If wordpress site is hacked then how to fix issue

Recently one of my wordpress site is hacked which is on wordpress. There is something wrong happening on server. We fixed issue with some steps, we given full steps for fixing issue. Due to disk I/O notification and CPU usages notification email I got to know.

If wordpress site is hacked then how to fix issue

There is something wrong happening on server.

First thing I did which is checking the apache access logs and error logs. I was getting per second 100 request from some IP addresses.

I stoped apache server and I took my database and filesystem backup. Deleted my admin username and added new administrator with new username.

You should use the Better WP Security wordpress plugin. This is very useful plugin.
http://wordpress.org/plugins/better-wp-security/

I added following code in my .htaccess file

 # BLOCK BAD IPS
 <limit GET POST PUT>
 Order Allow,Deny
 Allow from all
 # uncomment/edit/repeat next line to block IPs
 # Deny from 123.456.789
 Deny from 192.111.152.122
 Deny from 192.111.144.233
 Deny from 110.85.90.123
 </limit>

If wordpress site is hacked then how to fix issue

If wordpress site is hacked then how to fix issue

But above code was still not helpful to me because disk I/O and apache process was taking time to sending the request to 403.

Then I blocked the IP Address on My Linux server using following commands.

 iptables -A INPUT -s 192.111.144.789 -j DROP
 iptables -A INPUT -s 192.111.152.122 -j DROP
 iptables -A INPUT -s 192.119.144.123 -j DROP

This solved my issue.

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *