WordPress Hacked by Medo
If you see your WordPress hacked by Medo, it can be a risky thing. Medo hacking is one of the most dangerous attacks which will turn the entire map of your website.
Some of the websites reported a huge amount of changes when there was a similar type of attack done on their website. So, if your website says WordPress Hacked by Medo, you will have to do a lot of things to make sure that your website is back to normal again. In this way, you can be safe and the website will be safe for all the visitors as well.
Let’s begin with the overview and then we will see the steps to fix the website.
Overview of WordPress Hacked by Medo
If you see that your website is hacked by Medo, you might notice many changes.
One of the users reported that all the usernames on their website were changed to admin. Further, all type of scanning was disabled and some of the security plugins were also deactivated. This is a common thing that attackers do.
The change of username is mostly to confuse you from changing the passwords. For example, if the attacker changes all the username, it will be harder for you to figure out which is the hacker and which is the normal user. In some cases, the attacker might also promote all the users to admin.
Although, their email won’t be active and their passwords would be changes. So, the users can’t log in to their account. On the other hand, it will confuse you as an admin as you will have no idea how you can fix this issue. If you are seeing something similar, there is something you can do to find the real username too. We will also be seeing the same thing.
Before we get into the main thing, we will first see how you can clean the website and make sure that the original website is back in your hands. This is going to be difficult but with the correct guidance, you can surely get back your website. So, there is nothing to worry about and this is not a thing that you should take lightly.
Backup and Restore
You can always look for the backup of the previous versions. If you have been in the website industry for a while, you will surely have a working backup of your website. You can simply restore that version of the website. When you restore the previous version of the website, you will have to make sure that it’s updated and free from attack.
In simpler words, you can restore the version and test the website properly to make sure that your website is secure and virus free. If there is any message such as WordPress Hacked by Medo or any similar, you will need to go a little backward and find the older version.
However, if you can’t find any version, don’t worry as we will surely see how you can fix the WordPress Hacked by Medo even if there is no backup.
Don’t forget to backup your current website before you start making the changes. In case, if we delete something, you can easily get it back from the main website. So, you can always have a backup.
Now, we will see how you can get back your website.
Email and Password
The first thing we will do is get the username and password. As we mentioned, the attacker might have changed your username and password as well. So, our first thing will be to recover that.
The question remains the same. If you don’t have access to your WordPress dashboard and the email has also been changed, how can you recover the email address and the password?
For that, we will be using cPanel and directly changing the password from the database. Once we do this, you can then log in to your website. Thereafter, you can also scan the website and do all the things.
Just open your cPanel and head over to PHPMyAdmin. When you head over to PHPMyAdmin, you can find the database of your WordPress website.
Inside it, you can the user’s table from the database. The name of the table will be users. So, it will be easier for you to find the table.
Once you find the table, you will have to take one username and then change the username from admin to your username. Now, you will have to click on the encryption and select MD5 from the list.
Thereafter, you can change the name of the text to your password. Type the password in the database table and then click on the Save button to complete the process. You can then log in with your username and password from the admin panel.
Don’t forget to remove all the admins when you are in your WordPress dashboard.
Scan the Website
Now, you can scan your website to see if there are any vulnerabilities on your website. In some cases, the scanning will be disabled if you are already using a WordPress plugin. You can either enable it by activating the plugin.
Even if you can’t activate the plugin, you can do the same thing with the cPanel virus scanner. Open your cPanel virus scanner and scan for the viruses.
You will just have to click on the “Scan Now” button and select “Entire Home Directory” from the list. Once you select the entire home directory, you can start the scan and wait till the process gets completed. It will take some time for the complete process to complete.
You can also exit the page. The scan will continue even if you close the tab as this is done on the server-side and not from your tab.
Further, you can also use a security plugin to scan the website. You can use Sucuri or Wordfence to scan the website. These are the best plugins that can scan the website and find the hardest vulnerabilities too. So, you can surely use them.
There is no harm in using a cPanel scanner and one of these plugins. However, you shouldn’t use two plugins at the same time. Instead, you can use one, deactivate it, and then you can use the second one if you want. Never use both plugins at the same time. The same applies to every single security plugin.
So, you can run the scan. Depending on the plugin, you can leave the tab or you can stay on the tab. You will have to find this thing yourself.
Fix the Files
You can then fix the files. To fix the files, you will have to click on the fix button and the plugin will fix all the files. The applies when you are using the cPanel virus scanner. You can also fix the files from there. There will be an option called “Quarantine” which you will have to click on. This will stop the malware from infected other files and your website will be safe.
Don’t forget to save the list of the files as we can surely do some of the things on it to make it better.
You can now replace all the file that you found in the list. You can easily get the original file from the plugin or theme directory of WordPress. A simple Google search will also get you the plugin zip file you need. Make sure you are downloading it from the trusted website only. You can get the file from wordpress.org. So, you can find the zip in the WordPress directory.
Now, you will also have to replace the core files as well. You can replace the core files after downloading the WordPress zip from the official website. You can extract the files, remove the wp-content folder, and then remove the wp-config.php file. Thereafter, you can upload the files in the main directory.
In this way, your website will be clean and free from attacks.
Should you Trust the Scan?
Now comes the main point, should you trust the scan?
What if there are no infected files and still your website was infected? Well, there are some chances that this might happen.
So, what’s the solution?
There are three things you can do here.
- Manually replace the core files
- Buy Premium version of Plugin
- Get the expert service
Manually Replace the Core files
You can replace the files manually. Usually, it’s the core files that have the problem. So, you can replace the core files and your website will be back to normal.
Further, you can also try to replace all the files of your plugins and themes. Just download the zip files and replace them one by one.
You can also check the database for unusual text. If you see all the entries as normal text but one of them is different, you will need to remove them as it might be the malware that is causing the issue.
Therefore, you will have to open the database by heading over to the PHPMyAdmin part and then check all the tables one by one. The most important tables that you will have to check are wp-options and users.
It is surely one of the most time-consuming things but if you want to save money, you will have to spend some time. You can choose this yourself. You can either buy the tool or service as we will see in the next sections. If you don’t want to spend money, you can still get things done easily by checking things manually.
Buy the Premium Plugin
You can surely buy the plugin if you want to keep your website secure and safe. The premium plugin will make sure that your website is secure and it will also increase the overall performance of the website. So, you can surely go with the premium plugin if you want. This is the mid-range option that you can go with. The previous option we saw will take more time. The next option we will see will be the easiest but it will cost you more than this.
Therefore, if you want to go with the mid-budget option. The premium plugin will better security features. You can go with Sucuri, Wordfence, or if you want better security, you can also go with iThemes Security. All of them are the best plugins you can use.
Get the Security Service
You can also go with the security service and they will monitor your website 24/7. The security service can also help you in removing the current vulnerabilities from your website. So, if the “Hacked by Medo” message is not going and you haven’t fixed the issue yet, you can surely get the WordPress security service. Make sure you tell them about the hacked website before you sign the contract.
Further, they will also help you in increasing performance. Most of the WordPress security services will also include maintenance services. The maintenance services are all about managing the technical side of your website on your behalf. So, there will be little to no issues you will face.
All you have to do is find the company and hire them to maintain your website. If your website includes transactions, you surely need to get it. This is to ensure the security of the users and make sure that all the transactions carried out are safe and secure. They will also increase the performance of your website.
To conclude, these are a couple of steps to follow if you see WordPress hacked by Medo. If nothing works, you can surely head over to the last one. It will surely help you in solving the issue. Most importantly, keep the security plugin installed even after the scanning is done and your website is clean. It’s highly recommended to have a backup of your website once it is cleaned. In this way, you can quickly restore it whenever you need it. It’s surely your choice whether you want to go with the premium plugin or WordPress security service.
How to Clean a Hacked WordPress Website using WP AOS?
WP AOS provides a risk-free WordPress malware removal service. 30 day money back guarantee, the most complete WordPress security plugin called iThemes Security Pro (worth $199 / year) + advanced security setup, and repeated hack protection for up to 1 year is included in the WordPress cleanup service. All of this has an industry best pricing – starting from
$222 / fixed website.
We value your time and thank you for reading our blog. So, we would like to show our appreciation by giving you an additional 10% discount on our malware removal service. Use coupon code WPAOSBLOG10 at the checkout.
WordPress Hacked? Malware Removal Service
Get your WordPress website fixed today.