For example, A personal or professional WordPress blog can be hacked through outdated plugins, weak passwords and pirated themes. Even with the platform’s efforts to maintain security, intruders take advantage of gaps in extension codes – tools usually developed by third parties – to wreak havoc and steal data. Learn how to identify signs that a site has been hacked and tools to use and clean up threats and recover security.
What is an Invaded Site?
Through programs, attackers can guess weak passwords that bloggers use to access the admin panel and FTP / SSH server. The more extensive and complex a password is (passwords varying between uppercase and lowercase letters and adding special characters), the greater the difficulty. Another breach is plugins that are not updated frequently, which makes WordPress blogs vulnerable to potential security flaws as well as pirated themes.
How are sites hacked?
From the moment an attacker manages to gain access to the server of a blog that uses WordPress, it remotely injects a backdoor: a feature that allows to track new passwords, if the access to the blog is modified without the effective removal of the blog.
After that, adwares and malwares – in text format – are added to some files with PHP extension (such as htaccess, index, and sitemap). With this, the blog redirects to sites with spam in Google searches, without the owner noticing in direct access.
What does an invaded site look like?
To redirect the source blog only to Google searches, the attacker checks the ownership of the page in Google Search Console, in order to send the link containing the target site, which usually has Japanese characters or special characters that should not appear.
Who accesses the blog directly in the URL (home of the site), as is the case of the administrator, does not perceive the signs of the invasion. When a reader accesses a blog that has been hacked through a search site, they are redirected to another site or see fake ads. By clicking on these fake ads, the attacker can infect the computer to steal data such as bank passwords.
Five tools to detect if your blog has been hacked
Tools with online scanning can detect signs that your blog has been hacked. Some of them are: Aw Snap File Viewer, Free Online Quttera Website Malware Scanner, Sucuri SiteCheck, Unkmask Parasites and Total Virus. To use them, simply enter the address in the field and wait to check them.
1. Aw Snap File Viewer
Aw Snap File Viewer ( aw-snap.info/file-viewer ) is an online tool that scans the code of a website for suspicious links. The tool burns in colored tones lines that may have been altered by attackers for the purpose of spamming and installing malware to monitor private data.
2. Quttera Free Online Website Malware Scanner
Quttera ( quttera.com/website-malware-scanner ) is an online tool that scans a website’s code for possible malware that can harm both Internet users and their computers. Penalties can be found for software such as Google Safe Browsing.
3. Sucuri SiteCheck
Sucuri SiteCheck ( sitecheck.sucuri.net ) is also an online tool that scans the code of a site for spam and malware. It is possible to find penalties for software such as Google Safe Browsing , Norton Safe Web , Opera Browser and McAfee SiteAdvisor , for example.
4. Unkmask Parasites
Unkmask Parasites ( unmaskparasites.com/security-report/ ) is another online tool option that scans a website’s code for suspicious links. Links that may have been modified by an attacker, with the goal of installing a backdoor, monitoring sensitive information (such as passwords) and putting a spam action into practice.
5. Total Virus
Virus Total ( virustotal.com/en/ ) is yet another online tool that scans suspicious files and URLs for viruses and all types of malware, making it easier to detect and eliminate these threats.