Your Dedicated Partner for All Things WordPress

WordPress Hacked: How to Fix .bt WordPress Hack

Table of Contents

WordPress hacks are becoming common nowadays. There are many types of having done for various reasons. All of them have a pattern that they follow. Among them, one of the most famous patterns is .bt WordPress hack. It is a file extension using which the payload is executed. For the people who don’t know, the payload is a piece of code that executed the hacking functions and does the damage by itself. So, we will have to remove the payload file too. It is saved in the .bt extension. It might look too confusing right now. So, we will do a simple thing that is we will break down the entire topic into various steps and tell you how to fix .bt WordPress hack.

The reasons for .bt WordPress hack

There are many reasons why WordPress websites are hacked. Particularly talking about .bt WordPress hack also has many reasons. We will see some of the common reasons why this happens.

Urgent WordPress Assistance

Facing a critical WordPress issue? Don’t panic. Our Emergency Service is here to swiftly resolve any urgent website problems.

  • Most of the time it is due to the outdated version of your WordPress website, themes, or plugins. So, make sure you update it regularly.
  • Malicious themes or code, basic themes, and plugins from the known are the reasons why a website might get hacked. So, don’t use pirated themes and plugins for your WordPress website.
  • Insecure web hosting or weak passwords.

These are the most common reasons why your WordPress website might be hacked.

So, make sure you fix all these things.

Moving on, now we will see how you can fix .bt WordPress hack.

Scanning your website

Before trying out the manual way, we will first try the scanner which might give you the results you want. However, to fix the .bt WordPress hack, you might want to use the manual way more than the automated way. However, you can surely give it a try.

There are two main ways to scan a website for the virus and malware. You can either use any one of them.

  1. WordPress scan plugins
  2. Virus scanner by cPanel
  3. Online scanners

WordPress scanner plugins

WordPress has many scanner plugins which you can use to find out the vulnerabilities in your website. This is one of the easiest ways you can find out the vulnerabilities in your website.

All you need to do is install one of the security plugins and scan the website. It will scan the entire website and point out the vulnerabilities in your website. It will also have an option to fix those files. The security plugins will also find the .bt hacked files.

There are many plugins that you can use. Some fo the famous ones are Malcare, Sucuri, iThemes security, etc. Just make sure you only install one of the plugins and not more than one. If you want to try out all the plugins, you can deactivate one plugin and then activate the other one.

Further, you can keep the plugin as it is after you scan the website. It will monitor your website and notify you whenever it notices unusual activities. It will act as a firewall.

Virus scanner by cPanel

The next method you can use is the virus scanner. You can use the virus scanner provided by cPanel. Just head over to the cPanel and click on the virus scanner tool. Thereafter, you will have to select the “Entire home directory” option. It will scan your entire home directory which includes all the websites.

When a website is affected by the malicious code, there are chances that it will affect all the websites in your server or the hosting panel. Therefore, it is always a better option to take precautions. All you have to do is click one button. So, you can scan the entire home directory and wait till the scan is completed.

Once the scan is completed, you are all set to go to the next step. It will show you all the files that are infected. All you need to do is just hit the quarantine option and the files will be safe. So, in this way, you can fix the files.

Instant WordPress Support

Get immediate assistance for your WordPress website with our on-demand support services.

Online scanners

Now, the last technique that you can use to scan and find out the virus is by online scanners. Just like we did with the plugin and virus scanner, you can also do the entire thing with the online scanners which are also known as web scanners. It will scan your website from the web itself and will give you the information on the exploits.

Some of the popular tools you can use are VirusTotal, Sucuri SiteCheck, etc. These tools will give you the security issues. Therefore, you can also run a scan using one of these tools and see if there are any security issues. Online tools have some limits. So, you can’t expect much from the online scanners.

You can also use Google Console to check how Google checks your website. It will tell you about the infected files. You can then fix those files later on.

Where .bt virus is found?

Now, let’s talk about some of the important locations where you might find the .bt virus. Here are some of the commons files where you might find the virus. Here are some of the files that you can check even after scanning the entire website.

  • wp-load.php
  • wp-settings.php
  • /wp-includes/functions.php
  • /wp-content/themes/<your theme>/functions.php

So, you need to check these locations before you make any changes. The best way would be replacing those files with the original files. All you need to do is download the source file from the main source. You will then have to replace the files.

Download the file from the main source. Here, you will get the zip file. Now, you will have to look for the file that is affected. Just head over to the location in the zip file and you will get it. Now, your next task is to replace the file.

Before you replace the file, make sure you have the backup of the file. You will need the backup if something goes wrong.

Once you take the backup, you can just delete the file and upload the new file. In this way, you can replace all the necessary files and you are done.

This small procedure will clean the files and will give you a fresh new WordPress. However, we can’t be sure that the .bt virus is gone. Therefore, you will have to take another step to clean the website.

We will now try to locate the .bt virus file and see if there are any more infected files that you should worry about or not. So, the next step will include how to find .bt files.

How to find .bt files?

First, let’s talk more about the extension. The infected files that we are going to find here are either with the .bt extension or they end up with .r extension. Both fo these extensions are dangerous and might damage your website. Therefore, you will need to take the steps and fix these files as soon as possible.

We will see how you can find all the files with the same extensions easily. For that, we will use SSH to find all the files.

So, first of all, you will have to open the SSH. Once you are there, your next step is to search for the files. We will use a command to find all the files. Therefore, you will need to run the following command in your SSH.

find . -name ‘*.bt’ -print

It will find all the files with the .bt extension. The above command works perfectly well if your website is mildly affected. However, if your website is affected more, you will have to run and advanced scan. For that, we will run another code.

find . -name “*.php” -exec grep ” $ea = ‘_shaesx_’; $ay = ‘get_data_ya’; $ae = ‘decode’;”‘{}’; -print &> list.txt

The code will give you a complete list of the files that might be infected. Your next step will be to fix all of the files. So, we will continue the steps where we will see the steps to fix them.

Fixing the files

Now, you need to fix the files. You can use the same above given technique to fix the files. You can either replace the infected files with the original one or you have another option here you can fix the files manually.

To fix the files manually, all you have to do is open the file and look for the encrypted code online. The code will look different from the usual code and you will come to know it easily. It will just be a bunch of letters that make no sense. So, you can easily remove the code. Make sure you have the backup of the file. So, just in case, you deleted the important code, you could just restore the backup file easily. In this way, your website will be safe and you won’t lose any data.

You can also run a scan to find the list of the files. If you find the files with .bt extensions, you can simply remove those files. These files do not have any usage and it is safe to remove to those files.

In this way, you can secure your website again. Now, your next job is to make your website secure. Therefore, your website won’t get hacked again. For that, you will need to take some steps. We will now see the steps you should take to secure your website and maintain the same security.

Please note that you need to fix your website with the above-given technique first. This will make sure that your current website is not affected. If your current website is not affected, you can secure your website.

Securing your website

These tips will come handy when you want to secure your website from any type of hack. Whether it is .bt hack or any other, these tips will save you from all the stress of WordPress getting hacked. Therefore, you need to make sure that you follow all the tips.

  • Always use the updated version. It just takes one click to update the WordPress version, themes, or plugins. So, whenever you find any update, you need to update it. There are various security issues in the outed version.
  • Never use pirated or nulled software, theme, or plugin. It might just ruin your website. It is better to use a lite version instead of using these. It doesn’t cost more to purchase a valid license. So, you can always purchase a new version easily.
  • Use strong password
  • Always have a security plugin active. It will monitor your website and will act as a firewall to your website. Therefore, always have a security plugin. There are many free plugins, you can try out anyone you like. All of them work similarly.
  • The next thing you need to do is to use a secure hosting.
  • You will also have to make sure that you take the backup of all your hosting files. In this way, you can secure the WordPress website. In case, something goes wrong, you can restore the backup whenever you want. It is recommended that you take the backups regularly. So, you can restore the most recent version easily and quickly.

Follow all these tips and your website will be secure and safe.

Final words

To conclude, this was all about how you can fix .bt WordPress hack easily. Lastly, you need to make sure that you scan the website again. This will tell you whether you have successfully removed the virus or not. Further, you need to take the backup of your website as soon as you complete your work. Also, install a security plugin that will monitor the website all the time. That’s it, if you follow all the tips given here, your website will be secure and won’t get hacked easily. Do not forget to follow all the security tips given at the end of the article.

How to Clean a Hacked WordPress Website using WPServices?

WPServices provides a risk-free WordPress malware removal service. 30 day money back guarantee, the most complete WordPress security plugin called iThemes Security Pro (worth $199 / year) + advanced security setup, and repeated hack protection for up to 1 year is included in the WordPress cleanup service. All of this has an industry best pricing – starting from / fixed website.

We value your time and thank you for reading our blog. So, we would like to show our appreciation by giving you an additional 10% discount on our malware removal service. Use coupon code WPAOSBLOG10 at the checkout.

Tailored WordPress Solutions

Elevate your online presence with our custom WordPress development services.

How to get started?

Learn more

WordPress Hacked?

Get your WordPress website fixed today!

Get Started

WordPress Maintenance

Save 33% with our Annual pricing plan.

Get Started

Coupon Code Applied!

Take your time and continue browsing our services.

Alexey Seryapin
Founder of WPServices