WordPress Hacked: How-To Fix Hacked by MR GREEN
It was a normal day and you were visiting your website as usual. Out of nowhere, you see that your website title is changed to “Hacked by MR GREEN”. It becomes quite fearsome, doesn’t it? Don’t worry, you are not the only one facing this problem. There are thousands of WordPress websites hacked by MR GREEN. This is due to the problem in one of the files on your WordPress installation. So, there is no need to worry about it. Probably, it was not attacked by you. It is a mass attack where all the vulnerable website’s names are changed.
Overview on how to fix hacked by MR GREEN
We will first see the overview on how to fix hacked by MR GREEN error. The guide will cover the following things
- How to remove the hacked by MR GREEN
- Scanning your website for vulnerabilities and malicious code which is causing the issue
- We will then learn how to fix hacked by MR GREEN on your WordPress website.
Most people face one of the following problems. So, if you are facing one of them, you are in the right place.
- You don’t know how to remove hacked by MR GREEN error.
- Even if you remove hacked by MR GREEN, it reappears automatically.
- You think your website is hacked
- Google is showing “This site may be hacked”
- You find suspicious activities on your website
- Your website is penalized by Google due to this
- Google shows the wrong results even after you fix hacked by MR GREEN.
So, without wasting more time in the overview. We will begin the article on how to fix the issue. There are certain things that you will need to keep an eye on. We will be seeing all of them one by one.
Why is your WordPress hacked?
Let’s see some facts on why your WordPress got hacked. This is necessary as when you know how you got hacked, you can secure your website back. Therefore, it is necessary to know how your website got hacked. Usually, it is one of the following reasons for getting hacked.
- You are not updating your WordPress version, theme, plugins, etc. There are many security vulnerabilities found on WordPress regularly. If you don’t update your WordPress website, you might face some of the problems. A new update is released by the provider every time they find a security issue. Therefore, it is necessary to update WordPress whenever there is an update.
- The next reason why this might happen is due to the nulled or pirated plugins. Never use the plugins or themes from an unknown source. Make sure they are authentic and from a reliable source. In this way, it will be safe to use the plugin or theme. Also, it is a confirmation that the plugin or theme is safe to use.
- Make sure you use a strong password.
- Using weak or insecure web hosting might also invite this problem. Therefore, having a secure web hosting is another important part.
These are some of the popular reasons why your website might be hacked. So, your first job is to scan and find the vulnerable files. Before we do that, there is one small way using which you can secure your website again. It might not work for everyone but it is worth a try.
Restore from the backup
The procedure to get your back site to normal is a long one. As you will have to find the malicious code first and then you will have to fix the files. Thereafter, you will need to remove the hacked by MR GREEN from the website title. Once you do all the procedures, you can get your website back. However, there is one easy way to do it. That is you can simply restore the website from the backup.
If you have a backup of your website, you can simply restore the backup from one of the websites. All you need to do is look for the backup files. Now, try to back up the most recent backup before you made the changes on your website. For instance, if you added a theme or a plugin on Wednesday, try to restore the backup of Tuesday. In this way, you will get the fresh version of the website which is error-free.
If you are using softaculous, you can directly restore the version from there. It is one of the easiest ways to do it. All you have to do is head over to all installations and then you need to select the website that you want the backup for. Inside it, you will see the option to restore your backup. Just click on it and it will show you all the files that can be restored. You can restore the website and you are all set.
It is still recommended that you check the website and scan it for the security of the website. It will give you the perfect idea of whether your website is vulnerable.
If this doesn’t work, you can continue this article and we will see several other ways to do it.
Create a backup
Before we go into the whole steps to fix the websites, we will first take the backup of the website. Therefore, just in case, something goes wrong, we can restore the original website without any issues.
So, you will have to take the backup of your entire website. This will include core files, theme files, content, and database too. You can either backup using cPanel backup manager or you can use one of the plugins to do the same thing. Both of them work well. The main goal here sits o create a backup of a complete WordPress installation.
Don’t keep the backup folder in the same directory as WordPress. You can just move the backup zip file outside of your website’s directory. For instance, if your website is example.com, the directory name would also be the same. So, your goal is to move it outside. In this way, your backup files will be safe and won’t be affected.
Once you do all these things, you are all set to scan your website for the virus and malware. You can’t just remove it as it will reappear again. Therefore, you will have to scan the website for the malware and remove the infected code. So, in the next step, we will be scanning our website. This is where we will find which code is misbehaving and the reason your WordPress website is showing “Hacked by MR GREEN” in the header and the homepage.
Scanning your website
If you remove hacked by MR GREEN at first, it will still reappear on your website. Therefore, we will first fix the malicious code and then we will remove the title.
This a low-level risk and hence, you can easily fix the issue with the plugin scan itself. We will not need more scans. Just one deep scan can find out all the errors on your website and can remove it with ease.
There are various WordPress security plugins available that will do your work here. The security plugin will scan the entire website and will tell you about the infected files.
Here are some of the plugins that you can use:
- Sucuri sitescan
All you have to do is install one of the plugins from the given list and run a scan. Please note that you will have to install only one plugin from the list. Having more than one plugin might conflict with each other and will give you the wrong results. Hence, only use one the plugin.
There will be an option to run a scan. All you have to do is run a scan on the website. You are halfway there. It will give you the list of infected files. There will also be an option to fix the files. Now, you can fix the files from there and you are all set to go.
Furthermore, you can also scan it using the cPanel virus scanner. If you are not using cPanel, your hosting provides would give you one of the virus scanners. You can use that tool instead of the virus scanner. Alternatively, you can contact your hosting provider and ask for help.
You will still see hacked by MR GREEN on the website. So, here is how you can remove it.
How to remove Hacked by MR GREEN from WordPress website?
Now, your website is cleaned. In other words, there are no affected files here. However, the name will still not be gone yet. Therefore, you will have to take some steps to remove the name.
For the people who have experience in WordPress can easily do it. However, if you are new to WordPress, you might be afraid.
So, here are the steps that you need to follow if you want to remove the name.
- In most cases, the name is written in the title of the website. Therefore, you can easily fix this by going to Theme > Customize > Site Identity. Write a new name over there.
- They might have also changed the entire homepage. So, you can go to Theme > Customize > Homepage. Inside it, you can just change the name of the page.
- It could also be inserted in the header file. You can first check new plugins. If you find something strange, deactivate it. Further, you can check by deactivating all the plugin and then do the same thing with the theme. You can easily know whether the problem is with the theme or plugin.
- The last step would be to jump in the code and find the file. Normally, you can use a plugin such as “search and replace” and find the file where the code is inserted. All you have to do is run a dry run with the exact text that you see. You will get the list of files where the code is seen. You can then remove the code directly from there. Head over to the code and just replace the text with the one you want. The other option will replace the file with the original one.
Reassuring the safety
Now, your website is safe and secure. All you have to do is check if the website is safe and secure. For that, we will run some safety measures to ensure the safety and remove the backdoors (if any).
- The first step here would be to run another scan just like we did in the first step.
- You will then have to replace the core files. Go to WordPress dashboard and reinstall WordPress.
- Regenerate .htaaccess by going to WordPress and then go to Settings > Permalinks. Just hit the save button thereafter. It will regenerate the .htaccess file and it will safeguard your website.
- Remove the unwanted files/plugins
- Install a security plugin
- Shift to a secure web hosting
- If you are running an online business with WordPress, you should get WordPress maintenance service as it will keep your website safe. Along with this, it also provides many features.
- The next would be to change all the passwords. Tell all the admins on your website to do the same. Also, go to Users > All users and remove the unknown or new admins. You never know if one of them would be adding the things.
- If you are using a pirated/nulled theme/plugin, you should replace it with the original one. It doesn’t cost much and you can recover it easily by your business.
To conclude, this is how you can fix hacked by MR GREEN website. Don’t worry as this is a mass attack and it isn’t done to you alone. The malicious code on your website would be doing all the things. So, as long as you take action as soon as possible, you are safe to go. Also, make sure you are following all the security tips that we gave in the last. It will keep your website safe and secure.