I’m spending this wonderful summer Sunday fixing a WordPress theme hack after WordPress Training Online with newmediaMike was hacked again.
The posts on WPTraining centered around identifying, repairing and protecting from an htaccess redirect hack. My theory is, this is the hackers way of “payback” for my helping their victims, since my posts for how to fix their nasty redirects have ranked in the top 10 for a ton of search queries and generated thousands of pageviews this past month.
What caused my WordPress Theme to get Hacked?
No matter how I tried accessing my site I encountered their hack screen. The DNS looked clean on 1&1, so I still had control over the domain, but with hackers you never know. When the DNS proved to be OK but the hack was still in place I decided the best course of action would be to move the site to a new directory on my host. I thought I would try moving the site and use the same database, that way I wouldn’t lose anything. I was able to transfer the site intact to my computer hard drive. Which in hindsight was a bone head move. I began transferrng it intact back to the host. As I was transferring it back to the host my anti-virus caught something in an inactive theme, the “Famous” theme I considered for WPTraining.
I quarantined the virus called Trojan Horse PHP/Back Door CP . This back door PHP Trojan was the cause of my grief and I found it in the control panel folder for Famous.
The hackers used a PHP vulnerability to inject their virus into an inactive WordPress Theme that allowed it to rewrite the redirection and inject their page.
After catching the virus I deleted the theme but the virus was likely in the SQL database, which meant I had to delete the database to get rid of the virus.
Fixing a WordPress theme hack
I created a new database, uploaded a clean version of WordPress and the site came back. I transferred the old theme back and it was clean and the site is now ready for content. Since most of the content on the site was video based it won’t take me long to restore the site. In some cases I’ll now be able to use keyword research I have from the posts previous incarnation to improve the posts rankings.
This means that WordPress training online may have had a setback, but with my online marketing chops these posts will now bring in MORE better qualified traffic. Instead of this being a disaster, this is another golden opportunity to get a ton of organic traffic from people looking to learn how to fix a WordPress theme hack.