Resources
https://xoobo.com/blog/wordpress-hacked/

https://www.knownhost.com/wiki/security/misc/checking-access-logs-for-abuse

How to Secure Your cPanel Account

https://www.ctrl.blog/entry/httpd-wordpress-deny.html

https://documentation.cpanel.net/display/EA4/Advanced+Apache+Configuration

http://tltech.com/info/following-hacker-passwords/

 

https://perfmatters.io/

Disable emojis, embeds, dashicons

 

 

<?php
// Disable block library
function remove_wp_block_library_css()
{
wp_dequeue_style('wp-block-library');
wp_dequeue_style('wp-block-library-theme');
wp_dequeue_style('wc-block-style');
// You can dequeue plugins styles if you're using your own
}
add_action('wp_enqueue_scripts', 'remove_wp_block_library_css', 100);

// Removes jQuery Migrate (it might be required if you're using old plugins)
function clean_remove_jquery_migrate($scripts)
{
if (!is_admin() && isset($scripts->registered['jquery'])) {
$script = $scripts->registered['jquery'];
if ($script->deps) {
// Check whether the script has any dependencies
$script->deps = array_diff($script->deps, array('jquery-migrate'));
}
}
}
add_action('wp_default_scripts', 'remove_jquery_migrate');

// Disable emojis in WordPress
function disable_emoji_feature()
{
// Prevent Emoji from loading on the front-end
remove_action('wp_head', 'print_emoji_detection_script', 7);
remove_action('wp_print_styles', 'print_emoji_styles');

// Remove from admin area also
remove_action('admin_print_scripts', 'print_emoji_detection_script');
remove_action('admin_print_styles', 'print_emoji_styles');

// Remove from RSS feeds also
remove_filter('the_content_feed', 'wp_staticize_emoji');
remove_filter('comment_text_rss', 'wp_staticize_emoji');

// Remove from Embeds
remove_filter('embed_head', 'print_emoji_detection_script');

// Remove from emails
remove_filter('wp_mail', 'wp_staticize_emoji_for_email');

// Disable from TinyMCE editor. Currently disabled in block editor by default
add_filter('tiny_mce_plugins', 'disable_emojis_tinymce');

/** Finally, prevent character conversion too
** without this, emojis still work
** if it is available on the user's device
*/

add_filter('option_use_smilies', '__return_false');
}

// Disables emojis in WYSIWYG editor
function disable_emojis_tinymce($plugins)
{
if (is_array($plugins)) {
$plugins = array_diff($plugins, array('wpemoji'));
}
return $plugins;
}
add_action('init', 'disable_emoji_feature');

WordPress Hacked: What to Do When Your Site Is in Trouble

 

 

  1. Installed and ran https://wordpress.org/plugins/gotmls/  on offlinesharks.com. It scans the entire public_html folder and removed the potentially dangerous folders.
  2. Installed Activity Log
  3. Ran Security Advisor from WHM
  4. Updated the plugins
  5. Updated the WordPress version
  6. Updated the PHP versions to 7.4
  7. Changed the security keys and WordPress salts in wp-config
  8. Updated the WordPress theme
  9. Changed all the WordPress users passwords on offlinesharks.com
  10. Checking if all the the folder/files permissions are correct
  11. Verifying if the WordPress core files have been modified
  12. Ran https://wpscan.com/
  13. Change all the FTP passwords
  14. Searched for new SSH keys
  15. Disabled “SSH Password Authentication is Enabled”
  16. Removed the folders mentioned by Liquidweb support
  17. Searched for backdoors using https://sitecheck.sucuri.net/
  18. Checked with support if the Bluehost hosting SSH key  that we found was something unusual. It isn’t as it is used by the back-up services.
  19. Disabling root user login – https://www.liquidweb.com/kb/disabling-root-user-login/
  20. Exporting the databases and checking them for malware on https://www.virustotal.com/
  21. Rebooting the server to make sure that the updates take effect
  22. Disabled the rss feeds

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *