WordPress Web site to deal with hacker attacks (ii)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

If you read the previous article "WordPress Web site to address the solution of hacker attacks (i)" You still can not get the site back to normal, I sympathize. It's really frustrating to have the database hacked, but I hope this article will help your site get back to normal.

1. Enhance the security of WordPress

We suggest that you refer to the WordPress Security integrated point to implement some preventive measures. Also, to remind users of a virtual host, make sure that the permissions for wp-config.php are 750 instead of 604 (for reasons, see file permissions).

2. Change Database Password

This is very necessary, because the hacker may be because your database password is too simple to enter your database. Password It is best to use a combination of letters, numbers, and special symbols to change the database password please refer to the host merchant's help documentation or consult the host's customer service staff.

3. Modify the database, delete all user's password

Using phpMyAdmin, enter your database and click "Browse". You will see the information of the users and hackers on the website, you need to:

A to copy the displayed User_email value, which may be the hacker's e-mail address.

(b) Click on the "Edit" link in the affected "line".

c) Delete the User_pass field.

D Change the User_email field for your own.

E Click ' Confirm ' to save changes.

4. Login WP Admin

As usual:

A) through the address http://www.mysite.com/wp-admin/into the WP admin interface.

b If you have a hint to upgrade the database, the first thing to do is to check with the host to see if they can provide the latest PHP version, and then click ' Upgrade wordpress database '.

C Click ' Continue '.

d click "Forgot Password?"

E Enter your username and email address and click ' Get new Password '.

F Check the mailbox, you will receive "WordPress" (wordpress@mysite.com) sent to the mail, which has the link to reset the password.

G Check your email again, you will receive a new password, copy the new password.

H Login with your new password, if you need to change the password, click "Yes, go to the personal page" for password modification, or click "No, no longer remind."

5. Is everything OK?

Click and view your blog posts, pages, categories, tags, etc. are normal, modify or delete the abnormal content.

6. Switch to the default theme

A to enter the-> theme and click "Activate" one of the default WordPress themes:

-WordPress Classic 1.5, Dave Shea production

-WordPress Default 1.6, Michael Heilemann production

-Twenty Ten 1.0,wordpress team

b If the content of your site appears normal after you switch the topic, you will need to fix your subject file (hopefully you have a backup).

7. Restore recently modified files

It is likely that only the primary file index.php file has been modified and replaced by your corresponding backup file.

8. Activate your theme again

A to get into the-> theme and click on the theme "activate" the site before being hacked.

b Refresh the homepage and hope everything will be back to normal.

Finally, in order to enhance the security of WordPress, I recommend the following plug-ins, ranking in no order:

WP security scanning plug-ins, scan WordPress installed security vulnerabilities and provide remedial measures.

1. Password.

2. File permissions.

3. Database security.

4. Version hidden.

5. WordPress Administrator Protection/security.

6. The WP generated META tag is removed from the core code.

Secure wordpress plugin for WordPress security Help: Delete the error message of the login page, add index.html to the plugin directory, remove the WP version outside the admin zone.

1. Delete the error message for the login page.

2. Add index.php to the plugin directory (virtual).

3. Delete the WP version outside the admin zone.

4. Delete Really simple discoveries.

5. Remove Windows Live Writer.

6. Delete the core program update information for the Non-administrator.

7. Deleted plugin update information for non-administrator.

8. Deleted topic Update prompts for non-admin (WP 2.8 version only)

9. For non-admin hidden backstage version of WordPress.

10. Add string for WP scan.

11. Prevent destructive queries.

12. Verify your site through a free malware and vulnerability scanning sitesecuritymonitor.com.

The ultimate security Check plugin helps you to identify safety issues. It scans your blog and gives you a safe "level" rating.

Database backup is always unavoidable, in order to make it easier for you to back up the database, install the following database backup Plug-ins, you can back up the database in the admin background.

The Wp-db-backup plugin allows you to easily back up your core WordPress database tables.

Article source, reprint please specify: http://www.wordpress.la Webmaster Exchange Group: 82468412