Personalized and caring involvement in fixing your hacked website– it’s what we do.
- Our goal is to help you prevent your website from being hacked again.
- Service is very important to us. We intend to reply to every email you send us within five minutes; and likewise begin working to fix your website within minutes of your call.
- No outsourcing to an unknown sweat shop of workers in some unknown country. We are a California-based business.
- We consider every phone call we receive a blessing. Call us anytime, (619) 479-6637, or Toll-Free, (800) 639-6442, or email, jim at hackrepair dot com
- Once we’ve completed the clearing of malware from your website we will, with your approval, help you install software to better secure your website in future.
- Throughout the course of cleaning your hacked website we will provide you with a real-time report on what we are doing, what we’ve found, and what to watch out for in future.
- Even after your website has been secured and Google.com reputation restored we will remain available by phone or email for any question you may have in the future. Think of us as “your website security experts for life!”
- With fifteen years of web hosting and Internet security related experience, our skill sets are unique and available to you for a reasonable flat fee.
- We treat every hack repair project we work on as though it were our own website.
Our service goals include:
Our #1 goal is to ensure your website is never hacked again. We hope to impart to you all of the lessons we’ve learned from previous clients, and help make you a WordPress security guru by the time we are finished.
Our #2 goal is to report back to you everything we’ve done, including showing you what malware looks like and how to locate it.
3. Long term security.
Once we’ve cleared all malware from your website, our goal #3 is to better secure your website from random bots and other malicious folk. Below are some of the tasks we intend to build into your website (for WordPress clients):
- Enable a 404 error detection. This helps to block random bots of finding you.
- Enable backups. We don’t want all of our good works lost due to accidental file deletion.
- Enable brute force login protection. This will help block hackers attempting to guess your password.
- Enable file locking so hackers cannot edit core WordPress files.
- Enable real-time logging within your site. This will notify us if something changes within your site unexpectedly.
- Enable settings to reduce comment spam.
- Enable you to better secure your website by teaching you security best practices.
- Enable your website to deny the execution of scripts within images directories. This helps to discourage hackers from hiding back door scripts within directories you would not normally check or monitor.
- Enable real-time file monitoring.
- And much more…
Below are words of encouragement and testimonials received from some of our recent customers:
I receive quite a few service reviews each week from the good people who bless me in asking for my help with their websites.
Sometimes I get so busy that I don’t get a chance to read all of them or give them the credit online they deserve.
Today I receive a particularly poignant review. The tone of the review really hit home for me personally, and I’d like to share it.
One of the things I tell people when they call me by phone is that I’m not in this for the money. The work can get really quite monotonous at times. But it’s the service, the giving part that gives me joy.
Below is what Holly had to say following a hack repair service I completed for her:
“OMG Jim saved my life! All five of my websites were hacked and my service provider was of little help. They offered no apologies and simply referred me to a company they are partners with to fix it, who subsequently tried to sell me an outrageously expensive plan – suspicious (one I almost had to go for because I did not have time to be dealing with this.)
Anyway after a quick google search I found a blogger who recommended Jim and after talking to him for all of about 5 seconds I realized I could breathe again. I literally handed my problem to him and he took care of it for half the charge and half the speed and he communicated clearly with me through every step of the process. I honestly can’t recommend him enough. I was so grateful to have an actual caring human willing to walk me through these types of problems that I went the extra step and moved all my sites to his service instead. I now feel safe. Thanks Jim!”
What a wonderful life this Internet thing has given us. So I say, “Universe, please send me more people I can help. I’m here to help and give what I can to make the world a better place. Challenge me with your giving.”
Invisible WordPress admin users are the sometimes left behind artifacts of a sloppy hacker or following the cleanup of a hacked website.
As of yet, there is no automated way to remove these invisible WordPress users. Some phpMyAdmin mojo is necessary to remove them. This article will cover how to remove those invisible user bits sometimes left behind in the database following a mySQL injection.
“phpMyAdmin may seem a bit intimidating at first. Think of it like a text editor for databases and you’ll be fine.”
The steps to removing invisible users in WordPress:
Be sure to use a backup plugin, like Updraft Plus or Backup Buddy, to make a database backup.
These backup plugins will not only help you generate a backup in seconds, they’ll likewise allow you to recover your prior database with just a few clicks of your mouse. So seriously, don’t freak out – “your website will not be wiped clean by editing a couple database tables.”
Add a new Administrator (user)
This still isn’t fully necessary, but I find it helpful in the scheme of things. Maybe you are still using Admin as your username? If that’s the case, this would be a great opportunity to change that to something less guessable.
After creating your new user, log out, then log back in as the new Administrator.
Log into phpMyAdmin. Scary, huh?
I have to agree, phpMyAdmin is probably the most intimidating login screen you’ll encounter in your WordPress career.
You’ll find the username and password for your phpMyAdmin by viewing the text within your wp-config.php file:
Once logged in, find your database in the left column and click it once.
That will reveal a list of tables. We only care about two tables: wp_usermeta and wp_users
Let’s start with wp_users. Click that table link and you’ll see something like this:
What’s important here are the numbers in the User ID column. Note how one is 2 and the other is 101011. These are good users in our installation. Hint: “Remember this.”
Ok, the truly scary part. Sorry, you’ll have to trust me on this. We are going to do a database query to identify the invisible users. Click the SQL tab.
Next, copy/paste the text below into the box and click the “Go” button bottom right.select * from wp_usermeta where meta_value LIKE '%administrator%';
This will do a quick search for all currently set administrator users.
And now to the callback. After our search in #5 above, notice the extra users Mr/Mrs. Sherlock?
Now kill the other users. Clicky-clicky on the big red X next to each bad users until your enemy has been defeated.
If you are victorious in your quest, you’ll see something like this when you refresh your WordPress dashboard Users list:
For those of you who arrived here after searching for the term, “how to delete a WordPress website“
Deleting WordPress is usually pretty straightforward. Though if your site is active, deleting your WordPress site will likely take your entire website down and all of your files with it. Proceed with care…
If you are not sure how to delete your WordPress website just click the chat link below and ask. I’m here to help.
If your domain name is hosted through WordPress.com, it can be a bit of a challenge to move your domain, or for that matter even find the location at WordPress.com where you may manage your domain name.
In this video I will describe the required steps to successfully move your domain name from the WordPress.com domain registration and renewal service to another domain name registration company.
If you have previously registered a domain name at WordPress.com, this video may help you, particularly if your client wishes to transfer their domain to an account at another domain name registrar like Godaddy, or Network Solutions.
Fixing Hacked Websites Full-time – It’s What I Do.
I wake each morning with one mantra, “what can I do to help make the online world a better place today?”
Having spent nearly two decades helping folks build websites and managing a security-oriented website hosting business, it dawned on me late-2008 that I could use those same skills to help those whose websites have been compromised by hackers.
Something of a labor of love, HackRepair.com was born as a helpful thought, which became the service you see here today.
I bring to the table the ability to quickly unpuzzle complicated website issues and communicate complicated technical issues in a human way. I actually enjoy talking to people by phone (what a crazy concept!).
The digging into and figuring out the how and why a website was compromised is my idea of fun. Some people like solving crossword puzzles. I enjoy un-hacking websites.
Listen in to learn more about what I do: Listen to Jim’s Hack Repair voice introduction
Many quality website hosting companies recommend our services as well.
Below are some of my most recent articles:Read more
After a website has been cleaned of malware, I’m often asked, “how do I verify my website within Google Webmaster Tools in order to clear my reputation within Google search?”
This article summarizes the process to both verify your website through Google Webmaster Tools (a.k.a. Google Search Console), and how to clear your reputation within Google search.
When a website is compromised, the first sign of trouble is often Google search. A hacked website can be quite an eye opener for a struggling business. And the process for submitting a review request can be somewhat confusing.
Let’s start with examples of “compromised website” listings within Google search:
Common Google compromised site definitions:
“This site may be hacked” may appear when Google believes a hacker may have changed some of the existing pages on a site or added new spam pages.
“This site may harm your computer” may appear when Google believes malicious software has been installed on a website. This malware may cause computers viewing the website to install unwanted programs to steal passwords and credit card numbers, change search results or worst.
What may result from your website being marked as compromised within Google search?
– Loss of business credibility.
– Folks who search for your business using Google search will likely not click through to your website.
– Prospective clients may never return to your site again, in fear they may be hacked themselves.
– If left compromised for too long, Google may delist your website from search.
– Other search engines, like Bing or McAfee SiteAdvisor, will likewise delist your website address in search within a matter of days following a Google search “This site may be hacked” warning.
Suffice it to say, being listed as compromised has a range of not so happy consequences.
Your first course of action is to get your website cleaned of malware and secured by a competent, well regarded professional.
Once the site is clear of malware, then, and only then should you submit a request to Google to clear your online reputation.
This 6-minute video summarizes the ownership verification process.
- Start by clicking this link to register and verify your site in Google’s “Search Console”
How to clear your reputation in Google Search
See the picture at right for the location of each link to click
Once signed into the “Search Console“, click on the “Security Issues” section to see details of sample URLs that might be infected.
If you see the sentence, “Currently, we haven’t detected any security issues with your site’s content.” then we we are good there.
Next, click the “Search Traffic” section and choose “Manual Actions“. If you see the sentence, “No manual webspam actions found.” then all is well there as well.
These two sections, “Security Issues” and “Manual Actions” are the only two sections you need to review where malware is concerned.
One or both of these sections may require that you submit a statement to Google requesting they review your website for malware in order to clear your reputation in Google search.
This 6-minute video also nicely summarizes Google’s process for clearing one’s reputation in search:
Once you’ve submitted your “Request a review” to Google, it may take from 12 hours to 48 hours for Google to clear the “This site may be hacked” or “This site may harm your computer” message from search.
How do I verify my site with Google Webmaster Tools | HackRepair.com
For HackRepair.com clients. We will clear all malware, submit the Google review request for you, and notify you once the site compromised messages are removed from Google search.
Once your website has been cleaned of malware and reputation cleared within Google search we recommend double-checking your reputation at URLVoid.
Regarding SSL certificates and Cloudflare. Now don’t get me wrong, I’m a big fan of Cloudflare and have posted quite a few articles recommending the service for a variety of reasons, one being free SSL.
But, there is one caveat. While the free SSL plan works wonderfully well,
if a curious client or customer checks your SSL certificate using any of
the free online SSL checking tools, they may find other less scrupulous
websites “sharing your Cloudflare SSL certificate“.
Below is an example of a website set to Cloudflare. Note the other domain
listed in yellow.
Agreed, it requires a tech savvy customer or client to check for domains
sharing your SSL certificate. And then there is the question of “Who
cares?” or “Does it really matter?” I would argue that security wise it
doesn’t’ really matter, but client perception wise—that’s an unpredictable
And you may ask, “Well, what about other free SSL certificates, don’t they
Answer: Yes. AutoSSL, a cPanel standard for free SSL certificates, may
likewise list other domains sharing the same IP address.
So it could be argued, that in today’s world of shared IP’s and a scarcity
of dedicated IP addresses available to shared clients that a dedicated IP
address remains a some what valid concern, “if” you are worried about
someone checking your SSL certificate and finding your website’s domain is
shared with pharmacy or more damaging website addresses as well.
This is all food for thought.
What do you think about the issue of shared SSL certificates displaying other web site addresses not associated with your business or website address?
Just a quick note regarding the OpenSSL vulnerability, also known as “Heartbleed.”
An excerpt from the Heartbleed bug summary , “Bugs in the OpenSSL’s implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.”
Without going into great detail, the Heartbleed bug has been in the wild since early 2012. This past week the bug was officially discovered and patched by the global security community.
It is plausible that someone may have maliciously used this bug to intercept your encrypted communications. The likelihood of this is extremely low. This would not have been a random attack. Your hacker would have had to specifically target your domain, as well as have had access to the encrypted data. What I mean by this, is, essentially the hacker in question would have had to have been monitoring the traffic of someone using your domain at the exact time they were connecting via SSL to your website. If you do not have an SSL certificate installed on your domain this entire Heartbleed discussion, in regard to someone compromising your personal data, does not apply to you.SSL trivia: Renewing or reissuing your SSL certificate will generate new keys, making previously stolen private keys just another random number.
That said, even if your personal website does not use SSL encryption, your web host likely provides SSL (https://) for connecting to their web hosting control panels. In this respect, it would be prudent to ask your web hosting provider whether they have patched vulnerable versions of the OpenSSL software, and will be reissuing new keys for the SSL certificates associated with their customer control panels.
What else should I do as a result of this OpenSSL “Heartbleed” bug announcement?
I recommend taking this opportunity to update “ALL” passwords at all service providers today, whether your provider has updated their SSL keys or not respectively.
I manage a cPanel server for my clients, is there anything else you recommend relating to the OpenSSL “Heartbleed” bug announcement?
Other than following the recommendations for upgrading the OpenSSL libraries, I recommend you consider setting the WHM “Force Password Change” option on your server. See the cPanel WHM Force Password Change Settings documentation for more details.
Other notes and resources relating to the OpenSSL “Heartbleed” bug:
- Alexa Top 10,000 – Websites Vulnerable to the OpenSSL “Heartbleed” Bug
- COMODO SSL Analyzer
- Other OpenSSL bug testing tools: Possible.lv | Filippo.io
- Google mail (Gmail.com) servers have not reissued their own SSL certificates as of April 9, 2014:
Written by Jim Walker, The Hack Repair Guy, +HackRepair, @tvcnet, (619) 479-6637Read more
Google has added new terms to describe compromised websites.
Google’s current terms include:
- “This site may be hacked.“
- “This site may harm your computer.“
The general goal of these alerts is to say, “Hey, be careful of this website because it may harbor redirects to other hacked websites, or include files or text placed on the website unscrupulously.”
Matt Cutts very nicely discusses malware detection at Google:
There is a fairly common WordPress hack going around, most often called the “Pharma Hack.” The pharma hack usually involves the injection of words like cialis, xanax, payday loans and others directly into the WordPress database. This situation can be particularly difficult to clean up. And because this hack is most often set to only be viewable by Google’s bots it’s virtually impossible to figure out you’ve been hacked before Google notices–no fun at all!
My website has been hacked. Now what do I do?
We’re here to help you get your business back online ASAP!
With over 15 years of experience in managing secure servers and compromised websites, we will ensure your website is cleaned of malware and unblocked at Google or your money back!
Call for quick resolution today.
Here at HackRepair.com, we pride ourselves in quickly identifying and repairing damage from all sorts of server-related hacks. To do this, we stay up to date on the latest security and hack-related news, as well as attending the largest hacker conference on Earth, DEFCON, held for the last 24 years in Las Vegas, NV USA.
For all but two of the last fifteen years, we’ve been sending our folks to DEFCON Las Vegas to learn as much as we can about the new cyber attack and mitigation techniques. DEFCON ran for four days this year.
Day 1 of DEFCON is usually a whirlwind day, a time for waiting in line to get your badge, finding friends and acquaintances, and planning out the week.
Recently, they’ve added less technical talks to start people out. Some are quite informative and an easy way to get involved.
DEFCON – Cyber Grand Challenge
This year was really special as well because the final round of the Cyber Grand Challenge was held at the beginning of the conference.
DARPA, a US government agency responsible for everything from the Internet to GPS navigation, implemented the CGC to develop automated systems to repel and initiate cyber attacks.
The winning machine, a supercomputer named Mayhem (event picture at left), was coded by a team from Carnegie Mellon University, and the winning machine will be held in the Smithsonian Institution for its efforts. Quite a sight to see!
* Pictures above courtesy of Dan Tentler
DEFCON 2016, Day 2-4 are where the real talks start, and where the most important talks start winding their way through to the weekend.
Some of our favorite talks this year at DEFCON 2016 were:
° Feds and 0Days: From Before Heartbleed to After FBI-Apple
° 411: A framework for managing security alerts
° How to design distributed systems resilient despite malicious participants
° Direct Memory Attack the Kernel
° Malware Command and Control Channels: A journey into darkness
° Escaping The Sandbox By Not Breaking It
° Stargate: Pivoting Through VNC To Own Internal Networks
° Attacking Network Infrastructure to Generate a 4TB/s DDoS for $5
° Cunning with CNF: Soliciting Secrets from Schannel
° Toxic Proxies – Bypassing HTTPS & VPNs to pwn your online identity
° VLAN Hopping, ARP poisoning & MITM Attacks in Virtualized Environments
° Hiding Wookiees in HTTP – HTTP smuggling
DEFCON 2016 – The Experience
On a secondary level, the massive amount of information security professionals at DEFCON helps to breed a sense of community, and as you can see, there’s a lot of esoteric information here, that only a true security professional would love.
Understanding and utilizing the information gleaned from these talks is our bread and butter. Protecting your sites from attacks by malicious hackers is the way we work.
“Secure By Default” is our philosophy and this is how we do it.
Small Site Hack Repair Service
After discussing with our staff here, it’s become clear to us that some folks do not require the usual 3+ hour time commitment in regard to repairing their hacked website and removing the “Reported Attack Site” status with Google.
For this reason, we’re now offering a special $100 discount to folks with small sites less than 50mb in size or less than 100 files in total.
You can still expect our same level of commitment to service. We are hoping that $179 (discounted from our regular rate of $279) is within the budget of even the smallest web design firm or business.
We really want to help you get past this potentially embarrassing situation. Please call for quick results today.
If you feel your site is a micro-site and you would like to fix your reputation issue with Google, please call me and we’ll take care of clearing your good name, often within hours of our starting the cleanup of your website.
“I live for your success!”
Call (619) 479-6637