Cómo limpiar WordPress hackeado / infectado.

 

Recursos Web -> Cómo limpiar WordPress hackeado / infectado.

Parte 1 / 2


Parte 2 / 2


PRIMERO:

Cambio de clave Cpanel y FTP

*****************************************************************
1. Seguridad
*****************************************************************
Actualizar el wordpress entero borrando previamente toda la plataforma menos la plantilla, contenidos y pluggins.
Cambiar las claves de MySQL

*****************************************************************
2. Buscar plugin infectados manualmente
*****************************************************************
carpeta wp-content/plugins/ubh
carpeta wp-content/plugins/lou

*****************************************************************
3. Auto Actualización de Wordpress
*****************************************************************
define( 'WP_AUTO_UPDATE_CORE', true );
/* ¡Eso es todo, deja de editar! Feliz blogging */

*****************************************************************
4. Htaccess
*****************************************************************
Options -Indexes

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
#allow from 123.123.123.123
</Files>

# STRONG HTACCESS PROTECTION</code>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>

# disable directory browsing
Options All -Indexes

# protect wp-config.php
<files wp-config.php>
Order deny,allow
Deny from all
</files>

# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

# For AntiSpam Deny Access to No Referrer Requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
# END SECURE

*****************************************************************
5. robots.txt
*****************************************************************

#
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

User-Agent: Googlebot
Allow: /*.css$
Allow: /*.js$


*****************************************************************
6. Modificar mediante PHPMyAdmin tabla de usuarios y permisos
*****************************************************************
# Claves seguras: https://www.random.org/passwords/?num=1&len=14&format=html&rnd=new

 

DELETE FROM wp_users WHERE ID > 0;
DELETE FROM wp_usermeta WHERE user_id > 0;
INSERT INTO wp_users (ID, user_login, user_pass, user_nicename, user_email, user_registered, user_status, display_name) VALUES (1, 'adminweb', MD5("NUEVACLAVE"), 'Webmaster', 'EMAIL@EMAIL.COM', '2018-07-01 00:00:00', 0, 'Administrador');
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, 1, 'wp_capabilities', 'a:1:{s:13:"administrator";s:1:"1";}');
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, 1, 'wp_user_level', '10');
INSERT INTO wp_usermeta (umeta_id, user_id, meta_key, meta_value) VALUES (NULL, 1, 'rich_editing', 'true');

*****************************************************************
7. Verificar...
*****************************************************************

Antivirus en la computadora
Cambio de claves Cpanel / FTP
Verificar complementos en Chrome, Firefox, etc
Phishing
pluggins, wordpress o plantillas desactualizadas

plugin Recaptcha
plugin wordfence
pluggin Salt Shaker