Solutions Archives - Page 2 of 5

Removing a WordPress virus yourself in 5 steps

27 January 2024/0 Comments/in Solutions

Every day, hundreds of WordPress websites get infected with viruses. These viruses can include files or pieces of code that send SPAM or display unwanted ads to your visitors.

For a business website, I recommend having your WordPress restored and secured so that you can be sure your WordPress is virus-free and have the assurance of a guarantee to fall back on if the infection turns out to be more complicated and persistent than expected (which is often the case!).

However, for a hacked WordPress blog or hobby website, you may not want to spend too much money, and you can attempt to remove the virus yourself and revisit it later if you’ve missed anything.

We will guide you through the process of making your WordPress virus-free as effectively as possible!

There will be many links behind terms you might not be familiar with; visit those pages and educate yourself to ensure you remove the virus correctly.

First, make a backup of all files and the database!!

Step 1 – Removing the WordPress Virus

The virus may consist of just a few files or as many as 100 to 5000 files! For example, a virus may create pages on your server. To avoid having to check each WordPress file one by one, you can start by removing the standard WordPress files in the “root” of your website.

Keep the wp-content folder, the htaccess, and the wp-config. These contain unique files you don’t want to overwrite with a new WordPress installation.

Download the latest version of WordPress.

Step 2 – Checking Files for Backdoors

A WordPress virus doesn’t just consist of files; there are often pieces of code (syntax) added to your theme or plugins, known as backdoors.

To find them, check the file modification dates. If all the files in your theme or plugin were placed on 3-05-2015, but one file has been edited or added on a different date, there’s a good chance it contains code that shouldn’t be there.
Inspect this file; you’ll likely find Base64 or eval code that is unreadable and differs from regular PHP formatting. Carefully remove these lines of code.

Some tricks to watch out for:

Virus code is often written in Base64, but it can also be a single line of PHP that passes data or gives a write command.
Virus code is often placed at the beginning or end of a file; automation takes care of this logic.
Sometimes they leave a lot of white space at first, making the file appear empty, but the code is located to the right, requiring you to scroll to see it.

Step 3 – Adjust File Permissions

You don’t want files to be modified again within a day if a virus file is still present. You can set many directories so that they cannot be edited by WordPress or a virus that doesn’t have Username and Password access via FTP software. (The downside is that updates will need to be done manually.)

For example, you can set theme files to 644 and directories to 555 (the crucial thing is to avoid setting them to 777!).

Step 4 – Install a Security Plugin

Preventing a WordPress virus depends on many factors, but one important aspect is preventive security.

Install and configure a security plugin to prevent a virus file from easily returning through a vulnerability and to immediately detect file changes.

For choosing a security plugin, you can read this article.

Step 5 – Create a Backup

Make another backup? But I’m done now, right? I’ve removed the virus from the website.

Well, if you’ve overlooked a file, the virus may reinstall itself on the server and in the files. This could happen through an automated file that writes files to your server daily or weekly.

In case this happens, you can restore the backup from the time when your website was seemingly 97% clean, and you can fix the last percentages.

My WordPress website has been hacked again! How can that be?

24 January 2024/0 Comments/in Solutions

It happens a lot: you’ve just checked WordPress and removed the hacked files, yet after a few days, the website is back to sending spam.

As a WordPress website security expert, I know all the tricks that hackers use to deceive you.

When you hire me, I take the website cleanup and security to a higher level by addressing both the backdoors and the exploits.

You can’t expect this level of expertise from your current WordPress developer who designed or programmed your website.

Securing a website is a specialty that requires attention 7 days a week to stay updated with the latest tricks hackers use.

That being said, it’s interesting to look at the tricks hackers apply to hack your WordPress site repeatedly.

First basic fact: A hacker writes a script once and spends weeks coding it. A script that exploits a new vulnerability or a known WordPress function.

The script will copy itself to multiple files and leave the website open for reinfection after you’ve removed it.

Furthermore, the script will use the server it’s on to find other websites to repeat the same trick.

Ways a hack can keep coming back

The file that sends spam is relatively easy to find, so the hacker writes a function to recreate the spam file periodically. For example, once every 7 days or sometimes every 24 hours. When you think you’ve solved this issue, you’ve only addressed the symptom but not the cause.
The hacker has written a function that creates a new user with administrator rights. When you think you’ve solved the problem but have no idea that this user has been created in the database, an automated script from your server or another server uses the user’s login to place information on the server again.
Every post and page is injected with a piece of code (inn-content) that you only see when you switch from the WYSIWYG editor to the text version. In other words, if you have 100-200 news articles and each contains a piece of code… even if you clean the file on the server, it’s still present on every page.
The hack only appears once per browser session. Peekaboo! When you think you’ve solved the problem, it’s just that the effects of the hack file are no longer visible in your browser. But every new visitor will see it. This can be in the form of a link, a frame overlaying your current page, or an attempt to place a virus file on the visitor’s computer.

These are some reasons why your hack keeps coming back even after you (thought you) removed it.

These are just 4 ways, but hackers know many more tricks that I won’t explain here. However, now you understand why it’s best to have a specialist work on your website if you REALLY want a fully functional and clean website.

My WordPress website contains malware?!

22 January 2024/0 Comments/in Solutions

It’s indeed crucial to avoid seeing such a warning on your website. Here’s how you can deal with the situation:

How can the website contain malware?

If your WordPress website has outdated plugins, themes, or WordPress itself, it becomes vulnerable to attacks, and bots may infect your site with malware. Even newly installed plugins can sometimes contain vulnerabilities.

How can I get rid of this warning?

To remove the warning, your website must be thoroughly cleaned, and all malware (hacker’s code) needs to be removed. Once you are confident that your website is clean, you can request a reevaluation from Google.

How do I prevent it from happening again?

To prevent such incidents from happening again, you need to ensure that your website is not only cleaned from malware but also secured properly. There are various ways bots can find entry points to your website, and those vulnerabilities need to be addressed and closed.

You can accomplish this by securing your website through the help of WPbeveiligen!

How do I read base 64 code?

20 January 2024/0 Comments/in Solutions

Indeed, hackers often encode their PHP scripts to make it harder for the server to quickly recognize them as viruses. The server won’t decode each file multiple times to read it.

However, such a file can still be executed upon request, and that’s what a hack script does.

Decoding a piece of base64 code

When you see that whole mess of code, you may not know where to start. But there is some logic to it. The code often starts with an `eval(“”)` statement, where it wants to execute the code within the “”. You can put that code into a decoder.

They often put the code in a variable that must be executed via a decoded variable, making it difficult for someone to unravel it. And that’s precisely the intention of the scriptwriters.

What is usually hidden behind “that hidden code”?

In many cases, it’s a link to a product page of the hacker or their client. Or a script that sends emails (spam) to email addresses.

But sometimes you’re dealing with a more advanced hack script that not only performs those simple actions but also transfers your database information or creates a new user in the database so that the hack script can regain access later, even if you have repaired it.

Or a script copies itself to every directory on your server.

These are things you probably don’t want to know, and it’s best not to put yourself in the shoes of a scriptwriter but rather remove it and partially renew your WordPress to ensure that all of its code and files are gone from your server.

The base64 code is encoded 3-10 times.. what now?

The files are often encoded 1-5 times. This means you could spend quite some time decoding them.

Fortunately, there is a website that can do this process for you. UnPHP creates a virtual space and extracts the encoded PHP from it.

It can handle up to 81 iterations in a loop if needed!!

Can your WordPress site go to the junkyard?

14 January 2024/0 Comments/in Solutions

Sometimes, people wonder if it’s worth securing their website, but the technical explanations about themes, plugins, databases, and content can be difficult to understand. So, let’s take a new approach:

What if your website were a car?

The Frame – WordPress

WordPress can last for years, but if you never update it, it may develop issues.

The Solution

Update your WordPress from your admin panel
Remove and re-upload WordPress to the server

The Paint (Theme)

The paint represents the appearance of your website. A new theme or restyling can make your website look brand new and up-to-date.

How?

Make your website mobile and tablet-friendly
Add some new images to the content
A CSS coder can work wonders with color adjustments
Add a slider with beautiful images

The Components – Plugins

Plugins can become outdated and may cause issues.

What can you do?

You can update plugins from your admin panel
Remove the plugin and re-upload it to the server

The Wiring – Database

The database is hidden away and requires little maintenance, but it’s worth checking.

How to optimize the database?

Go to phpMyAdmin and select the tables to repair/optimize
Remove old plugins, themes, pages, and posts that are no longer in use

Thankfully, WordPress is not a car!

While some knowledge and experience are required (or a WordPress expert), it’s a matter of replacing the right information, and your WordPress website will be as good as new!

What can WPbeveiligen do for you?

When we restore and secure your WordPress website, we thoroughly examine all files (like rust on a car) and ensure everything is polished and in place.

We also update or replace plugins, remove old unused information (in consultation), and ensure you have the latest WordPress update.

In short, a restoration and security service is not only an option when you’ve been hacked, but it’s also a great way to get your WordPress website in top shape, just like a good car maintenance check!

Help!!! My hosting provider has taken my WordPress offline

12 January 2024/0 Comments/in Solutions

From one day to another, your web host informs you that your WordPress website was sending spam and has been taken offline until the issue is resolved.

This happens weekly with WordPress websites, and it is the only way for the web host to protect the server and all other customers from the problems caused by a website that sends spam.

Why the Web Host Took Your Website Offline

When your website sends spam, the IP address from which the spam emails originate gets reported and blacklisted by companies that filter emails.

Once the IP address is reported, emails from that IP address will no longer be delivered.

This means that all customers on the server with that IP address can be affected.

Therefore, a web host acts swiftly and takes a website offline until you have removed all spam files.

The Steps You Need to Take

Of course, you want your website back online as soon as possible. This means you need to remove the spam files from the server.

However, simply removing the files solves the immediate issue. You haven’t addressed the root cause yet.

Thus, you need to update all possible plugins, your theme, and your WordPress core to close any potential vulnerabilities and prevent the spam files from appearing on your server again.

In many cases, unfortunately, it’s a bit more complicated to thoroughly clean the server as the vulnerabilities have been exploited to insert backdoors into your uploads folders, which you also need to remove. You can do this by deleting all PHP files from the uploads folders since they should only contain media files such as images, videos, and PDFs.

The Database

Some vulnerabilities grant access to the database, where backdoors can be created. This could include new administrator accounts or javascript injected into the content.

Therefore, you also need to carefully inspect the database.

WPbeveiligen, the Solution to All Your Worries

As you can see, there are many things to address before your web host can put your website back online.

For many, the easiest solution has been to contact us and let us handle all of these matters.

We also ensure that your website is removed from the blacklist and communicate with your web host to get your website back online as quickly as possible.

Let us recover and secure your WordPress website!

Zo kun je een hele grote MySql database importeren

5 January 2024/0 Comments/in Solutions

Dealing with a large database, such as a WordPress website with hundreds of products or pages, can result in a database size of 10-50 up to even 600 MB.

Sometimes, you may need to restore your database backup or import it after switching hosting providers.

A database larger than 100 MB cannot be imported using PhpMyAdmin since it can only import files up to 9 MB through the browser.

Step 1 – Download BIGdump

Bigdump is a script that you can download here.
(Or here if their site is not working)

Step 2 – Connect BIGdump to your database

You have just used the link to download the file, and you have extracted it to get a php file.

Open the file bigdump.php with your favorite editor (even Notepad on Windows will do) and enter the database information where the data needs to go.

Save the file and place the bigdump.php file on the server of the website where you want to import the database.

Step 3 – Upload the large database to the server

Place the database, the SQL file, in the same folder as the BIGdump.php file. (You can use an FTP program like FileZilla)

Step 4 – Use the file

Next, go to the following URL in your browser:
www.yourwebsite.com/bigdump.php

IF you have entered the database information correctly, you will see this:

And if you have done Step 3 correctly, you will also see this:

This means that it has found a file that you can import!

Click on ‘Start import’ to import your large database!

If you encounter any errors on your screen, check the FAQ from the developer of BIGdump.

WordPress shows a white screen, now what?

4 January 2024/0 Comments/in Solutions

If problems occur with code from plugins, themes, or WordPress itself, you may not always see an error. Sometimes, you’ll only see a blank screen!

This can be incredibly frustrating as you won’t know what’s going wrong. However, there’s a reason why you only see a blank screen.

The empty page without an error is a security measure since detailed error information can be used by hackers and scripts to hack the website.

A blank screen on all pages or only in the Admin

It’s possible that your website still works on the front-end for visitors, but your admin panel shows a blank screen, preventing you from managing the website. Regardless of where it occurs, it’s a problem that needs to be resolved.

Does a white screen indicate that the website has been hacked?

Usually NOT. The most common causes of a white screen are conflicts between code in plugins.

Why do I have a blank screen without any apparent reason?

A blank screen in WordPress can occur spontaneously when you have “automatic updates” enabled. At that moment, you may not be aware, but a lot happens in the code that can cause conflicts.
Sometimes, you may see a white page when the hosting has a problem with the server, but this is very rare. In such cases, there is usually an “error 500”.
Sometimes, a hacker injects code to render your admin panel unusable.

Resolving the blank screen issue

There are various ways to resolve it, and we will document some common problems and solutions here.

Displaying errors

Start by enabling the “display of errors”.

You can do this by opening the wp-config.php file with an editor/FTP program. In the wp-config.php file, you’ll find a line with the debug_mode that you need to set to true.

Often, this will immediately display one or more errors on the page, allowing you (with some Googling and puzzling) to understand what’s going wrong. The error often indicates which script the error occurs in and even on which line!

Ps: As programmers at WPbeveiligen, we often don’t need to Google to identify the problem; we can usually fix it immediately. So, choose convenience and assurance and send us a message.

Is the screen still blank after enabling error display?

Then, try the trial-and-error method through the options below.
Trial-and-error simply means eliminating possibilities that could be causing the issue until you find the problem.

Possibility #1: A blank screen due to plugins

Plugins may sometimes collide due to code, causing the website not to load. If you can still access your admin panel, try deactivating them one by one until you find the culprit.

If you cannot access your admin panel, you can do this via FTP by renaming them one by one, effectively deactivating them.

Possibility #2: A blank screen due to the theme

If your theme or template fails to load, you will see a blank screen on your website but your wp-admin will still work. Try temporarily using a different theme. If this resolves the issue, you can try placing a clean version of your used theme or have someone look at the code in your theme to fix it.

Possibility #3: A blank screen due to hacked code

Very rarely, a hack script may cause a collision or an error on your pages. Typically, hackers and hack scripts aim to work stealthily, so the spam script can operate for as long as possible before detection.

One technique used by hackers is to render the admin panel unusable with a blank screen, but they usually want to keep the front-end of your website intact.

However, an advertisement injection may cause issues, exposing their activities.

Tip: Restore from a backup

If your website regularly creates backups, you can restore it. This saves a lot of time searching and coding!

Get the problem resolved by us

We’ve been working with WordPress for years and can often fix a blank screen issue within 1 hour. The costs are not high, but the convenience is!

Click here and get the problem resolved now!

How do I know if my WordPress website has been hacked?

30 December 2023/0 Comments/in Solutions

It is true that unexpected events can occur, such as automatic updates causing issues with WordPress or certain plugins not working. Additionally, user errors in the administration panel can lead to unintended changes on your website. Not every unexpected modification to your website is necessarily caused by a hacker or hackbot.

To determine if your WordPress website has been hacked, you can look out for the following signs:

1. Your website redirects visitors to another domain.
2. Google displays a red warning screen when accessing your website using the Chrome browser.
3. The Sucuri Malware scanner indicates that your website contains malware.
4. Your website displays strange advertisements in Google search results.
5. You can no longer access the admin area, and unknown users (administrators) have been added.
6. Your website is blacklisted, and you cannot send emails.

If none of the above points apply to your website, it is likely not hacked.

In cases where you encounter changes that you cannot understand, there are several possibilities:

1. Other users might have made the changes. Check the “author” of pages and posts, including revisions, to see if any specific name is associated with the modifications.

2. The Ithemes Security PRO plugin provides detailed logs of logged-in users in the administration panel. Check these logs to see if any changes or issues occurred during a specific user’s login session.

3. If automatic updates are enabled, a plugin update might have caused the problem. Try reverting to an older version of the plugin to see if it resolves the issue.

4. Ithemes Security PRO logs the changes made to files on the server, including additions, deletions, and modifications, along with timestamps. By reviewing these logs, you can identify which files were updated and when. You can then restore the files or roll back to an older version of the plugin to potentially resolve the problem.

If you suspect a hacker or script has infiltrated your WordPress website, check for files containing Base64 code, as they might indicate malicious activity. In such cases, you may need to carefully remove the code from the affected files or delete the suspicious files altogether.

If you want ease and certainty in dealing with website security, you can seek professional help to restore and secure your website. Engaging experts can ensure all files are thoroughly checked and your website becomes hack-free. Additionally, with a restoration and security service, you often get the PRO version of Ithemes Security NL for free, along with a 30-day guarantee to ensure your website remains securely protected.

WordPress has been hacked! How does WPbeveiligen fix this!

28 December 2023/0 Comments/in Solutions

Absolutely, every WordPress website is unique, even if we have seen hundreds of them. That’s the beauty of our profession! Each site presents a new challenge to properly restore and secure it.

But isn’t WordPress the same for all?

While the core files of WordPress are often the same, everyone uses different themes, plugins, and has varying numbers of pages and news articles.

We come across websites with just 3 plugins, but also with 30 plugins. As a general rule, keeping the number of plugins between 5 to 8 is advisable to maintain a good and secure website.

There are premium themes, free themes, and custom-made themes, all of which require their unique approach.

How does WPbeveiligen know what to do with themes and plugins?

We have been developing WordPress websites since 2007, six days a week. Over the years, we have worked with countless plugins and themes.

We continue to develop websites, test new plugins and themes regularly.

Sometimes, we encounter a new plugin or theme that we are not familiar with, and in such cases, we study and research it thoroughly to clean it without losing any code.

Does WPbeveiligen use a scanner or specific tools?

We use various methods to clean a website, but a significant part of the process involves manually reading and inspecting code, opening and examining folders, and checking file modification dates.

Although we can use tools to expedite the process of finding certain vulnerabilities and files, we still spend several hours manually reviewing and restoring a site. Automated software cannot distinguish between spam links, hacker HTML, and genuine content that belongs on the website.

There is no one-click solution.

It is a combination of knowledge, experience, and extensive research, recoding, and renewal.

One thing you can be certain of is that we use our expertise and passion for WordPress to restore and secure websites.

We offer a standard 1-month guarantee, and with a premium security plugin, we ensure that your website becomes less susceptible to hacking attempts.