Find If Someone Hacked Your WordPress Blog & Changed The Files

Written by Amit Agarwal on Apr 8, 2008

wordpress hacked How can you find if your WordPress blog has been hacked ?

WordPress Blogs (or for that matter, any software) become more vulnerable to hack attacks if you are not using the latest security updates. Hackers can then inject code into your WordPress files (especially themes) that will allow them to inflate the Google rankings of other spam websites though your blog.

And this is no uncommon thing. Dr Tony Hung recently discovered several WordPress websites that got hacked (include ZDNet) and affiliate links were secretly embedded into blog templates. Allen Stern, Kevin Burton and Matt Craven have more on this issue.

Is my website hacked ?

When a hacker gains access to your blog or website, he will modify certain files so that his tracking code gets executed and the spam links get displayed when people view your web pages.

So if you are curious to know if someone hacked into your WordPress blog last night and changed the files, you can look at the timestamp of every file on your web server and pay special attention to file that were modified during the time-period when you were fast asleep.

Don’t worry, you don’t have to try this manually, here’s a command to help you out:

Step 1. If you are on WordPress and have enabled WP-Cache plugin, go to your Plugin Settings and delete all the files from cache.

Step 2. Login to your web server using telnet or putty and switch to the directory that contains your WordPress files.

wordpress files changed

Step 3. Type "ls -Roh | grep YYYY-MM | sort -k 5,6" (without quotes and replace YYYY-MM with current month like 2008-04)

If the timestamp of any of your WordPress theme files or the standard WordPress files appears recent, you may want do a carefully check the contents of these files and compare them with the original files in your backup. Good luck.

Technicals – The ls command will recursively display all the files in WordPress directory and the -h switch will show their exact size in KB or MB. The grep command will limit this list to files that were changed only this month (or you can limit it to a day). The sort command will finally arrange this list to show files at the bottom that were modified most recently.

Related: How to Test Your Website For Errors

Subscribe to our Email Newsletter