Expert WordPress maintenance, security monitoring and technical support for serious website owners – 24/7.
Website defacement is a common problem in WordPress. It can happen for many reasons, but the most common one is a lack of security.
So, you’ve just had a good night’s sleep, grabbed a cup of joe – and you get to work. You open your WordPress website, and you’re met with the horror of defaced posts and pages. The content has been altered, and your website is basically ruined.
But it’s not only the content on your website that’s altered. The site is riddled with fake products, keyword spam, and even ads to illegal websites. In some cases, attackers also deface websites to spread political or religious propaganda.
This type of hacking attack can be devastating. Your regular visitors will flee once they see your website got defaced. And to make things even worse, Google can detect the hack and display the dreaded “deceptive website ahead” warring. If that happens, your web host may take down your website until you fix the hack.
Thankfully, you can fix your WordPress website if it gets defaced. However, you must act quickly if you want to avoid any consequences.
In this article, we’ll cover everything you need to know about defacement attacks. We’ll start with why someone would launch such an attack, followed by some examples. And then, we’ll show you how to fix your website after a defacement attack.
Website defacement is no different from street graffiti. When hackers breach your application security, they can redirect traffic to their own website – or use your website as a launchpad for bigger attacks. One of the things hackers can do is change the appearance of your WordPress website. In other words, they can deface your website.
In most cases, hackers will display messages boasting about “owning” your website. Sometimes they also include disturbing images – such as gore or pornography – that can shock your visitors.
A defacement attack serves the purpose of getting noticed. But why get noticed?
Here are the top reasons why hackers deface WordPress websites.
To Spread Political And Religious Propaganda
The most common reason (or one of) why WordPress websites get defaced is to spread political or religious views. Hackers could also deface websites for social-justice-related reasons; they are commonly known as “hacktivists.”
The most recent website defacement attack happened in 2020:
One US federal government website got hacked by Iranian hackers and was then plastered with messages vowing revenge for the death of commander Qassem Soleimani.
To Show Admin Hasn’t Taken Appropriate Security Measures
Some hackers use defacement as means of promoting their cyber security services. They’ll do it to make fun of security measures deployed on your website.
Afterward, they’ll even contact you in hopes of you hiring them to run network security on your WordPress site.
To Sell Illegal Products
Selling counterfeit or illegal products via Internet can be profitable. However, search engines are quick to notice these practices and blacklist the website.
That’s why some hackers go for defacement to peddle their products. And in such cases, they’ll replace your homepage with their own online store.
For The Fun Of It
Sometimes, defacement attacks have no notorious reasons behind them. Some hackers deface WordPress websites just for the fun of it. And some are doing this to hone their skills.
There are also cases where hackers run online contests; the individual who defaces the highest number of websites gets a cash reward.
Now that you know why your WordPress website might get defaced let’s see how these attacks work. Here are the top four ways hackers can get access to your site.
Vulnerable WordPress Core
The most critical component of your WordPress website is its core. And just like other software, WordPress Core is not foolproof.
Luckily, WordPress Core has thousands of developers dealing with maintenance, and major vulnerabilities are generally rare.
Now, we said it’s rare – not that it doesn’t happen. In 2017 hackers discovered a vulnerability in the WordPress API. It was called privilege injection and allowed unauthorized users to edit the website’s content.
WordPress developers quickly caught this vulnerability and fixed it. They made the fix public and urged WP users to upstate their core. Unfortunately, some users didn’t get the memo, which led to the defacement of some 1.5 million WP sites.
Since then, WP didn’t have any major vulnerabilities. The developer community is hard at work, ensuring WP has airtight security.
Vulnerable Themes And Plugins
WordPress themes and plugins can have vulnerabilities – no matter how well they were coded. If a vulnerability is detected, developers usually patch it up ASAP.
However, not all website owners update their themes and plugins regularly.
That gives hackers plenty of time to look for websites with out-of-date themes and plugins and exploit them. They can take control over your website via a plugin and inject malware such as wp-tmp.php.
People tend to use usernames and passwords that are easy to remember. That makes it easy for hackers to brute force their way in:
They’ll use a program that can generate thousands of username and password combinations – until they guess the right one.
For example, if you’re using a username such as “admin” and a password such as “123456,” the brute force bot can crack it in mere seconds.
No SSL Certificate
When a user visits your website, some data will be transferred between their browser and the server. This data can contain sensitive information – such as payment info or login creds.
If your website doesn’t have an SSL certificate, though, hackers can intercept the data transfer. They can then sell the data or exploit it for an attack.
An SSL certificate encrypts the data transfers on your website. So, even if hackers intercept it, they won’t be able to decrypt the data.
Knowing how a hacker broke into your site allows you to plug the security hole and prevent any further incursions – but it’s only half the battle. The next step is to get your website back up.
Not sure how to remove defacement from your website and get everything back to normal? We have you covered!
We’ll first go over how you can fix the hack – and then go over how to restore lost content.
Step 1: Scan Your Website For Malware
To exploit your website, hackers need to infect it with malware first. That’s why it’s critical that you first run a malware scan of your WP website.
You can scan your site using a WP security plugin. There are many security plugins to choose from, so that shouldn’t be an issue.
During the attack, hackers can do a number of things, such as:
Insert malicious code into your website. Hackers can run SQL injections that can destroy your WP database.Obfuscate their code, making it difficult to detect.Create backdoors that allow them to access your website after you’ve fixed it.
Not every plugin can detect obfuscated code. Some even can’t detect backdoors. That’s why it’s essential you find a plugin that can do all these things out of the box. Install the plugin and run a full scan of your website.
Step 2: Cleaning Your WordPress Website
After scanning your defaced website, it’s time to clean it up. Most malware plugins have cleanup locked behind a paywall. If you’re in a pinch, you can go for a plugin that comes with a free trial.
And if the plugin did a good job of cleaning up, consider buying the premium subscription.
You can delete the malicious code/files manually if you’re tech-savvy.
The scan should provide you with the information on which files were compromised during the attack. You can then either replace them with a clean copy or delete the malicious code from the files.
Step 3: Restoring Your Backup
Once you’re done cleaning up, it’s time to restore the content on your WP website. Restoring your website shouldn’t be a problem if you have a backup plugin installed.
Don’t worry if you don’t, though – your web host makes regular backups of your website. Since these backups are on hosts’ web servers, they should be able to restore your website from their end.
If you have a backup plugin installed, find it in your WP dashboard and begin the restoration. It usually takes a couple of clicks.
You can also restore your website using cPanel. Do note that you would need a backup of your website on your computer to do that, though.
First, navigate to the Backup Wizard:
Then choose the Restore option.
You’ll see a couple of restoration options. We recommend that you choose the MySQL Databases and Home Directory options – provided you have both of those backed up on your local machine, that is.
Once you’ve chosen an option, all you have to do is upload the backup file and hit the Upload button.
Then you’ll have to rebuild it manually, meaning you’ll need help from a developer for this. We recommend making a backup of your WP website before you start rebuilding. That way, you can roll back any changes that might break the site.
If you’ve followed the steps above, your website should be malware-free and fully restored.
Now you know how to fix the mess hackers made. So, it’s time to learn how to prevent website defacement in the future.
The first step in ensuring your website doesn’t get defaced again is to keep regular backups and install a security plugin.
A backup is your safety net in case anything cataclysmic happens to your website. The security plugin is there to prevent anyone from hacking into your website.
Still, there are a couple of more steps you can take to keep your WP website defacement-free.
Update Your WordPress Website Regularly
Just like with any software, WordPress, themes, and plugins are prone to exploits. WordPress Core has been secure for a couple of years – but we can’t say the same for WP themes and plugins.
When developers spot a security issue, they fix it ASAP – and then release an update. Once you update your theme or plugin on your WP site, it will plug the security hole.
That is why it’s essential you keep both your WP Core and its themes and plugins up-to-date at all times. If everything is running on the latest versions, hackers won’t be able to use any of the known exploits.
Up Your Security Measures
WordPress comes with a broad range of features that allow you to manage your site. And as you know, hackers can use some of these features to gain access to your websites.
WordPress recommends that you disable any features you don’t need. It’s also recommended that you implement a couple of security measures that will make your website harder to hack.
Using a strong username and passwordDisabling plugin and theme installationsDisabling plugin and theme editorsSetting a limit on login attemptsImplementing two-factor authentication#3 Delete Plugins And Themes You Don’t Use
Most WP users tend to try out new plugins and then forget to remove them. Every extra plugin on your website presents a potential security hole. That’s why we recommend that you delete themes and plugins you’re not using.
If you’re using pirated plugins or themes, we recommend that you delete them immediately. Most pirated plugins/themes come with malware that can ruin your website when you install them.
Without an SSL certificate, your website is vulnerable to data breaches. Remember that if the connection between the server and the visitor’s browser isn’t encrypted, anyone can intercept the data and exploit it.
You can easily resolve this by installing an SSL certificate. You can buy an SSL certificate from your web host if it’s not part of your hosting plan. If you’re on a budget, get a free SSL certificate on websites such as Let’s Encrypt.
Once you’ve implemented all these measures, your website should be hack-proof – or at least too difficult to hack for anyone to bother.
Also published here.