如何清理被黑的 wordpress 网站 [英] How to clean a hacked wordpress site

问题描述

我在 wordpress 中开发了一个相对简单的网站，实际上，它驻留在我的主要主机的子域中，因为它仍在建设中.我不确定我是否有一个健康的备份，但昨天我看到有人入侵了，下面的消息出现在每个页面的上部

I have developed a relative simple website in wordpress and actually, it resides in a subdomain of my primary host as it's still under construction. I am not sure if I have a healthy back up of it, but yesterday I saw that someone has compromisedm, below message is appearing on the upper part of every page

无法连接到数据库服务器.无法找到数据库 pssamurai1_ratta.应用程序出现意外问题.SELECT global_code FROM ubh_settings WHERE setting_id = '1';"

"Couldn't connect to database server.Couldn't find database pssamurai1_ratta.An unexpected problem has occured with the application. SELECT global_code FROM ubh_settings WHERE setting_id = '1';"

显然有人在某处插入了一些代码试图连接到该数据库.我一直在搜索我的文件，但直到现在都没有找到(header.php、index.php、functions.php、wp-config.php 等)

Clearly someone has inserted some code somewhere trying to connect to that database. I have been searching my file but found nothing until now (header.php, index.php, functions.php, wp-config.php etc)

有没有人有这方面的经验，最后一个选项是替换我的 wordpress 文件夹中托管的每个文件，希望数据库本身是健康的.我需要关于在哪里查找已被触及的受感染文件的任何想法，然后我考虑使用一些安全插件.

Has anyone had any experience with this, the last option would be replacing every single file hosted of my wordpress folder, hoping the database itself is healthy. I need any ideas as to where to look for the compromised files that have been touched and than later I am thinking to use some security plugins.

推荐答案

由于它是一个简单的网站，所以很容易恢复.

Since it's a simple website, it can be easy to recover.

我建议的第一件事是下载数据库的副本(以防您有很多内容要恢复)

The first thing I'll recommend is to download a copy of the database (in case you have much content to recover)

寻找不是在您制作的主题中编写的代码(也适用于插件).安装 WordPress 的新副本并添加您正在开发的主题.添加插件的新副本.

Look for codes that you didn't write in the theme you made(also applies to plugins). Install a fresh copy of WordPress and add the theme you were developing. Add fresh copies of plugins.

你应该没问题.也许您可以开始使用某种版本控制，例如 Git(Bitbucket 有免费的私有存储库).

You should be okay with that. Maybe you can start using some kind of versioning like Git (Bitbucket has free private repositories).

还要在 WordPress 插件存储库中查找与安全相关的插件.

Also look for security-related plugins in the WordPress plugins repository.

这篇关于如何清理被黑的 wordpress 网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！