looks as if I never ranked. 

I use SheerSeo to get a weekly report to show me where I am on Google based on my keywords.  I’ve been ranking pretty high or on the first page of Google for certain keywords for 6 months to a year now.

Friday, I realized I didn’t get a report from SheerSeo so I manually checked and was ABSOLUTELY shocked that every keyword was in the red.  In other words, I was no longer ranking for any keywords!

I threw another hissy fit because there is nothing I can do about the results and I have to start working for ranking all over again! Damn!

Here’s a small view of my account so you can see.


Here’s another view for my name as the keyword ‘Barbara Charles – See below – Drop from #2 position on Google to 50!


As I write this I’m just sick to my stomach.  All that hard work! <sigh!> 🙁

So the reason for his post is two fold.

  1. A warning.  If you think, it’ll never happen to you because you’ve got your site locked down tight – think again!  It can happen to anyone!  Do you hear me?  Anyone!
  2. Give you some ways to check to see if you are under attack or were attacked or some preventive measures besides relying on your security or other plugins.

What To Do If You Think You’ve Been Hacked?

Besides the items I mentioned in my past article regarding fixing 404 errors with Webmaster Tools, try any of the following to see the status of your website.

  1. Go to Google’s Diagnostic tool at http://www.google.com/safebrowsing/diagnostic?site=   Yes this is correct. Put the website that you want to diagnose right after the “=” sign.  So for instance if I want to see the diagnostic for my site it would be http://www.google.com/safebrowsing/diagnostic?site=barbaracharles.org.  Results would be displayed including the following:
  • Last time Google analyzed the page, when it last had something malicious, and what type of malware Google encountered
  • The listing status of the site in its current state.  How often a site or parts of it were listed in the past.
  • Has the site had malicious software in the past and has the site distributed any malicious software in the past.


2.  Sucuri.net

Check out Sucuri.net, a site that does monitoring, alerting, removal of spyware and malware and provide preventive measures.  You can also do an immediate FREE scan to see if there is anything on your site (this is not an affiliate site).


Sucuri Site Check Results


3.  Domaintools.com

Another tool to use to see if there are any blocks on an IP address as there were with mine. When the hacker got in, he/she/it (yeah I’m still ticked off!), they blocked all IP addresses.

If I had checked this first, I would have known that the Googlebots were blocked, as well as, all the other IP addresses.

At first I didn’t understand why you would want to look up someone’s domain but what I learned is that you can check on blocked IP addresses! >:( >:-( >:^(


Results display all pertinent information for the URL including Name of Owner, Address, Hosting Company and other personal information. When you purchase your domain name you might want to make those things private if you don’t want people knowing about it.

 4.  Google Analytics and Webmaster Tools

Check your traffic in Google Analytics.  Recently I wrote an article on How To Easily Fix 404 Errors Using Webmaster Tools.

In the exact same spot where you found the 404 errors, you will find listed the 403 errors and can use the same procedure/process to clean up all the bad data and get rid of those 403’s.

I’m working on that now.  There were over 1000 of them <sheeeesh!>  Clean up is taking a looonnnng time!

So the results of being hacked can be many. They can take your site down completely.  They can steal your vital info especially credit cards info if you have a sales site. They can just ‘mess’ with your mind and all your hard work.

Put these tools in your blogging list of necessary items so you can see what’s going on with your blog.  Many people use Google Analytics and it’s a great tool, but there is some backup that gives you additional information or if you want to check on someone else’s site.

For instance you can put in a site to see if that site has ever distributed malware and you can then avoid that site like the plague. I think we need these tools to help us know what is going on with our blogs!

So check out these cool tools.  As much as I hate to say this, “Experience IS the Best Teacher!”

Have you every been hacked or know of someone who has?  What did they do for preventative measures after the attack? How did they track status of their own as well as other’s sites?

It is so important to share this type of information.  Help us all.  Please share your experiences.

God Bless and Safe Blogging,

Image (19)


  1. says

    I’m so sorry Barbara for what you went through. This is great info though for us to keep tabs on Webmaster tools. I check mine several times per week. I didn’t know about some of the other tools you just shared with us, great to know. I haven’t been hacked yet and have been more careful of late. I don’t understand why it seems they hack WordPress more than any other type of websites. I hope you will get back your traffic and keywords soon Barbara 🙂
    Lisa recently posted…Social Profiles – Your Profile A Face or Logo Which Comes First?My Profile

    • says

      Hi Lisa,
      Things are getting back to normal now. Ranking, after the Googlebots should hit the site again, started going back. It’s going to be a climb, but a fast climb so I’m not as ticked off as I was now. Still don’t understand why, but guess I never will. Do they hack WordPress more than any other? Uhmmm. Good question. Hope everyone else is safe!

      Take care,

  2. says

    Hi Barbara,

    This is a really great post, and you sure made good use of that hack to go into the details of what can be done to know what’s going on with our site.

    We need to be informed and protected, because, unfortunately there will always be hackers out there, trying to ruin other people’s life.

    Sorry about the ranking mess, but I’m glad you’ve got it all sort out! I didn’t know about the SEO software, but will check it out.
    Sylviane Nuccio recently posted…Announcing New Upcoming UpdatesMy Profile

    • says

      Thanks Sylviane,
      I’m hoping to help others avoid that mess or at least try to keep up with some preventative measures others may not know about. I know I certainly didn’t know about these tools. I thought – oooo way cool! Periodic checks may help someone not go through what I did!

      We do need to protected and we need to help protect each other.

      The ranking mess was SUCH a mess. However, one week later, I’m back in the green for 1/2 of my keywords. Once Google could scan me again, things started moving. I’m catching up. No monkey can stop this show! 🙂

      If you get a chance, save the software so you can take a look at it when you can. It’s good stuff.
      Take care and also thanks for your support. I know I was a bit grouchy when all this was going on.
      Talk later,

  3. says

    I’m so so so sorry this happened to you Barbara. I know that every post Iv’e read and person I’ve spoken with has told me you can do a LOT of preventive measures but there is never a 100% guarantee that it won’t happen to you.

    I use to have a Nissan 300Z which I loved dearly. It had T-tops and was just a cool little ride. I had the T-tops locked down, the security on my car and all the bells and whistles to stop the thief’s. My Mom had surgery one day and my Dad was a horrible nurse so he asked me to spend the night with her in the hospital so I’d be there to help her. I did and parked my car on the front row, under the light with a security guard right at the front door. I had to go to work the next morning so I drug myself out of the hospital after my Mom had a horrible night as well only to find that some jerk broke into my car, busted my windows and tried to pry the T-top off the car. There was a corvette parked right next to me and they slashed all four of his tires.

    Why are people so mean? When talking to the officer that came out after I called the police he said to me “I hate to tell you this mam but if they want something bad enough there’s nothing you can do about it. No type of protection you put on that car will stop them”. I’m beginning to see that our blogs are the same way.

    These sneaky devils will find a way in if they want to bad enough. I continue to pray that they try every measure with me and find it’s too much trouble and head to bother someone else. Apparently that’s been the case so far because it’s yet to happen to me. I’ve known friends that it has happened to though but I have no idea what they had to do to clean it all up.

    In the product that Dee Ann has created she shared with people different file names that need to be renamed on your server because hackers can find their way in by looking them up if you haven’t done this. I have had all of mine changed and double checked by my hosting service to make sure I’m covered. I can only continue to pray that they just leave me alone.

    Thanks for all these great resources Barbara and I’ll continue to pray that this doesn’t happen to anyone else we know.

    Adrienne recently posted…Who Really Won The Commenting System WarMy Profile

    • says

      Hi Adrienne,
      OMG – that’s horrible about the car. For what purpose? It blows my mind that someone is just so destructive to do damage and harm for no reason. Hateful is the word that comes to mind. I don’t understand it.

      I guess the police officer is right, but in your case, did they really get anything? In my case, did they really get anything? It’s a blog for God’s sake! Anyway, it baffles me. All we can do is continue to be diligent, but it’s so hard when you know that they keep coming up with new and inventive ways to make our lives miserable!

      I just want to thank my blogger friends for helping me get it all straightened out! 🙂

      Thank you in particular for all your time and support.
      God bless you my friend.

  4. says

    Hi Barbara

    It is great you have blogged about your experience. It is horrible. I have no idea why people do these things and it really is like Adrienne explained in her car example.

    My goodness I do no know these tools you mention. Well except for Google analytics. I do share a virtual assistant who does my techie stuff so I just trust he is on top of it. I am going to send him this post.

    I was hacked also about 2 years ago. Between the guy I use and Kimberly I was back up quickly and we changed logins and put on more security.

    Not a nice thing for anyone to go through. Thanks for this post.

    Sue Price recently posted…Passion and Business – Part 2My Profile

    • says

      Hi Sue,

      I absolutely have no idea and my logical brain just doesn’t get it why people hack other people’s site’s ‘just because’ they can. Silly to me. It’s just criminal if you ask me. What would happen if they couldn’t hack? Would they be mass murderers or something? LOL! Just seems weird because I think it’s definitely a perversion if you only do it ‘because you can.’ Weird and just plain awful to destroy someone else’s hard work.

      Anyway, yes, my hosting company turned me on to these tools and I immediately wanted to let everyone else know what’s happening and what’s available. Hope it helps people in the long run. I’m putting them in my little (app tool closet) 🙂 for referrals and safe keeping.

      You are the best and supportive. Thank you for everything.

  5. says

    It is such a shame that this happened to you Barbara.

    I know how careful you are and you also have so much knowledge in this area. I read that article you wrote about fixing 404 errors and then Boom…you got hacked!

    This could happen to any of us. We need to be mindful of protecting ourselves, but there is only so much we can do. You have learned so much out of this dreadful experience, now sharing this information of what to do is great for your readers.

    Although I tried to understand it, well, you know me, I kind of got a bit of what to do if it happened to me. But if it does….I’ll be hiring you for service if you would do that!

    Donna Merrill recently posted…The Power of Social MediaMy Profile

    • says

      Hi Donna,
      You are too funny! I think you understand more than you think. 🙂 Anyway, things always happen for a reason. Maybe my experience with learning was getting me ready and in preparation for the ‘hacking’ to come! It certainly helped knowing a little but there seemed to be so much more that I needed when it happened. Very scary and very depressing, but you guys kept me motivated.

      Thanks so much and if it ever happens (and I sincerely pray it does not), I’ll be glad to share my little bit of expertise with you and help you and anyone else I can out.

      It’s a dreadful experience, but God always has a plan and now we can share things learned.
      Thanks again,

  6. says

    I’m so sorry this got to you Barbara.
    It’s terrible some people spend their time trying to knock others down.

    Just a few minutes ago (while I was on your blog), some bad hands hit my blog and brought some chances to my .htaccess file despite the fact that I had set file permission to 444. It’s still not clear how they came in. All my pages got missing due to the modification this hacker made. I quickly had to upload a backup copy and the site returns to normal – but then how did he get there. The tools you have mentioned and others are helping me to check and lock their way.

    I just sent a mail to my list announcing the CommentLuv Premium special promotion, just to realize that the url pointed to on my blog does not exist. I was like ghrrrrrrrrrrrrrrrrr! What a shock!

    The fight continues …

    Thanks for this opportunity to share terrifying experiences.
    Enstine Muki recently posted…CommentLuv Premium discount ~ 50% OffMy Profile

  7. says

    Hi Barbara,

    It is one of the worst thing that can happen to a blogger. First hacking and then losing raking because of that makes one shudder.
    My blog was once hacked because of the Filezilla ( can you imagine that ). The malware started from a faulty php file in theme on my PC. Then it used the password stored in FileZilla to infect every single website I had.
    It took me many days and thanks to a few folks at Hostgator, I was able to resolve it . But it took tremendous amount of time to do that .
    Thanks for the tools that you mentioned. They are really useful 🙂

    • says

      Hey there Ashvini,
      Thanks for coming to my blog. OMG! Your experience sounds pretty bad too! I can’t believe how someone would want to do that but I can’t believe they do this in the first place. It’s just absolutely amazing! I have to say thank God for a good hosting company which can help us get to the bottom quickly, but the time and effort that is required to fix the mess is just amazing.

      I guess all we can do is keep an eye out on everything – pretty hard to do but hopefully these tools will help others. I know I didn’t know about them. Let’s keep our fingers crossed that we are safe now and will stay safe.

      Have a great day!

  8. says

    Hello Ms. Barbara
    First I have missed you!
    Second, I am so sorry for what happened to your blog. But thank God it’s resolved.
    I immediately when on “Sucuri Site Check and my blog is fine, as this point.
    But like Donna mentioned if we ever get into this problems, we will hire you.
    I am so glad you are BACK.
    Your friend
    Gladys recently posted…Goal Setting…Your Motivational ToolMy Profile

  9. says

    I really can’t stand hackers. This is a great post though with amazing info. I was hacked for about 2 weeks they put a casino link right on top of my header. Big ugly blue link. I was so mad. Finally I thought to call my brilliant friend who fixed it in 5 minutes when no one else could. They were hiding their code in a plugin. So always check your plugins because they will put code in there. Such a pain.

    • says

      Hi Lisa,
      Thanks for stopping by. So you know exactly what I felt then uh? Terrible people those hackers and I just keep shaking my head ’cause I just don’t get it no matter how many people explain it to me. They are horrible!

      I’ll definitely keep an eye on my plugins. My friend and I just recently went through all the plugins and deleted what wasn’t needed. I’m much more aware now of the plugins as well as all the things I need to do to try to keep the hackers out!

      Thanks for sharing your experience with me. Appreciate it. We have to watch out for each other uh? 🙂
      Take care,

  10. says

    Hi Barbara,

    That’s horrible what has happened to you! My heart goes out to you. It must be the worst feeling ever trying to set up things all over.

    Just before yesterday I lost my wallet with all my bank cards, health card and driver’s license in it. I also just opened a safe box 10 days ago and I got the 2 keys for the safe box and I put them in my wallet to remember to leave them at home in a safe place but I totally forgot them in my wallet and I lost them too.

    Now I have to start all over. I cancelled my bank cards and I have to issue new ones of course and have to apply for the health card and driver’s license. This made me think what if the same thing happened to my blog and I have to start all over. Just the thought of it made me sick to my stomach.

    I am really sorry for what you have gone through and thanks for sharing your experience and for the protective measures and resources you offered here. I bookmarked this post and I will go through each step to make sure I am safe although as you said, nothing is 100% safe, anyone’s blog is vulnerable to be hacked.

    Thanks again Barbara for sharing your experience and I am glad things are getting better at your end. Good Luck and have a great weekend ahead.

    Be Blessed,

    Neamat Tawadrous recently posted…6 Steps On How To Be Brave In Your Business!My Profile

  11. says

    My site is always trying to be hacked. I use Limit Login and the amount of email cracks come daily, but what I did notice is that is all happens at night. I even had to go back to moderating comments because come midnight, my blog is filled would be filled with tons of spam comments.

    It looked horrible and made me wonder, what was going on with my blog behind the scenes. I love your tips and I will use them to keep a closer eye on my blog. Question: Did you back up your blog before all this happened? I try and do it monthly just in case because you never know. Glad to have you back and thank you for sharing your story with everyone It will help someone else.
    Sonia recently posted…The Good, Bad and Boring of Google Reader AlternativesMy Profile

    • says

      Hi Sonia,

      Thanks! Glad to be back! 🙂

      So here’s a few other things I found out that may answer some of your questions. Most of the attempts come at night because these people are from overseas so there hours behind (or ahead) of us. 🙂 You can look up IP addresses if you’d like and you’ll see exactly what area of the country or world they’re coming from.

      In answer to your second question, yes I do backup my blog. That actually was one of my options to replace everything wit a backup from ‘before’ when the trouble started. The problem is it would not have done any good. The problem was not with my site. The problem was that someone had blocked all access so putting the backup in place would not have helped. They are ingenious little ‘you-know-what’s’!

      Anyway, we can only keep diligent. Glad the tips help – that’s a goal – to help each other and protect ourselves from these crazy people! 🙂

      Thanks for stopping by. 🙂
      Talk soon,

  12. says

    Hi Barbara,

    All great tips. I know of a couple of other very useful things you can do. I use Yoast SEO and it allows you to edit files. Editing the .htaccess file , you can add two items that will help you.

    Both of these items must be placed at the start of the .htaccess file before #BEGIN command.

    This first one checks to make sure that your login is not being tampered with.
    For others who wish to use this they simply need to replace this line:

    RewriteCond %{HTTP_REFERER} !^http://(.*)?barbaracharles\.org [NC]

    with the name of their own website after the question mark… and whatever the extension is, such as .com or .net, for example.

    You may cut and paste this directly into your .htaccess file

    RewriteEngine on
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{HTTP_REFERER} !^http://(.*)?barbaracharles\.org [NC]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteRule ^(.*)$ – [F]

    This second one stops hackers from being able to look in the directory tree of your website

    order allow,deny
    deny from all

    Again, both of these must be placed at the top of the .htaccess file for the #BEGIN command.

    A word of caution… if you don’t know what you’re doing with the .htaccess file and you make a mistake and save it, it will shut you out of your website.

    Hopefully, I’ve made this as straightforward as possible, and it will help as many as who choose to use them.

    Kind regards,
    William Butler recently posted…12 Ways To Improve Your Self-ConfidenceMy Profile

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge