As of February 9, 2017, over 1 million pages have recently shown up in Google search results with messages such as “Hacked By MuhmadEmad” or “hacked by NG689Skw”.
Website owners will be happy to learn that the websites are more or less defaced and the fix is fairly easy and actionable advice is in this article.
How many WordPress posts have been defaced?
The “hackers” (and I hesitate to use that term) have defaced over 1,000,000 WordPress webpages. Actually, what has been defaced are “posts” and not “pages”.
As of February 9, 2017, some exact numbers are below, at least according to Google Search Results.
Please note, this is the number of pages in Google search results. The actual number of domains/websites hacked may be much lower.
Here is a chart with the top 10 defacement messages:
Here are 17 of the most common defacement messages:
- Hacked By MuhmadEmad – 444,000
- By SA3D HaCk3D – 259,000
- hacked by NG689Skw – 245,000
- hacked by BALA SNIPER – 139,000
- Hacked By TheWayEnd – 119,000
- Hacked By GeNErAL – 87,000
- HaCkEd By RxR HaCkEr – 65,600
- Hacked by White HAt Hacker – 62,100
- Hacked By HolaKo – 51,400
- Hacked By XwoLfTn – 47,300
- HaCkeD By Dr.Silnt HilL – 43,300
- hacked By Fallag Gassrini – 25,900
- Hacked By W4l3xzy3 – 17,500
- Hacked By D.R.S Dz Team – 12,700
- hacked by 3needan – 6,190
- Hacked By Mr Secret – 4,220
- Hacked By An0n 3xPloiTeR – 3,010
The “hacked by” text varies depending on which attacker hacked your site.
Is my WordPress website ruined?
Lucky for you, the hack simply targets websites which have no been upgraded to WordPress Version 4.7.2, and the attackers simply edit WordPress posts and change titles, at least in most cases. However, left unrepaired, black hat SEO practitioners could insert code, text, and/or links in to your posts.
Some hacks completely mess up the WordPress database, deliver malware to website visitors, or are used as bots in larger scale attacks. In this case, the solution is fairly simple.
How to fix and repair your WordPress website
The steps to repair this are relatively simple, and there are only two simple steps:
- Log in to your site and upgrade to WordPress Version 4.7.2.
- Go to your latest blog posts or articles and revert them to the last revision date, and save them.
How to get your posts re-index quickly by Google
In Google search results, your pages will continue to show up as “Hacked By MuhmadEmad” until Google has discovered the new page title. It can take Google days, weeks, or months to re-crawl and re-index those pages and make the changes in Google Search Results. In the mean time, Google could think your website is still hacked. If that happens, you may receive a message from Google about Hacked Content Detected or This Website May Be Hacked.
To quickly get your pages re-indexed follow my instructions here: Have Google Crawl Your Page Right Now.
How did this happen?
Most WordPress hacks are due to outdated versions of WordPress or newly discovered vulnerabilities in outdated plugins.
In this particular case, WordPress 4.7 and 4.7.1 had a major vulnerability.
WordPress knew about it and issued 4.7.2 on January 26, 2017, and began pushing the update out to websites with automatic upgrades enabled.
They then made the vulnerability public on February 1, 2017. While this transparency is a good thing, hackers began exploiting the hole immediately.
Prevent future hacks
I personally have suffered from a site hack many years ago which impacted one of my sites with over 700 articles. I learned my lesson and I now use WordPress hosts which offer a backup solution. Additionally, I protect my WordPress sites with a handful of select tools and always keep them updated. I will make a list of these plugins and add them to this article shortly.
An opportunity for WordPress Website Owners
(No, I am not selling you anything, unless you are a business that needs help with your WordPress site after being neglected by your current designer or SEO team.)
Please comment below
Did you find this guide helpful? Was your site impacted? Has this happened to you before? Were you able to fix your website yourself?
- What Happened to ChicagoNow.com? - August 30, 2022
- The December 2021 Google Local Pack Algorithm Update - December 17, 2021
- Map Displaying to the Right of the Local Pack in Google Test in July 2021 - July 30, 2021