黑客入侵入门_修复被黑客入侵的WordPress网站的入门指南

黑客入侵入门

A sad reality about running websites is that sometimes they could get hacked. Having our WordPress site hacked a few times in the past, we know exactly how stressful it can be. Not to mention the impact it has on your business and readership. Over the past few years, we have helped hundreds of users recover their hacked WordPress sites including several well-known businesses. In this article, we will share a step by step guide to fixing your hacked WordPress site.

关于运行网站的一个可悲的现实是，有时它们可​​能会被黑客入侵。 过去，我们的WordPress网站遭到了几次黑客攻击，我们非常清楚这会带来多大的压力。 更不用说它对您的业务和读者群的影响。 在过去的几年中，我们已经帮助数百名用户恢复了被黑客入侵的WordPress网站，其中包括数家知名企业。 在本文中，我们将分享逐步指南，以修复您被黑的WordPress网站。

在我们开始之前要知道的几件事 (Few Things to Know Before We Start)

First and foremost, no matter which platform you’re using, WordPress, Drupal, Joomla, etc — any site can be hacked!

首先，无论您使用的是WordPress，Drupal，Joomla等平台，任何网站都可以被黑客入侵！

When your WordPress site is hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn or other bad neighborhood websites, and worst lose your entire site data.

当您的WordPress网站遭到黑客入侵时，您可能会失去搜索引擎排名，使读者暴露于病毒中，由于重定向到色情网站或其他不良邻里网站而使声誉受损，最糟糕的是失去了整个网站数据。

If your website is a business, then security should be one of your top priorities.

如果您的网站是一家公司，那么安全性应该是您的首要任务之一。

That’s why it’s crucial that you have a good WordPress hosting company. If you can afford it, then absolutely use managed WordPress hosting.

这就是为什么拥有一个优秀的WordPress托管公司至关重要。 如果您负担得起，则绝对使用托管WordPress托管 。

Make sure that you always have a good WordPress backup solution such as BackupBuddy in place.

确保您始终有一个良好的WordPress备份解决方案，例如BackupBuddy 。

Last but probably the most important, have a robust web application firewall such as Sucuri. We use their services on our websites.

最后但也是最重要的一点，是拥有一个强大的Web应用程序防火墙，例如Sucuri 。 我们在我们的网站上使用他们的服务。

All the above information is great if you haven’t been hacked yet, but chances are if you’re reading this article, then it’s probably too late to add some of the precautions that we mentioned above. So before you do anything try to remain as calm as you can.

如果您还没有被黑客入侵，那么上面所有的信息都是很棒的，但是如果您正在阅读本文，那么可能就太晚了，添加上面我们提到的一些预防措施可能为时已晚。 因此，在执行任何操作之前，请尽量保持冷静。

Let’s take a look at the step by step guide on how to fix your hacked WordPress site.

让我们看一下有关如何修复被黑的WordPress网站的逐步指南。

步骤0 –由专业人士为您做 (Step 0 – Have a Professional Do it for You)

Security is a serious matter, and if you’re not comfortable dealing with codes and servers, then it’s almost always better to have a professional do it.

安全性是一件很重要的事情，如果您不习惯处理代码和服务器，那么专业人员通常会更好。

Why? Because hackers hide their scripts in multiple locations allowing for hacks to come back over and over again.

为什么？ 因为黑客将其脚本隐藏在多个位置，从而使黑客一遍又一遍。

Although we will show you how to find and remove them later in this article, a lot of folks want to have the peace of mind knowing an expert properly cleaned their website.

尽管我们将在本文后面向您展示如何查找和删除它们，但是许多人都希望知道专家正确地清理了他们的网站，因此请放心。

Security experts normally charge anywhere between $100 to $250 per hour which is outrageous for a small business or solo-entrepreneur.

安全专家通常每小时收取100到250美元不等的费用，这对于小型企业或独资企业来说实在是太离谱了。

However for WPBeginner readers, our friends over at Sucuri offer malware and hack cleanup for $199 which also includes their firewall and monitoring service for a whole year.

但是，对于WPBeginner读者来说，我们在Sucuri的朋友提供199美元的恶意软件和黑客清理服务，其中还包括其全年的防火墙和监控服务。

Now this may seem like a promotion of Sucuri, but it’s really an honest recommendation. We personally know the team at Sucuri, and we wouldn’t be recommending them if we didn’t trust them with our own websites. Yup WPBeginner uses Sucuri and on a daily basis they block several thousand attacks on our website, and we really can’t thank them enough for what they do for us.

现在，这似乎是对Sucuri的促进，但这确实是一个诚实的建议。 我们本人认识Sucuri的团队，如果我们不信任自己的网站，我们不会推荐他们。 Yup WPBeginner使用Sucuri，每天都会阻止我们网站上的数千次攻击，对于他们为我们所做的事情，我们真的非常感谢。

So use them if you value your time, you’re not tech-savvy, or if you just want peace of mind.

因此，如果您珍惜时间，不精通技术，或者只想放心，请使用它们。

For all the DIY folks, simply follow the steps below to clean up your hacked WordPress site.

对于所有DIY人士，只需按照以下步骤清理被黑的WordPress网站。

步骤1.识别黑客 (Step 1. Identify the Hack)

When dealing with a website hack, you’re under a lot of stress. Try to remain calm and write down everything that you can about the hack.

在处理网站黑客攻击时，您承受的压力很大。 尝试保持冷静，并写下所有有关骇客的内容。

Below is a good checklist to run down through:

以下是一个不错的清单，可以逐步解决：

• Can you login to your WordPress admin panel?
  您可以登录到WordPress管理面板吗？
• Is your WordPress site redirecting to another website?
  您的WordPress网站是否重定向到另一个网站？
• Does your WordPress site contain illegitimate links?
  您的WordPress网站是否包含非法链接？
• Is Google marking your website as insecure?
  Google是否将您的网站标记为不安全？

Write down the list because this will help you as you talk with your hosting company or even as you go down the steps below to fix your site.

写下列表，因为这将在您与托管公司交谈时或在按照以下步骤修复网站时为您提供帮助。

Also it’s crucial that you change your passwords before you start the clean up. You will also need to change your passwords, when you’re done cleaning the hack.

同样重要的是您在开始清理之前更改密码 。 完成清理hack后，您还需要更改密码。

步骤2.与您的托管公司联系 (Step 2. Check with your Hosting Company)

Most good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.

大多数好的托管服务提供商在这些情况下都非常有帮助。 拥有经验丰富的员工每天处理这类事情，他们知道自己的托管环境，这意味着他们可以为您提供更好的指导。 首先联系您的网络托管商，然后按照其说明进行操作。

Sometimes the hack may have affected more than just your site, specially if you are on shared hosting. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc. From our experience, HostGator and Siteground both are very helpful when something like this happens.

有时，这种骇客行为可能不仅影响您的网站，特别是在共享主机上 。 您的托管服务提供商也可以为您提供有关黑客的其他信息，例如黑客的起源，后门的隐藏位置等。根据我们的经验，当发生这种情况时， HostGator和Siteground都非常有用。

You may even get lucky and the host might clean up the hack for you.

您甚至可能会很幸运，主机可能会为您清理黑客。

步骤3.从备份还原 (Step 3. Restore from Backup)

If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked. If you can do this, then you’re golden.

如果您有WordPress网站的备份，则最好从未遭到黑客入侵的站点恢复。 如果您能做到这一点，那么您就是黄金。

However if you have a blog with daily content, then you risk losing blog posts, new comments, etc. In those cases, weigh the pros and cons.

但是，如果您的博客每天都有内容，那么您可能会失去博客文章，新评论等内容。在这种情况下，请权衡利弊。

Worst case, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you can manually remove the hack.

最坏的情况是，如果您没有备份，或者您的网站已被黑客入侵很长时间，并且不想丢失内容，则可以手动删除该黑客攻击。

步骤4.恶意软件扫描和删除 (Step 4. Malware Scanning and Removal)

Look at your WordPress site and delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.

查看您的WordPress网站并删除所有无效的WordPress主题和插件。 通常，这是黑客隐藏后门的地方。

Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing. This allows them to regain access even after you find and remove the exploited plugin.

后门是指一种绕过常规身份验证并获得在未被检测到的情况下远程访问服务器的能力的方法。 大多数聪明的黑客总是将后门上传为第一件事。 即使您找到并删除了被利用的插件，这也使他们能够重新获得访问权限。

Once you have done that, now go ahead and scan your website for the hacks.

完成此操作后，现在就继续扫描您的网站以查找黑客攻击。

You should install the following free plugins on your website: Sucuri WordPress Auditing and Theme Authenticity Checker (TAC).

您应该在网站上安装以下免费插件： Sucuri WordPress审核和主题真实性检查器(TAC) 。

When you set these up, the Sucuri scanner will tell you the integrity status of all your core WordPress files. In other words, it shows you where the hack is hiding.

当您设置这些文件时， Sucuri扫描仪将告诉您所有核心WordPress文件的完整性状态。 换句话说，它向您显示了隐藏的hack。

The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.

最常见的位置是主题和插件目录，上载目录，wp-config.php，wp-includes目录和.htaccess文件。

Next run the Theme Authenticity Checker, and it will display your results like this:

接下来运行主题真实性检查器，它将显示如下结果：

If theme authenticity checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.

如果主题真实性检查器在您的主题中发现任何可疑或恶意代码，它将在主题旁边显示一个详细信息按钮，并引用被感染的主题文件。 它还会向您显示发现的恶意代码。

You have two options for fixing the hack here. You can either manually remove the code, or you can replace that file with the original file.

您可以通过以下两种方法来修复此问题。 您可以手动删除代码，也可以将该文件替换为原始文件。

For example, if they modified your core WordPress files, then re-upload brand new WordPress files from a fresh download or all WordPress files for that matter to override any affected files.

例如，如果他们修改了您的核心WordPress文件，则从此重新下载全新的WordPress文件或所有WordPress文件，以覆盖所有受影响的文件。

Same goes for your theme files. Download a fresh copy and override the corrupted files with the new ones. Remember do this only if you didn’t make changes in your WordPress theme codes otherwise you’ll lose those.

您的主题文件也是如此。 下载新副本，并用新文件覆盖损坏的文件。 请记住，只有在未对WordPress主题代码进行更改的情况下，才进行此操作，否则将会丢失这些内容。

Repeat this step for any affected plugins as well.

对所有受影响的插件也重复此步骤。

You also want to make sure that your theme and plugin folder matches the original ones. Sometimes hackers add additional files that look like the plugin file name, and are easy to ignore such as: hell0.php, Adm1n.php etc.

您还想确保您的主题和插件文件夹与原始文件夹匹配。 有时，黑客会添加其他文件，这些文件看起来像插件文件名，并且很容易被忽略，例如：hell0.php，Adm1n.php等。

We have a detailed guide on how to find a backdoor in WordPress and remove it.

我们有详细的指南， 介绍如何在WordPress中找到后门并将其删除 。

Keep repeating this step until the hack is gone.

继续重复此步骤，直到黑客消失为止。

步骤5.检查用户权限 (Step 5. Check User Permissions)

Look in the users section of WordPress to make sure only you and your trusted team members have administrator access to the site.

在WordPress的“用户”部分中查找，以确保只有您和您可信任的团队成员具有对该站点的管理员访问权限。

If you see a suspicious user there, then delete them.

如果在那里看到可疑用户，则将其删除。

Read our beginner’s guide to WordPress user roles.

阅读有关WordPress用户角色的初学者指南 。

步骤6.更改您的秘密密钥 (Step 6. Change Your Secret Keys)

Since WordPress 3.1, WordPress generates a set of security keys which encrypts your passwords. Now if a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.

从WordPress 3.1开始，WordPress会生成一组用于加密您的密码的安全密钥 。 现在，如果用户窃取了您的密码，并且他们仍然登录到该站点，则由于他们的cookie有效，因此他们将保持登录状态。 要禁用cookie，您必须创建一组新的密钥。 您需要生成一个新的安全密钥 ，并将其添加到wp-config.php文件中。

步骤7.再次更改密码 (Step 7. Change Your Passwords AGAIN)

Yes, you changed the passwords in step 1. Now do it again!

是的，您在步骤1中更改了密码。现在再做一次！

You need to update your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used this password.

您需要更新WordPress密码，cPanel / FTP / MySQL密码，以及基本上所有其他使用此密码的地方。

We highly recommend that you use a strong password. Read our article on the best way to manage passwords.

我们强烈建议您使用强密码。 阅读有关管理密码的最佳方法的文章。

If you have a lot of users on your site, then you may want to force a password reset for all of them.

如果您的站点上有很多用户，则可能要强制为所有用户重置密码 。

前进–强化WordPress网站 (Moving Forward – Hardening your WordPress site)

It should go without saying that there is no better security than having a good backup solution in place. If you don’t have one, then please put something in place to backup your site daily.

不用说，没有适当的备份解决方案会带来更好的安全性。 如果您没有，请每天放置一些内容来备份您的网站。

Aside from that, here are some more things you can do to better protect your site – these are not in order and you should do as many as you can!

除此之外，您还可以采取其他一些措施来更好地保护您的网站-这些措施不整齐，您应该尽力而为！

• Setup a Website Firewall and Monitoring System – Sucuri is the provider we use because in most cases they block the attacks before it reaches your server.
• 设置网站防火墙和监视系统 – Sucuri是我们使用的提供商，因为在大多数情况下， Sucuri会在攻击到达您的服务器之前将其阻止。
• Switch to Managed WordPress Hosting – Most 切换到托管WordPress托管 –大多数managed WordPress hosting companies go to extra lengths to keeping your site secure. We recommend 托管WordPress托管公司都竭尽全力来确保您的网站安全。 我们建议使用Pagely or Pagely或WPEngine.WPEngine 。
• Disable Theme and Plugin Editors – It’s a best practice. Here’s how to 禁用主题和插件编辑器 -这是最佳做法。 这是disable file edit in WordPress.在WordPress中禁用文件编辑的方法 。
• Limit Login Attempts in WordPress – We recently covered the importance of it and you should read 限制WordPress中的登录尝试 –我们最近介绍了它的重要性，您应该阅读how to limit login attempts in WordPress.如何限制WordPress中的登录尝试 。
• Password Protect your Admin Directory – Add an additional layer of password to your WordPress admin area. See 密码保护您的管理员目录 –在WordPress管理员区域中添加一个额外的密码层。 了解how to add Htpasswd to WordPress admin.如何将Htpasswd添加到WordPress管理员 。
• Disable PHP Execution in certain directories – Adds additional layer of security – here’s 在某些目录中禁用PHP执行 –增加了额外的安全性–这是how to disable PHP execution via .htaccess. 通过.htaccess禁用PHP执行的方法 。

And whatever you do, always keep your WordPress core, plugins, and themes up to date!

无论您做什么，都请始终保持WordPress核心，插件和主题为最新！

Remember Google recently announced that they added a new change in the algorithm to that impacts hacked sites with spam results. So please make sure that you are keeping your site secure.

请记住，Google最近宣布他们在算法中添加了新的变化，以影响被黑网站并获得垃圾邮件结果。 因此，请确保您确保网站安全。

We hope this guide helped you fix your hacked WordPress site. If you’re still having issues, then we strongly recommend hiring professional help such as Sucuri or ask your hosting company if they can help with the fix.

我们希望本指南能帮助您修复被黑的WordPress网站。 如果您仍然遇到问题，我们强烈建议您雇用Sucuri之类的专业帮助，或询问您的托管公司他们是否可以解决此问题。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章，请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

翻译自: https://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/

黑客入侵入门