Why do hackers attack websites?
The growth in the number of created websites and digitized businesses leads to an increasing number of hacker attacks. The goal of hacker attacks on websites is mostly to steal data such as bank account information or to increase traffic on illegal websites by redirecting them. (Instruction adapted to the WordPress system)
An example of the content that an infected website redirects to
How to check if your website is infected? (2 methods)
When checking whether your website is infected with a virus, open it in incognito mode or log out of the admin area of the website and delete cookies.
Right-clicking on the link of your home page will open a menu in which you need to click on “Open in anonymous mode” or “Open in private mode”.
On a web page opened in incognito mode, try clicking on a few other sub-pages eg About Us, Contact. If your website is infected, instead of the About us page, a prize game or survey that is not part of your website.
By scanning the website with a free basic virus detection tool. https://sitecheck.sucuri.net/
Copy the link of your website and paste it in the field where it says example.com and click on the “Scan website” button.
If your website is infected, after scanning, the information “Anomaly behavior detected (possible malware)” will be displayed.
How to fix website infected with redirect virus? (8 steps)
- Open your website’s file manager (FTP), open the /wp-content/plugins folder
- Find the folder named “zend-fonts-wp” and delete it – Once you have deleted the folder, your website will stop redirecting
- Delete cookies from your browser (e.g. Chrome, Firefox) – Click on the small padlock to the left of the url of your website, click on Cookies and click on the button Remove or Delete until you delete all cookies
- Open phpMyAdmin or Adminer and log in to your website’s database – You can find your database login information in the wp-config.php file which is located in the home folder of the website.
- In the database, find the tables “wusers_inputs” and “wzen_time_table” and then delete them – The virus creates records in the database so that the hacker can access your website again and again upload the virus, so this step is extremely important!
- Change the passwords of all Administrator and Editor accounts of your website – Visit link-of-your-website.com/wp-admin/users.php and for each administrator / editor click Edit > Set a new password and Sign out on all other devices > Update profile
- Upgrade all plugins, themes and WordPress version of your website!
- (Optional) Install the Sucuri or Wordfence plugin and scan the website.
The most common reason for a hacked website is to use the basic maintenance pack or no maintenance pack which leads to outdated plugins, theme and wordpress version.