如何判断WordPress网站是否被黑?完整检测教程
90%的站长往往是最后发现自己网站被黑的人,通常是在访客投诉、谷歌警告或主机商通知后才察觉异常。本文将详细介绍WordPress网站被黑的常见迹象和检测方法。
【中文】WordPress被黑的常见迹象:
- 网站打开速度明显变慢
- 出现陌生弹窗或自动跳转
- 后台出现可疑管理员账户
- 发现未知文件或代码
- SEO工具检测到异常外链
【English】Common signs of WordPress hacking:
- Noticeable slowdown in site loading speed
- Appearance of strange pop-ups or automatic redirects
- Suspicious admin accounts in backend
- Unknown files or code detected
- Abnormal external links found by SEO tools
检测方法一:检查用户账户
进入WordPress后台→用户菜单,查看是否有非您创建的管理员账户。如果发现可疑账户,请立即删除!对于多用户站点,推荐安装Nashaat插件监控用户活动。
Method 1: Check User Accounts
Go to WordPress backend→Users menu, check for admin accounts not created by you. If found, delete immediately! For multi-user sites, we recommend installing the Nashaat plugin to monitor user activities.
检测方法二:扫描异常文件
使用SSH命令检查上传目录中的PHP文件:
find wp-content/uploads -name "*.php" -print
推荐安装WordFence插件进行定期扫描。
Method 2: Scan Suspicious Files
Use SSH command to check PHP files in upload directory:
find wp-content/uploads -name "*.php" -print
Recommended to install WordFence plugin for regular scanning.
检测方法三:验证校验和
使用WP-CLI命令验证核心文件:
wp core verify-checksums
验证插件:
wp plugin verify-checksums --all
Method 3: Verify Checksums
Use WP-CLI to verify core files:
wp core verify-checksums
Verify plugins:
wp plugin verify-checksums --all
推荐安全插件
WPMU Dev Defender Pro:提供恶意软件扫描、防火墙等全面防护功能
WordFence:实时监控文件变更和可疑活动
Recommended Security Plugins
WPMU Dev Defender Pro: Offers malware scanning, firewall and comprehensive protection
WordFence: Monitors file changes and suspicious activities in real-time
如果确认网站被黑,请参考:WordPress网站被黑后恢复指南
If confirmed hacked, please refer to: WordPress Hack Recovery Guide
