TheitechBlog was hacked recently, but soon I discovered the problem and restored the blog within few hours.
I was in a great dismay when on 24th July morning at around 8 am when I visited my blog, and was faced with a black screen with some arabic text and weird music playing in background.
I went blank with shock, thinking could this have happened and how could I bring my website back! I was a little relieved when I remembered about the backups, which I had created sometime back. (That is why it is always advisable to have backups of your data.)
How did TheitechBlog get hacked and was recovered consequentially?
I tried logging into dashboard but I couldn’t, the hacker had changed my login password. Then I got into the root directory of WordPress, I checked .htaccess and wp-config.php files for any malicious activity but found nothing. Then I looked for theme files, there I discovered the malicious code in the index.php! the hacker had replaced index.php file of my theme with a malicious code file. I quickly restored all original theme files from the backup. Theitechblog blog was up again!
But it was just a temporary measure, I had to trace the main loophole behind this hack. How did the hacker managed to gain access to my theme files and database was a question which bothered me. I though about it for several hours, and read about WordPress Security all over the internet.
I came to know about the problem of ‘file permission‘ of wp-config file. WordPress stores the database credentials in plain-text in the wp-config.php file, anyone who can gain access to this file can easily gain access to your database!
Theitechblog was hacked by exploiting this loophole. The attacker got access to my database, changed my password and from the dashboard changed the theme files.
If he might have got access to root, he would have changed other files too, like the core WordPress files, .htaccess, wp-config.php, but only theme files were changed which can be access by dashboard.
The hacker may have exploited some other loopholes as well but the facts are pointing more towards wp-config.php file hack.
Ways to protect WordPress wp-config.php
#1. Correct File Permissions
I later checked the file permissions of my WordPress wp-config.php file, the file permissions were incorrect and were allowing others to access the file. I changed the permissions to the appropriate.
This loophole exists in many WordPress blogs by default. WordPress does not changes the permissions of wp-config.php file and generally newbies don’t pay much attention to this or are unaware of this loophole.
Check out the permissions of your WordPress blogs wp-config.php and change it to 750.
#2. Using .htaccess file
Paste this code to the .htaccess file, in your WordPress root directory.
# to protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>
This is how I recovered my website from the hacking attack! But I still have to work a lot on the security of the blog. I will be writing more articles on WordPress security. Ignorance of security can lead to big problems, hence it should be given proper attention.
You can never be too careful about these things. So make sure you have a recent backup of database and other important files.
Have you ever faced any hacking attack on your website? Share you experiences. And let us know about your views on WordPress Security.
