Site has been hacked or displays a malware warning
Obox and Themeforest take security and code quality very seriously. Our files are always scanned before they are made publicly available. If you find evidence of malware inside a zipped theme downloaded directly from us, GitHub or Themeforest, please notify us immediately. In all other cases, the attack likely happened at your host level, is due to an infected plugin, or the file you have came from an unauthorized source.
If you have been hacked:
- If your host was hacked, consider changing hosts
- Contact your host to ask what they can help you with. In most cases, hosts can scan your web space for viruses or malware and ensure the server you are on has not been affected. Most importantly, they can tell you if the database has been infected or not.
- Connect to your web space via FTP and download the wp-content/uploads folder to your hard-disk, then delete any files that are not PNG, JPG or GIF files. Do not backup themes or plugins – you will need to replace these with fresh valid versions as the ones on your server are likely hacked or contain the vulnerability.
- Delete the entire contents of your domain root(where WordPress is installed), including your WordPress install.
- In your hosting control panel, create a new database following these secure WordPress Install instructions.
- Download a fresh copy of WordPress from wordpress.org and upload the content of the file to your web space.
- Install Layers and your plugins from scratch using fresh downloads or installs from Plugins > Add New and only install what you will activate. If you have a backup export of your content, you may import it once WooCommerce is reconfigured(if used) under Tools > Import.
- Layers pages and widgets can be restored from your backups (which you are making regularly right?)
- Install some security plugins to help keep your site secure in the future. A few we can recommend are:
Preventing Hacks and Attacks
Reduce your chances of facing a do-over by hardening WordPress and following these simple steps:
- Never download themes from an unauthorized source, library or torrent site. Layers only authorizes the theme and official extensions to be downloaded from layerswp.com, GitHub or Themeforest.
- Use difficult passwords for your database, hosting control panel and WordPress
- Always perform updates to themes, plugins and WordPress when available
- Check your comments and users are regularly and delete any spam or suspicious activity
- Install a security plugin and consider an anti-spam plugin such as Akismet, User Spam Remover or Spam Free WordPress
- Backup your site! WordPress has several plugins to help automate backups. For detailed advice, see Backup Your Content
Did you know?
Our friends at Jetpack are doing some incredible work to improve the WordPress experience. Check out Jetpack and improve your site's security, speed and reliability.