Finding and Fixing a Backdoor in a Hacked WordPress Site

You are here : Home / Finding and Fixing a Backdoor in a Hacked WordPress Site

Your WordPress site may have been hacked and you fixed it but the hacker was still able to get back in. Well, the reason for this is you did not clean up the hack the right way or you didn’t know the exact location where to find the breach. In such cases, what happens is a hacker creates a backdoor that allows him/her to bypass your site normal authentication. So, if you want to know the best way to find and fix a backdoor in a hacked WordPress site, read on.


wordpress%20security%20questions banner Finding and Fixing a Backdoor in a Hacked WordPress Site

What is a Backdoor?

First, let us be on the same page on what is a Backdoor. This is a method a hacker uses to bypass normal authentication in a website so that he can be able to access the server, while in the process, he remains undetected. This is what most smart hackers do by first uploading the backdoor, so even if you remove the breached plugin, the hacker can still regain access. Worse still is even if you do an upgrade, the backdoor will still remain, making your site vulnerable to hacking. Until when you clean the mess for good, the system is still vulnerable to hacking. How do you clean up the mess for good?

How a Hacker uses a Backdoor to Exploit your System

A back door allows a hacker to create hidden admin username so he/she can access the system. On the other hand, a more complex backdoor allows the hacker to run any PHP code send from the browser. Things get worse with a backdoor that features a full fledged user interface that allows a hacker to send emails that make one think they are coming from the server, run SQL queries and any other thing a hacker might think of. A hacker exploits a system by installing a backdoor in themes, plugins, uploads directory, Includes Folder, and wp-config.php.  Hackers install the backdoor in old and inactive themes so it can survive updates. People don’t upgrade plugins often and some plugins are coded poorly; this makes plugins a potential place for a hacker to hide a backdoor. How to hack a WordPress site shows you how hackers do this normally and this guide is for developers so they can be careful to install a plugin or upgrade a plugin.

How to Clean Up Backdoor for Good

In most cases, backdoors are disguised to resemble a WordPress file. Check the wp-includes folder; a wp-user.php is a backdoor since it doesn’t exist in the normal install, only user.php exists but not wp-user.php.  In the uploads folder a file named hello.php is a backdoor disguised as the Hello Dolly plugin. It can also use names like wp-content.old.tmp, php5.php or data.php; it doesn’t mean that because it has a PHP code in it that it has to end with php. It can even be a .zip file. Encoded with base64 code to perform all manner of hacking operations including redirecting the main page to spammy sites, adding additional pages, and adding spam links

The good news is the current version of WordPress (version 3.4.2) has no known vulnerabilities. Therefore another way of defeat backdoors is by upgrading to the latest version of WordPress at hand.

 Finding and Fixing a Backdoor in a Hacked WordPress Site

Flipper Code

We have been building WordPress Plugins at flipper code since 2008. We follow wordpress coding standard that ensures we deliver the excellent wordpress plugins and services.

More Posts - Website

Follow Me:
twitter Finding and Fixing a Backdoor in a Hacked WordPress Sitefacebook Finding and Fixing a Backdoor in a Hacked WordPress Sitegoogleplus Finding and Fixing a Backdoor in a Hacked WordPress Site

Customize Product according to your requirements?

We will be glad to discuss any of your needs related to our wordpress plugins . if any of functionality you'd like to see in products, you can reach us by via email hello@flippercode.com.