How to recover hacked wordpress blog

Well hacking of wordpress blogs became more easy and popular and i saw many blogs are being hacked by noobs nowadays.
Last night our server got an attack by those noobs and all of our wordpress blogs (old version) were injected by the code saying “hacked by bla bla”.

What they have done with wordpress?

1. They have injected their code into blog’s database and changed the password and admin email address to override admin access to backend. So administrator is not able to retrieve his lost password to get access back.

2. They have injected the code into templates file named “index.php” saying “hacked by bla blaa”

Here is the quick solution to fix both of them:
Get admin access back:

1. First of all you will need to get admin access back, for this login to phpmyadmin from cPanel and then navgiate to the wordpress database, see snapshot below:

1

2. Now select the users table and choose the row that contains admin details, see below snapshot:

2

3. Edit the row and change the email address with your new working email address and save it.

3

4. Ok, now goto the following link: http://yourdomain.com/wp-admin and use forgot password link to reset your password.

You will get the reset password confirmation email follow the steps given in that email.
How to remove hacker’s message “Hacked by bla bla”

1. Just login to your FTP or to cPanel File manage and navigate to your wordpress templage files located in public_html/wp-content/themes/templatename

2. Now replace the index.php file with the original template’s index. php file. You should have this template file or re-download it. Ok, this is done.

Your blog will become back now i will tell you how do you secure your blog from hacker.

Secure wordpress blog:

1. Keep your wordpress blog uptodate.
2. Install following plugin:

  1. Sucuri Free
  2. Exploit Scanner
  3. Block bad queries
  4. Anti malware shield
  5. Exploit Scanner

3. Do not install nulled/cracked plugins and templates.
4. Check your hosting account for any malicious files and folders, possibly shells, remove them.
5. Check template files for malicious code and base64 code and remove them.

For more information on securing wordpress blog google it you will find various methods there.

Installing mod_evasive for apache in cPanel server

What is mod_evasive ?

Mod_evasive helps apache to protect the server from DDOS attacks and bruteforce attacks, if you are getting too many attacks you should consider installing it on cPanel/WHM based servers. Follow the below steps to install/configure it:

  • Login to your server
  • Execute following commands:
  • # cd /usr/local/src/
  • # wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
  • # tar -xvzf mod_evasive_1.10.1.tar.gz
  • # cd mod_evasive
  • # /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create new file by executing and add the below code into it:

  • # nano /usr/local/apache/conf/mod_evasive.conf

LoadModule evasive20_module modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 10
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
</IfModule>

Now include the above file inside /usr/local/apache/conf/includes/pre_main_global.conf

Include “/usr/local/apache/conf/mod_evasive.conf”

  • Rebuild apache configuration files:
  • # /scripts/rebuildhttpdconf
  • Restart Apache:
  • # service httpd restart

And you’re done!

Let me know if you have any issue while installing/configuring mod_evasive.

3 Best Templates for WordPress Blog

There are numerous templates available on the world wide web whether they are designed for wordpress or joomla, while searching on the web i have found some best looking and features rich templates for wordpress powered blogs that i would like to share:

1.Daily – Best template for photo gallery

A very good looking attractive template for wordpress photo blog contains three types of view, it provides the full customization of whole blog whether it is for photo gallery or for classic word press blog.

Live Preivew | Buy

2.PokeRoost – Simple but stylish wordpress template

Another very simple but stylish template for wordpress blog released under themeforest online store enabling you to choose from different colors, menus and sidebars that suites your blog best.

Live Preview | Buy

3. Carbon – Sharp features responsive template

An attractive wordpress blog template especially if you like dark colors with round corners, it is very flexible and can be customized according to any blog type such as video gallery or photo gallery.

Live Preview | Buy

That is the list for today, which template do you like to have ?