HACKED - Fixing hacked WordPress Sites Workshop

Hacked sites cost billions of dollars in lost revenue globally and can cripple a business. Getting them fixed quickly is critical and, as an agency, having your clients on the phone pleading with you to fix a hacked site can be one of the most stressful things.

Almost worse than the financial implications, a hacked site brings a heap of emotional issues with victims of hacked sites describing it akin to being burgled.

It’s your job to help your clients through this and you need the tools, skills and processes to make sure you can effectively manage hacked sites.

Tim Nash is a WordPress Security Consultant who has helped hundreds of people get their site back up and running. In this workshop he is going to show you not just how to get a site live again but also guide you through the process from start to finish.

Using proven techniques that make sure all elements of a hacked site are cleaned, you will leave this workshop with confidence that when you get that phone call you will be able to take a deep breath and say “We got this!”.

What’s in this workshop package?

Over two 2-hour online sessions Tim will take you through the process of managing a hacked site. Each session is recorded and you will have access to the recordings. Each session also has a dedicated Question and Answer section with opportunities for you to ask questions that are not recorded.

Session 1 - 22nd April 2021

Starting from that moment you get the call, with identifying and analysing hacked sites, you will be going through the process to confirm what is happening, covering how the sites were hacked and analysing what types of hack has occurred.

These first few minutes are crucial, so Tim will guide you as you secure the site, ready for clean-up, stopping the potential spread of malware while maintaining a snapshot of the site for any potential legal action later on.

With the information you glean from the initial investigations, and the site made safe it is time to make a plan and to communicate what needs to be done to stakeholders. Tim will guide you through the process but also through the language he uses when talking to client stakeholders.

Session 1 Itinerary

• Identifying and analysing hacked sites
• Securing the site from further hacks
• Snapshotting sites safely
• Creating a clean up plan
• Questions and answer session (not recorded)

At the end of this first session you should be able to:

• Identify if a site is hacked via its log files and other key indicators
• Identify where the current primary areas of concern are
• Safely put a site into a state where it is no longer spreading malware but no data is lost.
• Manage a snapshot of the site in its current state, which can be referred to later.
• Know when it’s ok to remove files.
• Be able to create an action plan for stakeholders to sign off on.

Session 2 - 29th April 2021

This session will build on what you learnt in the previous session. It starts by covering 3 alternative approaches to fixing a hacked site, each has its uses and knowing when to use each approach is crucial. Tim will show you how to use modern tooling to clean up a hacked site quickly and cleanly going from a hacked site to a restored site in minutes in good conditions. Then we will swap to reality, where you don’t have all the tooling or all the options but still need to have the same results.

Once you have gone through the process, you need to effectively monitor it for further signs of attempts to reinfect the site. Building on the previous sessions work, learning about indicators Tim will guide you as to how to build effective monitoring and what to look for within your logs .

The final part of the second session is devoted to the post incident investigation, Tim will guide you through an example of blameless post incident investigation and key findings template. Using this as a guide you will look at what lessons can be learned from hacks internally and with the clients. Tim will also go through some of the little things that can often be forgotten, such as who needs to be notified both from a regulatory perspective but also from a transparency one.

Often clients feel shame at having their site hacked and want to hide this fact, Tim will go through some of the scenarios on disclosure and recommendations on how to report a security issue at a company.

Session 2 Itinerary

• 3 alternative methodologies for cleaning hacked sites
• Confirming and monitoring - The clean up process
• UK compliance and regulations as well as who you need to inform
• Questions and answer session (not recorded)

At the end of this second session you should be able to:

• Identify what method to use to clean a site
• Use modern tooling to clean a site
• Clean a hacked site with just FTP access
• Identify key indicators to monitor going forward
• Lead a post-incident investigation
• Provide recommendations on the next steps for a company.

Getting your hands dirty

This is not just a theory workshop, after each session you will be invited to practice, in your own time, with specially designed virtual machines that you can keep to reuse, or for a limited time, online equivalents. Each virtual machine will be equipped with the tools you need and technical challenges so you can put theory into practice.

In addition worksheets and resource links will be available along with step by step guides for each of the 3 methodologies.

Is this Workshop suitable for you?

The workshop is designed for a wide range of skillsets but it is technical in nature and some aspects do require some previous knowledge.

At a minimum you need to be familiar with WordPress and understand the different components needed to run a site.

To get the most out of this workshop you should have some familiarity with looking at server logs and some understanding of how the command line works.

Why take a workshop?

This workshop is about giving you skills and processes to manage hacked sites for your business and clients. Many businesses rely on specialist security firms to perform clean ups of their hacked sites, so why might you consider investing in the skills to do this internally when such companies exist?

No other company knows your sites and clients as well as you, they can’t make the decisions that you can. In most cases they have a single process which they follow and going outside of that is either costly or simply not possible.

There may be times where bringing in external services is needed or preferable but developing internally your process will allow you to:

• Quickly be able to respond
• Be cost effective
• Be able to take preventative steps and design systems to be easily restored
• Be able to provide this as a service to clients existing and potential new

Quick recap

This workshop includes:

• Two 2-hour online sessions delivered live by Tim Nash, with opportunities to ask questions.
• Downloadable recordings of the above session.
• 2 Virtual Machines set up with tooling and exercises to practice on.*
• Step by Step guides to the 3 different methodologies for fixing a hacked site
• Additional PDF worksheets

*For attendees who would prefer to not use the virtual machines, live practice sites will be available for a limited time afterwards.