How to clean your hacked WordPress site?

Your site is hacked. What to do next? A lot of people will tell you just to restore a backup. But what most people do not take into account is that the original hack and the deployment of all malware isn’t always on the very same moment.

There’s a trend (that has surfaced and increased in popularity over the last 2 years) where a hacker finds a vulnerability, exploits it and injects a backdoor into your WordPress site. Next, they wait a couple of weeks or months. Once they’re sure you no longer have a non-infected backup, they use this backdoor to deploy the real malware to your website.

At this point, restoring a backup has become entirely useless. That’s why it’s better to clean your site than using a backup as a fallback (as you’d also be restoring the backdoor that allows the hacker to infect your site again afterwards).

So let’s learn how to clean your hacked WordPress site.

Read More

Announcing WP Sweeper

WP Sweeper - Cleaning Script for Hacked WordPress Sites

“A new way to clean hacked WordPress sites”

I’ve spent the past couple of years learning and writing shell scripts. I’m also passionate about WordPress. As I’m often asked to clean hacked WordPress sites, I started to work on a script that automates this in a world where Corona still was just a beer.

Today I’m ready to announce WP Sweeper.

WP Sweeper shell script for cleaning hacked WordPress sites
WP Sweeper in action

It’s a shell script that automates a lot of the tasks needed to clean a hacked WordPress sites. I’ve used this to clean more than a thousand sites. And now I’m unleashing my project onto the world, making it available for everyone.

Functionality

Read More

Audi Electric Kick Scooter Review

A couple of weeks ago I had the opportunity of testing the Audi Electric Kick Scooter for about 1,5 days (mostly due to the bad Belgian weather), thanks to HLN Drive. Since I had prior experiences using sharing platforms like Dott and sincerely liked using their kick scooters, I was very curious about Audi’s take on an electric kick scooter…

Hardware

First, let’s look at some of the specifications:

Read More

Improving WordPress security with the .htaccess

In this article I’ll share some of the security tweaks I tend to add to the .htaccess to improve security of the WordPress-installation.

Hide the wp-config.php file

Since the wp-config.php file contains our database credentials, we do not want this file to be accessible, PERIOD. So by adding this snippet to our .htaccess file we can prevent access to it:

#hide wp-config file
<files wp-config.php>
order allow,deny
deny from all
</files>

This rule will prevent that the wp-config.php is accessible.

Hide the .htaccess file itself

Preventing abuse by adding rules to our .htaccess is only useful if the .htaccess can’t be compromised itself.

Read More

A small bash backup script for WordPress

As most of you know I work as an Escalation Engineer at Combell.com. Recently I crafted a tiny backup script that makes backups of my own site. While this script is optimized for use on shared servers at Combell.com, it can easily be adapted to be used anywhere.

#!/bin/bash

#### Settings ####
NOW=$(date +"%Y-%m-%d-%H%M")
FULL_PATH=$(pwd)
BACKUP_FOLDER=$FULL_PATH/data/

#### Site-specific Info ####
SITE_PATH="www" #Could also be subsites/subsitename
DB_NAME=`cat $SITE_PATH/wp-config.php | grep DB_NAME | cut -d \' -f 4`
DB_USER=`cat $SITE_PATH/wp-config.php | grep DB_USER | cut -d \' -f 4`
DB_PASS=`cat $SITE_PATH/wp-config.php | grep DB_PASSWORD | cut -d \' -f 4`
DB_HOST=`cat $SITE_PATH/wp-config.php | grep DB_HOST | cut -d \' -f 4`

#### Files backup ####

function files_backup {
    zip -r $SITE_PATH.$NOW.zip $SITE_PATH
    mv $SITE_PATH.$NOW.zip $BACKUP_FOLDER
}

#### Database Backup ####
function database_backup {
    mysqldump -h $DB_HOST -u$DB_USER -p$DB_PASS $DB_NAME > $DB_NAME.$NOW.sql
    mv $DB_NAME.$NOW.sql data/$DB_NAME.$NOW.sql
}

#### Runner Class ####
files_backup
database_backup

This script can be run automatically on a Combell-server by adding a cron for this script. You can do this in /etc/crontab by adding for example this:

0 */6 * * * /bin/sh /data/sites/web/youraccountname/backup.sh

The cron above will create a backup every six hours. Do not forget to put this backup.sh script in the root of your account.

Hope this helps you guys.

PS: the FULL_PATH variable is already included since I’m planning to iterate on this script and add more features, even though it’s currently only used to declare the backup directory path.

Using WordPress as a static site generator

This weekend I spoke at WordCamp Nijmegen in The Netherlands. Below you can find my slides for that presentation.

Using WordPress as a Static Site Generator from Brecht Ryckaert

An intro to the command-line for WordPress – Part 1

Working with WordPress on a daily basis at Combell.com (a Team.Blue company) means I get to see, optimize and debug a ton of WordPress sites each single day. This also means I sometimes need things to be dealt with quickly. And that’s where the command-line comes in…

So why won’t you use WP-CLI?

Of course I use WP-CLI too. It’s a great addition to the toolkit of any user/developer/hoster. But there are (quite often) times when WP-CLI is just not an option or too slow. And that’s no complaint or insult towards WP-CLI by the way. Let me explain by some examples:

  • When WordPress core, a certain plugin or a theme causes a fatal error, WP-CLI is rendered useless.
  • I’ve seen cases where a very poorly optimized query caused such a slowdown on WordPress that any wp-cli command, for example a wp user list, took more than 5 minutes to complete. This was solely caused by a plugin, not by WP-CLI, but it did impact WP-CLI.
Read More

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!