The First Steps To Take After A WordPress Malware Hack
I recently got hacked on not one but two different WordPress installs I have. The intentions were made obvious to me after I actually saw a very sharp rise in long tail traffic from Yahoo. This might seem odd, but it made clear sense to me that something was embedded on the site causing it to rank for extraneous long tail phrases. Someone had installed a script later I found in the htaccess and index.php files (this is typically where they drop malicious scripts).
The first measures I took to clear the WordPress Malware threat were:
· Changing WordPress, ftp and database passwords
· Analyze my database for suspicious new fields (or modified fields)
· Assessed my index and .htaccess files
· Looked at Google caches of my site
· Run the ‘fetch as bot’ in Google webmaster central to see if they were cloaking
After wiping the php code that created the website.com/search?spam-long-tail-pages on my site and removing the htaccess modifications that made the server check the index file, I had effectively killed the malware. Google later came by, noticed the malware was gone and gave me my rankings back.
Read more on what to do about WordPress hacks: