Recently we took over a site that had been hacked and was displaying nothing for the client, they had liaised with the hosting company and the company had been unable to fix the issue which resulted in the client being without any viable web presence. We took over the website and identified the root cause of the site outage within an hour or so. The htaccess file had been injected with some harmful rewrite rules which fortunately were breaking rather than redirecting customers to harmful content.
The next step was to download a copy of the website and run a malware scan on the site, we then installed the wordfence plugin which highlighted vulnerabilities and files that had been compromised. We were then able to remove the ‘backdoor’ access left behind by the hacker’s automated scripts that was allowing them to re-access the system each time the site was fixed. We checked for any issues in the database and updated the site passwords. We updated all of the plugins and the wordpress install to the latest versions and following this we cleared the site contents from the server and re-uploaded. The next step was regenerate the sitemap and to login to google search console to request that the site be re-indexed following the clean up which removed the ‘this site may have been hacked’ warning from google’s search results.
The site is now back up and running and has experienced no further hacks