The reason I started to think that WordPress might have been hacked was because while deleting old posts using phpmyadmin, I found that there were over 200,000 WP_404_to_301 (redirect) posts.
I never cared about security because I thought, “Who would hack a blog like mine?” But when I saw 200,000 of them, I thought there was a problem.
So I went into that table and checked the IPs displayed and they were connected to China and the Middle East. So I confirmed that this wasn’t a redirect I made by mistake and started deleting after making a backup just in case I deleted a normal one and it could cause a problem.
When you select a table and go to Operations from the top menu, there is an option to empty the table, but I deleted it after confirming it.
Table of Contents
Google Safe Browsing
After deleting the WP_404_to_301 table, I proceeded to check if Google had judged my site to be malicious.
I also got a warning from Google Console, but I checked the site status using Google Safe Browsing just in case. Fortunately, no unsafe content was found.
VirusTotal
Although Google has confirmed that it is safe, I checked the status on the VirusTotal site because there may be malware, malicious scripts, and hidden backdoors inside.
Fortunately, I was relieved to see that they were all evaluated as safe, but I still didn’t know, so I decided to install a security plugin that I hadn’t installed before and run a scan.
Wordfence Security Plugin
There are several security programs, and among them, I decided to install and check the Wordfence security plugin, which many people have installed.
There are many opinions that Wordfence can slow down the site speed because it is heavy with many features, so if you are going to use a security plugin, you should search for it and read other users’ opinions before choosing.
After installing the Wordfence security plugin and using the Scan function to perform a scan, two problems were found and fixed. It seemed that the files had been changed due to WordPress hacking, but since I was able to fix them, I was fortunate and installed one security plugin to perform a scan.
Quttera plugin
Although I ran various tests above, I still wanted to be sure, so I installed the Quttera security plugin and ran another test. Fortunately, no suspicious or malicious files were found.
I found a redirect that seemed to be a WordPress hack, and I spent a lot of time deleting and checking, and I realized how important security is. So I installed a security plugin that I hadn’t used before, but IP blocking was in progress.
This time, I realized how wrong it was to think that I would never try to hack WordPress. If you are someone like me who doesn’t care about security, I strongly recommend that you install a security plugin.
▶ How to remove Let’s Encrypt SSL (certificate) on Ubuntu
▶ Full WAF mode: How to enable the NinjaFirewall security plugin
▶ How to install the OpenLiteSpeed (OLS) web server on Lightsail
