My site was hacked, here’s how I fixed it…Sort Of

Back in November of 2018, I search Site Studio in Google only to realize that Google had slapped the “this site may be hacked” label on my site listing. It's a gut-wrenching feeling to see that label.

I've been hacked before in my 13+ years of experience with WordPress and I've always been able to fix it and kick out the culprit.

But this one was different

Usually my firewall would go off when I visit my site, or I'd get a notification from my Antivirus tool installed on my site but everything was all clear. So at first I couldn't even pin point what was compromised .

Eventually, with the help of the Google “this site may be hacked” link, which pointed out a subdirectory I had never seen before. The subdirectory was a whole other site that was attached to my domain. It was a pharmaceutical site selling all sorts of suspicious products for “male” enhancement…It was viagra pills people…among other things.

I mean it had everything, product reviews, add to cart, checkout etc. A full blown eCommerce site injected into this subdirectory.

This was not a WordPress hack

I was baffled by this, I check the root folders of my site and that directory wasn't there. I reached out to my host Cloudways who are very knowledgeable and helpful with WordPress problems.

There response made me concern to say the list.

They first told me to that They weren't even sure this was a WordPress hack, secondly, that this was a very compromising hack. And it was, I went a month back restoring from my backups and it was still there, I removed the domain name and used the default domain…still there.

Now I'm worried

I don't know what's causing the issue nor to I have time to figure out how to remove it, so I took the burn the world approach. I exported my posts and then DELETED THE ENTIRE SITE.

Yeah I know, that's a terrible approach but I was frustrated, I deployed a whole new site, deleted the stock theme I was using, built my own theme, and deleted half the plugins I was using.

Additionally, I also placed the site behind a Cloudflare's paid firewall service.

In the end, I never figured out what caused the hack and my quick deletion method didn't leave any room to back up other essential plugins I was using on my site such as Pretty Links, which was storing hundreds of affiliate links. This left me with dead links all over my website, which I'm currenly having to fix by going into each post.

I'm also now recovering a bunch of posts that lost some things during the transfer, hence why there are so many dated posts on the homepage.

I have a bunch of new posts coming in the next couple weeks, a lot of which are based on my other business I've been running.

No lessons

I wish there was a lesson to be learned here but there isn't and I' not even sure If I'm still at risk. The only difference this time around is that I now have a Malware removal service, which I should've had anyway since I manage my own multiple sites and clients who pay me the big bucks to keep their websites in tip-top shape.

Site Studio will be back to full strength is a couple weeks so stay tuned.

Glen out.