Hacked sites overview

If your site is hacked, there are several important steps that DreamHost recommends you take.

If you're not comfortable fixing your WordPress site on your own, you can request DreamHost's "Hacked Site Repair" professional malware removal service. For a one-time fee of $199, DreamHost experts will access your account and make the necessary repairs to get you back online quickly. Please submit a ticket from within your DreamHost Panel if you'd like to explore this option.

In general, recovering from an exploit requires consideration of:

  1. locating the source
  2. closing the security hole
  3. removing backdoors, and
  4. cleaning up the damage.

The following is an overview of the process of clearing up any exploits on your account.

What is most vulnerable?

The following are common items that are most vulnerable on your website:

  • Outdated web applications and associated themes and plugins are often the point of entry for most exploits. Keeping all web applications, themes, and plugins updated to their latest versions helps to eliminate known security vulnerabilities. If you're unsure if there are security concerns related to any web application that you are using, you can search for advisories related to known vulnerabilities here:
    CVE Details
  • Web applications may have had their admin passwords compromised or malicious users added without your knowledge. DreamHost strongly recommends that you log into your applications to audit for unknown added users and change any passwords for admin-privileged users if you suspect that your site is hacked.

If your WordPress site is configured for automatic updates, DreamHost will upgrade it as updates become available.

Who is responsible?

In short, you are. DreamHost may assist in some situations, but is not obligated to do so. The Terms of Service, to which all customers must agree, states the following:

DreamHost Web Hosting is an information provider connected to the Internet. 
DreamHost Web Hosting offers storage and transfer services over the Internet through access to its Web Server.

Basically, this means that DreamHost sells the use of its servers. While DreamHost does manage the OS and utilities on the servers themselves, it does not provide any management of customer software on those servers. The liability for the software housed in a user's account is clearly stated.

DreamHost sells the use of servers and manages the OS and utilities on the server themselves, but DreamHost does not provide management of customer software which the customer chooses to put on the server. The liability for software housed in a user’s account is stated in the 'Material products' section below:

Material products

  • Customer will provide DreamHost Web Hosting with material and data in a condition that is “server-ready”, which is in a form requiring no additional manipulation on the part of DreamHost Web Hosting. DreamHost Web Hosting shall make no effort to validate this information for content, correctness, or usability.
  • Use of DreamHost Web Hosting’s service requires a certain level of knowledge in the use of Internet languages, protocols, and software. This level of knowledge varies depending on the anticipated use and desired content of Customer’s Webspace by the Customer.
  • The following examples are offered:
    • Web Publishing: requires a knowledge of HTML, properly locating and linking documents, FTPing Webspace contents, graphics, text, sound, imagemapping, and so on.
    • CGI-Scripts: requires a knowledge of the UNIX environment, TAR & GUNZIP commands, Perl, CShell scripts, permissions, and so on.
  • The Customer agrees that he or she has the necessary knowledge to create Customer’s Webspace. Customer agrees that it is not the responsibility of DreamHost Web Hosting to provide this knowledge or Customer Support outside of the defined service of DreamHost Web Hosting.

How to fix your hacked site

Visit the following links for details on how to fix your site after a hack.

Did this article answer your questions?

Article last updated PST.