Bail Bond Website Hacked
Was your bail bond website hacked? How would you know unless you really took a look at it every so often? Believe me when I tell you this happens to people all the time as it did to a new client I met on Twitter today. It appears on first glance his WordPress website was put in the Google Sandbox and he didn’t know what it was for or what to do.
One of the simplest things you can do on your site is to check and see if your files have been altered. You can do this by simply right-clicking on your mouse and selecting “View Page Source”. It might look like coded gobbly-guk to you, but if you look a little closer you can see that the lines of code are simply telling the browser how things should look.
The worst part about this type of hack is that eventually Google may see it and send you a nasty note in your Webmaster Tools. It may explain a recent drop in search engine activity as they show links that simply do not belong on your site. If it’s a malware issue… and you aren’t a member of Google Webmaster Tools your visitors may send you a note that your site has been listed as an attack site. Either way it sucks and it must be dealt with as soon as you find it. I’ll go more into detail about cleaning malware in another post, but if you’re having malware issues on your site and need immediate support you are more than welcome to email or call me.
Here is an image of what I saw on this bondsman’s site (name withheld):
You can see by all the red lines the sites that were given links to the product the hacker was pushing. Several of the sites probably belonged to the hacker(s) as they were junk domains with really no content. Other sites were legitimate and appeared to be live.
I went ahead and contacted the owners of those sites to let them know. Some had no clue and a few knew but did not know how to delete it… hence this article – as promised.
The file typically infected is the theme’s header file: header.php. This file in most WordPress sites is located here: /wp-content/themes/NAMEOFYOURTHEME/header.php.
Bail Bond Website Hacked, Now Clean Them
In order to clean the header file as described above, you can simply log in to WordPress, scroll down the dashboard and choose Appearance and finally Editor. You’ll notice a list of files to your right. Choose the “header.php” file and open. Simply delete the junky code and save. Now you’re somewhat clean…
I would suggest using an FTP programme to look at the files of your site to determine the date with which they may have been updated. Example: If you updated WordPress back in August you shouldn’t see any file dates changed (aside from sitemap.xml or sitemap.xml.gz these change when you create a new post or add a page).
There are a few free FTP programmes that are exceptionally good, but it’s at this moment that you may wish to keep everything a tad more secure and use your hosting company’s file programme listed in your cPanel. Have a look at the dates on the /wp-admin/ folder and /wp-includes/ folder. Are the dates on these folders newer than your last update? If so, I would suggest you call your tech support person, your hosting company or me, to have a deeper look.
The easiest way to thwart any infected file is to simply wipe that version of WordPress off of your hosting account… but FIRST:
- After making sure your header file (and footer.php) file are clean, I suggest installing a plugin called Search Replace. It’s an amazing plugin that allows a quick search, or detailed search of your posts and pages. Once installed do a search for the items that were listed in your header file. You’ll soon discover if any post or page had been edited. If posts or pages were edited go in and clean them up putting them back to how they were originally.
- Backup your clean database
- Look through your uploads folder to determine if anything has been added to or tampered with. If nothing, go ahead and backup your UPLOADS folder (>> /wp-content/uploads/) to your PC
- Backup your theme (>> /wp-content/themes/YOURTHEME/) to your PC. If you haven’t changed anything in those files I would suggest downloading a new version. If you paid someone to change the files in any way or the theme is not a freebie you’ll need to ensure that the theme files were not altered by said hackers.
- Write down the names of the plugins you have active – you’ll install these later fresh from the developers site.
- Backup your wp-config.php file. This will be on the root. It has the information about your server, login details, etc. You may need this.
Did I mention you need to backup, backup, backup? Once you have everything backed up proper… do the unthinkable: wipe WordPress off your hosting account. Don’t panic, you installed it once before and you have a backup.
Reinstall Your Site From Scratch
Now is the time to get comfortable as you sit and watch files pass from your computer to your host. It’s like watching paint dry but with moving pictures of a notepad. Did I mention “woohoo”? Ok, here we go:
- Reinstall a brand new copy of WordPress to your host. Some hosting accounts include script apps that will allow you to install WordPress in minutes. I would go with that option as it’s faster than uploading from your computer. Don’t worry about the database it will create, we are going to use your original.
- Using your FTP programme, upload your images folder right on top of the /uploads/ folder. This may take some time depending on how much information you have in the folder.
- Using your FTP programme, upload the theme to your themes folder. If it is a freebie theme or a theme you haven’t altered I would suggest loading the theme from the developers site or from WordPress.
Now that the main files are in place it’s time to resurrect your database.
- On your host you’ll have an area called PHPmyAdmin. This is where you’ll create a new database and install your database information from backup. You can name your database anything you want we only care about the info to upload into it.Write down your new database name, user name and good password. You’ll need this information to place into the wp-config.php file from earlier.
- Open the wp-config.php file using your FTP programme or file manager on cPanel. Input the information as it pertains to your new database name, username and password.
- Now go ahead and log into your WordPress backend. Once logged in, you’ll begin to install the plugins from the developer, one at a time. You do not need a theme to do this but it helps to test. So, be sure to test the site each time you install a plugin. If something doesn’t work, disable that plugin and continue. You’ll need to find another alternative to the plugin causing issues. Most bail bond websites will only use a handful of plugins, just be sure you don’t overload the site with items you don’t need. Think speed.
- Now activate your theme and test. It should be just as it was, albeit sans hacker files.
- Now do a complete and full backup to your PC, MAC or other storage device.
I know… it’s grunt work and will take a couple hours, but it has to be done to ensure everything is clean.
What Happens When You Get Your Bail Bond Website Hacked, Again?
It happens. You think you might have cleaned the site, or paid someone to clean it and it gets hacked again. Time to look at your PC, if you haven’t already. Also place a call to your hosting company. More than likely they will shut your site down so as not to interfere with the other people on the server. This sucks when they do it and takes a bit more time to get working again. But, better shutting down one site and talking to an angry customer than having 20k other sites infected.
Most often it could be the plugin you are using, or an outdated theme you really like, or even a simple thumbs.db file you may have uploaded with your images. It happens. But, since WordPress runs mainly from a database I suggest to clean the site and then have another deep look at the database to see if anything was added to a post or page.
This was the case of my newest client today. The hackers were so brazen they even posted a file to help other hackers find their way around the site:
A simple way to protect your site is to put in place a way for people to go back to your main page. It’s a simple index.php file which sends the unwelcome visitor to another portion of your site or even to my fav; a Dateline Chris Hansen YouTube video. Just change the YOURDOMAIN to the place you wish to send folks who may be lost. I use this file in most site builds and you may download it here: Download
I put this file in folders such as /images, /css, /js etc. Simply places where no one belongs. I will admit its a lot easier to simply change the htaccess file but I think I’ll leave that to another post.