24 Jan 2024
It happens a lot: you’ve just checked WordPress and removed the hacked files, yet after a few days, the website is back to sending spam.
As a WordPress website security expert, I know all the tricks that hackers use to deceive you.
When you hire me, I take the website cleanup and security to a higher level by addressing both the backdoors and the exploits.
You can’t expect this level of expertise from your current WordPress developer who designed or programmed your website.
Securing a website is a specialty that requires attention 7 days a week to stay updated with the latest tricks hackers use.
That being said, it’s interesting to look at the tricks hackers apply to hack your WordPress site repeatedly.
First basic fact: A hacker writes a script once and spends weeks coding it. A script that exploits a new vulnerability or a known WordPress function.
The script will copy itself to multiple files and leave the website open for reinfection after you’ve removed it.
Furthermore, the script will use the server it’s on to find other websites to repeat the same trick.
Ways a hack can keep coming back
- The file that sends spam is relatively easy to find, so the hacker writes a function to recreate the spam file periodically. For example, once every 7 days or sometimes every 24 hours. When you think you’ve solved this issue, you’ve only addressed the symptom but not the cause.
- The hacker has written a function that creates a new user with administrator rights. When you think you’ve solved the problem but have no idea that this user has been created in the database, an automated script from your server or another server uses the user’s login to place information on the server again.
- Every post and page is injected with a piece of code (inn-content) that you only see when you switch from the WYSIWYG editor to the text version. In other words, if you have 100-200 news articles and each contains a piece of code… even if you clean the file on the server, it’s still present on every page.
- The hack only appears once per browser session. Peekaboo! When you think you’ve solved the problem, it’s just that the effects of the hack file are no longer visible in your browser. But every new visitor will see it. This can be in the form of a link, a frame overlaying your current page, or an attempt to place a virus file on the visitor’s computer.
These are some reasons why your hack keeps coming back even after you (thought you) removed it.
These are just 4 ways, but hackers know many more tricks that I won’t explain here. However, now you understand why it’s best to have a specialist work on your website if you REALLY want a fully functional and clean website.
