WordPress Hacked: How To Fix Hacked by MR GREEN

Have your website’s security measures failed you and you have been “hacked by Mr. Green”? Unfortunately, it is one of the most common hacks out there. Every day thousands of WordPress sites are affected and businesses worldwide suffer losses due to this hack. We will look at what it means to be “hacked by Mr. Green”, how to prevent repeated hacking attempts, and why it is essential to have a long-term maintenance plan in place.

What does “Hacked by Mr. Green” mean?

In essence, “hacked by Mr. Green” is an automated hack. It exploits vulnerabilities in the WordPress database, themes, and plugins to gain access to your website. Sometimes, this hack is not even used to steal information, but just to destroy websites and their corresponding information. Who knows the hacker’s mindset anyways? But let us not examine the psychology behind a hacker’s intent and focus on the task at hand. “Hacked by Mr. Green” targets multiple websites at the same time based upon a certain vulnerability in WordPress. It does not target your website specifically but targets every website with the same weakness. So it is imperative to understand how specifically your website’s security was breached to find and delete malicious code.

Why Was Your Website “Hacked by Mr. Green”?

As we just mentioned, finding the root cause of the security breach is the beginning of the malware removal process. A seasoned developer could ascertain the issue just by looking at the nature of the hack itself, but for a beginner in web development, such a task might not be so easy to accomplish even with third-party help. “Hacked by Mr. Green” is not a comprehensive hack in itself, but it could hide its code behind multiple layers of the original code thus making it harder to detect. Most likely your website was targeted due to one of the following reasons:

• Outdated WordPress version, theme, plugins, et cetera – WordPress is the leading CMS with a 60.8 % market share, in return, becoming the main target of hackers. Keeping everything WordPress-related up to date ensures that your website will implement the latest security updates. Every new update fixes the security breaches in previous versions. So it is rather likely that your website was hacked due to outdated software.
• Pirated and nulled plugins – In general, it is an incredibly bad practice to use pirated plugins on your website. You are just begging to get your website hacked, as you can never know who has modified the source code. The same goes for nulled plugins. Even if the seller seems legitimate, avoid plugins of this type as it is certain that the code was tweaked somewhere in between. Trust only the original authors and their licensed products.
• Weak password – Your wp-admin login details might have an insecure password. You might have used only lowercase letters in your password or maybe the number of characters was relatively small. Make sure to include numbers, uppercase letters, lowercase letters, and symbols in your password. The latest research shows that a password with 10 characters (one that uses every possible character type) takes 5 years to hack, but a password with 11 characters needs 400 years. Do not take password creation lightly!
• Insecure web hosting service – sometimes the fault can be laid on the website hosting service you use. Their servers could use outdated security measures, in return, putting every piece of data stored there at risk. Not always cheapest is the best and the same can be said about web hosting providers. Before committing to a particular service, it is important to check whether or not they seem reliable and can they make sure that your data will be continuously protected.

In essence, most likely one of these reasons is responsible for being “hacked by Mr. Green”. Hackers thrive on exploiting vulnerabilities and “Mr. Green” is no different.

Restoring Website from a Backup

Every website should have a backup. Even if we take hackers out of the equation, having a regular backup plan in place can only lead to positive results. In web development, mistakes happen and things can go wrong. Just a simple addition in code can ruin your website and render it inaccessible. Thankfully, a backup can restore your website in a matter of seconds. It includes core files, theme files, content assets, and the full database so you will not need to worry about losing any data associated with your website.

Be careful with your backup though! Do not keep it in the same directory as your WordPress files. Then it will get hacked at the same time as your main website. You should move the backup .zip file to an off-site location so it cannot be accessed via WordPress. Also, note that backups should not be saved on the same server as your main website. As we mentioned before, if your web hosting service gets hacked, then all data on the servers will be vulnerable too.

Keep in mind that a backup can get infected too. For instance, “hacked by Mr. Green” might not destroy your website instantly, but only after a time. Sometimes malicious code takes time to do harm and in this time window, the backup could have been updated thus allowing the hack to get embedded in your backup too. If such a thing happens, then you will need to cleanse the backup too and delete the faulty code accordingly.

Scanning a Website

To remove a hack, we first must identify the root cause of the security breach and locate where precisely the malicious code is located. If you are not a coding virtuoso, then accomplishing this task on your own is almost impossible. Hacks are devious in their nature and like to hide behind layers and layers of code. Even the simplest of hacks can take hours to find. The same can be said for “hacked by Mr. Green”. A rather simple code per se, but obscured and camouflaged in the strangest of places.

So, an average WordPress user should consider using plugins for this task. Nowadays there are numerous advanced scanning tools available on the marketplace. Let us take a look at some that you might use:

• Sucuri SiteCheck – One of the most popular security scanners out there. Established in 2008, it has been a staple in malware detection for quite some time now. The team behind Sucuri will scan your website and point out the mischievous code. Take note that even though your website will be scanned for free, it will not be fixed. To repair your website, you will need to purchase the Sucuri Platform plan.
• WPScan – In essence, it is a free, non-commercial CLI tool for testing the security of a website. Widely used by developers worldwide due to its easy-to-use nature. A most helpful tool for detecting potential “cracks” in your website’s security. WPScan uses a vast database of probable WordPress vulnerabilities that compares it to your website’s code and determines whether or not there is a potential safety hazard.
• WordFence – The leader in WordPress security. The plugin itself has more than 4 million active downloads and it is supported daily by the team behind it. Their state-of-the-art security platform will detect malicious code almost instantly. If you want to receive premium support though, then you will have to purchase one of the maintenance plans they offer. The pricing is rather steep, so consider carefully which plan better suits your needs.
• iThemes Security Pro – A plugin with considerable prowess in malware detection and removal. The company employs a friendly pricing model so their customers are sure to find the right plan for their websites. But just as with all other security plugins, dedicated premium support and advanced security features are only available to higher-end packages. Nevertheless, the plugin is an invaluable tool in dealing with silly hackers like Mr. Green.

Keep in mind that most of the security plugins only detect the malicious code not erase it. Deletion will still need to be done manually. So it is up to you to decide if you are knowledgeable enough to tinker with core and theme files. It is a common misconception that hacks like “hacked by Mr. Green” are removed by scanner plugins. They are the most useful tools indeed, but they do not cleanse the infected parts of your website. The threats are deleted by an expert team of web security engineers that assess the severity of damage done and implement the necessary measures to get your site back on track. So it brings us to the next point – the WordPress maintenance plan.

“Hacked by Mr. Green” and WordPress Maintenance Plan

How to safeguard your precious website from future hacking attempts? Well, the answer is simple – purchase a WordPress website maintenance plan. There is a common misconception circulating among WordPress users that once a website has been created and the development is finalized, then you will not have to worry about it anymore. It could not be further from the truth. Every website demands continuous care. As we previously mentioned, every aspect of your WordPress website needs to be regularly updated and useless info needs to be purged. A website demands attention and care so it would work properly. You routinely take care of your car, why would you not do the same for your website?

If you employ a WordPress maintenance plan, then you can forgo all worries about your website. No more “hacked by Mr. Green”. A dedicated team of WordPress experts will systematically monitor your website, update it accordingly, improve its performance, provide you with reports, and take care of any potential security hazards. If an issue will occur, then it will be solved almost instantly. It could be argued, that the success of a website is highly reliant on a proper maintenance plan. May I suggest you our WPAOS maintenance plan?

WPAOS Maintenance Plan and Malware Removal

Let us worry about everything WordPress-related while you focus fully on your business. We offer several maintenance packages tailored to our client’s needs. No matter the scope of the business, we are here to help and provide you with answers where there are none. We have been in the WordPress business for more than 10 years, so there is no case we have not tackled before. We provide 24/7 uptime monitoring, regular backups, complete malware removal, and numerous other services that will improve the performance and security of your website. You can a look at the detailed description here.

If you are unsure about committing to a long-term maintenance plan, we can offer you our one-time malware removal service so you can get rid of the pesky “hacked by Mr. Green”. We guarantee to remove any malware within 4 hours. Additionally, we will provide you with a lifetime license of the aforementioned iThemes Security Pro plugin. We will set you up with one of the most powerful paid security tools out there for free. No hack is safe from us, even Mr. Green quivers in fear from our malware removal service.

Final Words

If you have been “hacked by Mr. Green”, then most likely your website was not maintained properly. You should not disregard the well-being of your website and keep it healthy at all times. Thankfully, it can all be remedied by acquiring a WordPress maintenance plan. A website is an online echo of your corporate image and needs to be treated as such, so let professionals preserve the integrity of your website. We wish you a hacker-free journey through the world of WordPress web development and stay tuned for more articles!