How To Completely Remove Defacement From WordPress Site?
Did your WordPress website look fine yesterday and have suddenly been defaced today? We know how horrifying it is to see your website ruined.
When hackers deface your website, they make it painfully obvious to the public that your site is hacked. They do this to spread their own propaganda or to poke fun at the website’s lack of security, or to even show off their hacking skills.
Defacement attacks are a nightmare. Anyone visiting your website will see the defacement on your site and will leave immediately. In today’s day and age, it’s likely that someone will take a screenshot of your defaced site and spread the news online that your website is hacked.
Once Google detects that your website is hacked, they will blacklist your site. Your web host will suspend your account which means your site will be taken offline.
Don’t worry because you can fix your defaced website but you’ll need to take security measures fast in order to avoid severe consequences. In this guide, we’ll show you how to clean the hack, restore your site to normal, and prevent this from occurring in the future.
TL;DR – If your website has been defaced, you need to immediately fix it by installing our WordPress Plugin BlogVault. It will backup your website, scan it for malware, and enable you to clean your site instantly.
What Is WordPress Website Defacement?
Usually, hackers break into WordPress websites silently and carefully hide their malware as long as they can without being detected. They do this so that they can run their malicious activities for longer periods of time.
But by defacing your site, hackers make it evident to you and your visitors that your site is infected. Hackers change the visual appearance or content of your WordPress website. They make their hacks noticeable and usually leave “hacked by” messages. They also plaster your WordPress website with images, video, and audio that may be offensive. You can consider it a virtual form of vandalism.
Websites get defaced by political or religious groups who want to make their presence felt and spread their views. They run defacing campaigns in the name of social justice and call themselves ‘Hacktivists’.
In January 2020, following the assassination of top Iranian General Qasem Soleimani, hackers defaced a US federal website. They displayed messages that vowed revenge for his death.
Hackers also deface WordPress sites to ridicule the lack of web security. They display messages alerting site owners that their website security is insufficient.
Lastly, WordPress website defacing is not too technical. Therefore, newbie hackers tend to deface WordPress sites to practice and improve their hacking skills. Their trials can have devastating consequences for your business.
To mitigate the consequences of a defaced site, you need to act fast to fix it and get your business back to normal. We’ll show you the steps to take to remove the defacement immediately.
How To Fix Defacement On A WordPress Website
When your website is defaced, you need to immediately find and remove the hack. Then you need to fix the vulnerability that caused the hack in the first place. So in this section, we are going to take the following steps:
1. Scan Your WordPress Site For Malware
To deface your site, hackers infect your website with malware. While the hack is evident on your website, the malware causing the defacement can be disguised and hidden inside your site. While defacing your site, hackers also create hidden backdoors that enable them to access your site even after removing the malware.
Only a very powerful web security scanner like MalCare can find such hidden malware and backdoors. Once you install MalCare on your site, it will run a full website scan and detect the defacement malware in just a couple of minutes.
Scan Your WordPress Site With MalCare
Step 1: Install MalCare on your WordPress site.
Step 2: On the right-hand side of your WordPress dashboard, select MalCare. Submit your email address and choose to ‘Secure Site Now’.
Step 3: The security scanner will automatically scan your website. Once it detects the malware on your site, you will see an alert displayed:
With that, we’ll jump to the next section, where we’ll show you how to clean your hacked WordPress website.
2. Clean The Defacement On Your WordPress Site
After you’ve identified the infected files, you need to remove the infection in order to remove the hack. There are many malware removal services available, however, not all of them are effective.
Many malware removal solutions follow a process where you need to raise a ticket first. Next, they assign a security professional who will clean up your site. While you wait a long time for your WordPress website to be cleaned up, the consequences of a defaced site only become worse.
We recommend continuing to use MalCare to clean your website as it is the only plugin that offers instant malware removal. It will clean all instances of malware and get rid of any backdoors on your site in under a few minutes.
You can also check our top WordPress malware removal plugins and remove malware by yourself.
Note: Malware removal is a complex and technical process and therefore, is a premium service with all malware removal solutions. To use MalCare’s instant malware cleaner, you will need to upgrade to a premium plan.
How To Use MalCare To Clean Your WordPress Site?
Step 1: After MalCare has detected the infected files, you will see an option called ‘Auto Clean’.
Step 2: This process will take a few minutes, after which it will display the following:
That’s it! Your WordPress site is free of any defacement malware.
3. Restore your Website’s Backup
After your website is clean and all the infected files are gone, you can need to restore a clean backup copy to get your site back to normal.
A backup is a clone of your website that’s stored safely. When things go wrong and you want to restore your site to its previous state, a backup copy comes in handy. You might’ve taken a backup using a plugin or with your web host. They usually maintain multiple copies of your site, so you would need to test restore these backups to find a clean copy that was taken prior to the hack.
In case you haven’t taken backups of your website, don’t worry. We’ll show you ways in which you might be able to find a backup copy of your site.
Now, there are three main ways in which you can restore your backup:
a) Using a WordPress Backup Service
If you took precautions and copied your WordPress site using a backup plugin before your website was defaced, you can fetch the backup copy from this service.
For example, with the BlogVault backup plugin, you can restore your site easily by following these steps:
Step 1: On the BlogVault dashboard, access your website.
Step 2: Under ‘Backups’, select ‘Test Restore’.
Step 3: You need to enter your FTP credentials. You can then choose which backup copy you would like to restore and test restore your site. Once complete, visit the test restore site and check if your backup is correct.
Step 4: Go back to ‘Backups’, select ‘Restore’.
Step 5: Choose the correct backup copy and restore your site.
Your site will be restored to normal in a few minutes and you can get back to business as normal.
b) Using Web Host
Web hosts usually take backups of all websites that they host on their platform. If you rely on your host to take backups of your site, you can get a backup copy from them. Most hosts don’t have a test restore option, so we’ll show you how to restore a backup copy to your live site:
Step 1: Log in to your web hosting account.
Step 2: Access the backups section. The location of your backup varies between hosting providers. You will need to contact your host’s support staff in case you can’t find it.
Step 3: Depending on your host, you might be able to auto-restore or you will have to download your backup and manually restore it.
For more details on manual restore, follow our guide to backup WordPress website.
c) Using Softaculous
In case you haven’t taken any backups and your host hasn’t backed up your site either, we can offer you one last solution and that is Softaculous.
Some web hosting providers include Softaculous (an app installer) in your web hosting account by default. It enables quick and easy installation of WordPress.
If you or your web developer used Softaculous to install WordPress, there would’ve been an option to take backups. If this option was chosen, then Softaculous would have a backup copy of your website.
You can find out if you have a Softaculous backup by following these steps:
Step 1: Log in to your hosting account and visit cPanel.
Step 2: Locate the Softaculous app. If you do not see the app here, contact your web hosting provider to check if they provide the app.
Step 3: Select this app and access your backups inside. Upon clicking on ‘backups’, you will find an option to restore your website here.
Your website should be restored back to normal now.
But don’t relax just yet because cleaning and restoring your site is only half the job done. You need to fix any WordPress vulnerabilities on your website that could’ve led to your site being hacked.
If you don’t have a backup of your WordPress site, we recommend getting one as soon as possible.
4. Fixing the WordPress Vulnerability
Hackers were able to break into your WordPress site because there was a weakness they could exploit. You need to find this weakness or vulnerability and remove it to ensure hackers don’t break in again. Here is a list of the most common WordPress vulnerabilities that lead to WordPress sites being hacked:
- Outdated WordPress installation
- Outdated WordPress themes and plugins
- Using pirated themes and plugins
- Weak Login Credentials
- Lack of SSL
We address how to fix these issues in the next section on how to prevent WordPress Defacement.
Steps to Prevent WordPress Defacement
Here, are four important preventive measures you need to implement on your site to ensure your site is never defaced again:
1. Keep Your WordPress Site Updated
Updates to your WordPress installation, themes, and plugins carry bug fixes, new features, enhancements, but most importantly, security patches. This security fix will remove any vulnerabilities that developers have found in their software.
In 2017, a rest-API vulnerability in the WordPress core was exploited by hackers to deface thousands of WordPress sites. A security fix was released in an updated version before hackers could detect the vulnerability. But as site owners deferred updating to the latest version, hackers were able to exploit it.
If you see that an updated WordPress version is available, we strongly advise installing them on your website immediately.
If you find WordPress updates appear too frequently which makes it difficult to manage, you can check how to update WordPress properly step by step.
2. Implement WordPress Site Hardening Measures
WordPress recommends certain security measures that will make your website more secure against hackers. These include:
- Disable theme and plugin editor
- Disable theme and plugin installations
- Using strong usernames and passwords
- Enable two-factor authentication
- Limit login attempts
To learn how these WordPress hardening measures make your website secure and how to implement them, you can follow our guide on website hack protection.
3. Use An SSL Certificate
Your website constantly transfers data over the internet between browsers and servers. Hackers try to intercept this data in order to steal login credentials. This enables them to break into your site.
You can avoid such data breaches by using an SSL certificate to encrypt this data. Even if hackers intercept the data, they won’t be able to decipher it.
There are many SSL providers that sell SSL certificates. You can also purchase one from your web host.
For more information on SSL, check out our guide – How to install SSL on your website.
4. Delete Inactive Themes And Plugins
Most WordPress website owners tend to install a number of themes and plugins. But they forget to delete the ones they don’t use. These themes and plugins are generally neglected. And moreover, unnecessary elements on your site give hackers more opportunities to break in. We advise you to keep only the themes and plugins that you need and delete all others that are inactive.
In addition, if you’ve installed pirated versions of themes and plugins, we strongly advise you to disable them immediately and delete them from your website. Pirated software often contains malware that enters your site when you install it.
We are confident that once you implement these measures, your WordPress site will be secure.
Defacement campaigns and hacks are only growing more in number! Unfortunately, your site doesn’t become immune to defacement after one attack. You need to ensure that you’ve taken adequate measures to protect your site and prevent future hack attempts.
We recommend using BlogVault’s Backup and Security Plugin. It will take backups of your site regularly and enable you to restore them easily. It also has a WordPress firewall that will block hackers and bad bots from accessing your site. It will not just prevent defacements but all types of hacks!
Backup and Secure Your WordPress site with BlogVault now!
Melinda is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Melinda distils the wisdom gained from building plugins to solve security issues that admins face.