How to Reset My WordPress Website

It happens to the best of us. We wake up one day and click on a link in our email or on a social media site and boom. An unwanted guest pops up on our screen, demanding our attention. We can’t help but open the browser tab and begin to scroll. Before we know it, an hour has gone by and we’ve opened up ten new tabs, all in a frenzy because some hacker managed to load a virus on our website or because an advertiser managed to put a tracking cookie on our site (I saw both of those things happen on the same day).

When we finally calm down from our sugar high, we notice that something isn’t right. Suddenly, all of our websites are acting weird. They won’t load. They throw up errors. They seem confused as to what type of content they should be displaying. After checking our hosting provider’s support forums, we discover that our websites have been “hacked” and that a “Dr.Web” virus (also referred to as a “ransomware virus”) is hiding in plain sight, demanding a ransom be paid in order to restore our websites to their original state. We had been hacked by an amateur and they wanted money in exchange for returning our sites to normal. Since we didn’t have any money aside from what we had on hand (because we’re still in awe of the incident), we had to take a leap of faith and hope that Dr.Web’s developers would come up with a suitable solution. Little did we know that the virus had just been updated and that there was no such thing as a “ransomware-free” version of Dr.Web available. So, we had to take care of this virus the old-fashioned way. You’ll see what I mean in a minute.

Pay The Ransom

Let’s start from the beginning. As I mentioned, we began the day by stumbling upon a link on a social media site that we hadn’t visited in a while. When we clicked on it, we were directed to a website that looked like any other generic travel agency website you might encounter. There were a few small differences, though. The biggest one was that, in the upper-right corner of the screen, we saw a gray box with a white silhouette of a man, presumably the hacker who designed the site. The box was made up of several messages:

• Welcome to My Site!
• This is a test to see if you’re computer is infected with a virus.
• Do you want to buy a new iPhone?
• Press [continue] to proceed to Paypal, where your money will be safely stored.

We looked at the messages in the order that they appeared. The first thing that stuck out to us was the last one. It was quite a coincidence, because a few days earlier, we had been thinking about purchasing an iPhone.

The next thing that happened was that we started getting bombarded with pop-up windows, demanding our attention, and a few of them contained a tracking pixel, which meant that an advertiser had watched us visit the site. To the best of our knowledge, we had never done any online shopping and certainly not from these advertisers. We had also never been to a travel agency website, so it was quite a coincidence that this one would bring us there, without our even knowing it.

After looking at several of these ads, we got scared that our computer was infected with a virus. We began Googling around, trying to find out what would happen if we clicked on a hyperlinked email message or a piece of malware. Luckily (or unluckily, depending on how you look at it), we found a post on a WordPress forum, describing a situation very similar to ours. We began to panic a bit, because we knew that any moment now, a Dr.Web virus would demand our money by appearing on our screen. So, we quickly opened up a Word or Excel document to start entering credit card information, just in case. To our relief, nothing happened immediately. The virus didn’t appear. It didn’t ask for ransom. It didn’t try to delete any files or perform any other malicious activities. It just sat there, looking at us with its menacing gray box in the upper-right corner of the screen, daring us to make a move.

Remove The Virus

We had to remove the virus somehow, and the only way we could think of doing that was by paying the ransom. So, we quickly entered the credit card information, without even checking whether or not that was the right thing to do. Just in case. Thankfully, the process was fairly simple. We were asked to enter a 24-character verification code that was sent to us via SMS. Once we entered that code, we were shown a confirmation screen where we confirmed our order. The whole process took less than ten minutes and we were assured that our websites would be back up and running in no time.

Once we paid the ransom, we were given a message that our websites were being restored and that, once they were back up and running, we would be notified by email. To our delight, within ten minutes of making the payment, we were notified that our websites had been restored and we were given an email address, with which we could contact the virus’s developer, for the purpose of giving them our eternal gratitude and thanking them for their trouble. We followed the instructions that were included in the email to enter a website, where we were able to access the control panel for our hacked websites. In the upper-right corner of the screen, we saw a message that our websites were restored and the control panel for our website.

For some reason, the virus’s developer decided that they didn’t like the sound of our appreciation and wanted to add a few more hours to the process. So, they decided to display an error message, instead of allowing us to access our control panel. We were then asked to enter our payment information again, for the second time. What we didn’t realize is that they were asking for our credit card information AGAIN, in case the first one wasn’t processed correctly or if it was a fraudulent payment. After entering our payment information a second time, we were finally able to access our control panel. At this point, we were really starting to get worried that our websites were going to be infected with a virus again, because the developer was taking so long to put everything back the way it was. So, we decided to take a quick peek at our email account, in case the developer was trying to scam us. We opened up our email client and checked our mail, just in case there was a message from the virus’s developer, asking us to buy a new iPhone or to send them some money for an undisclosed purpose. In our haste to save our websites, we completely forgot that we didn’t need to check our email for replies from the virus’s developer, because we had just paid them and they would be contacting us directly. Little did we know, at the time.

Fix The Websites

Once we were in our control panel, we began to notice that something was off with our websites. Most of them loaded perfectly, but a few didn’t and, when we went to the trouble of trying to load them, we saw a 502 error, which indicated that the website wasn’t loading due to a server issue. We didn’t have the time to troubleshoot this right now, so we tried to find the solution ourselves. After several hours of trying to figure out what was wrong and referring to online tutorials, we discovered that the site was using a ‘WordPress’ theme, which meant that it was compatible with all of the major blogging platforms. This was a good thing, since we were able to get back to work, and we knew that, eventually, we’d be able to figure out what was wrong with our websites and make them work correctly. For now, we had to live with the broken links and the errors that kept appearing when we tried to load a page. We weren’t dealing with a serious virus this time, but it was still an unwelcome guest and we had to do something about it. We paid close attention to our web hosting service’s support forums, in case there was a solution to our problem. While we were trying to figure out what was wrong with our blogs, we came across a fix, which promised to “solve all of your problems” and “bring your blog up and running in no time”. This looked very promising, so we tried it. To our great surprise, it worked. It was as if someone turned off all of the noise that was preventing our websites from loading properly and replaced it with a crisp, clean canvas. Our websites began to load instantly and there were no more errors. Everything was as it should be and we were able to sleep peacefully that night, knowing that we had done the right thing. The next morning, we logged into our control panel and found that all of our websites were back up and running and looking great.