One of the realities facing website owners since the dawn of the internet has been the potential of being targeted by hackers. Having your website hacked can be a very stressful, expensive, can destroy your SEO ranking, leave your visitors susceptible to viruses and malware and more importantly, it wounds your brand’s reputation with your customers.
If you find that you’ve run a security check or website diagnosis and your WordPress site has been hacked then there are some urgent steps you need to take to nip it in the bud and get back online. The signs you’ve been attacked probably included:
- Not being able to login to your WordPress interface
- Seeing pop-ups and ads you didn’t place on your site mucking up your home page
- Your homepage has been vandalised
- Unusual activity in your server logs and sudden decreased traffic
We will outline the critically urgent steps you need to take once you’ve ascertained that you’ve been hacked.
Table of Contents
Safeguarding your WordPress Site from Hackers
Before we get into the steps you need to take to get your site back from a hacker’s grip let’s discuss some pertinent information you need for safeguarding your website as a precaution.
Be aware that the CMS platform you use does not automatically safeguard you from hackers. Regardless, WordPress, Joomla, and Drupal are all susceptible to hackers at one security loophole or another. Any site can be hacked if it is live on the internet.
If your website is a business then you should already know that web security is tantamount to its success and protection of your customers’ sensitive data.
For this very reason, the first line of defence in safeguarding your WordPress site is to ensure that you have the utmost quality in WordPress Hosting. Protection starts with a hosting company that has a robust toolkit of features and security measures for your WordPress site.
Your second line of defence lies with having an excellent Backup Solution for your WordPress site. This ensures that your website can be recovered in its entirety in the event of being hacked.
The third and final defence lies with having built-in security solutions from your hosting provider. This includes a robust firewall, SSL Certificates, and Monitoring tools to help keep your website as secure as possible.
While all this information is great if your website hasn’t been a victim of hacking, chances are you are reading this article because it has been. So, if your website has been attacked recently and you are here for a fast solution then the first thing to do is not to panic. Stay calm and follow the steps below to get your site back up and running.
Steps to take after being Hacked to Restore your WordPress Site
Step 0: Hire a Professional to Handle the Problem
You’re an e-commerce guru and no one expects you to also be able to troubleshoot technical difficulties on your website like a hacker attack. If you find that you just lack the technical savvy to recover your website, hire a professional to get the job done quickly.
Why? Well unless you know your way away codes and internet scripts and you’re comfortable with decoding a hacker attack, it’s just best to call a professional that is well versed in computer languages—because hackers especially the advanced ones are pretty good and hiding scripts in various locations to allow for future hacks into your website.
While a professional Internet Security Technician can cost you anywhere from 100-250 quid an hour which is extortion for a small business or solopreneur to spend on securing their site.
Another solution is to call your hosting provider’s technical support and see if they offer services in malware and hack clean up.
However, if you feel confident enough to troubleshoot this security breach yourself then continue below to the DIY steps.
Step 1: Identify the Hack
First, breathe. We know dealing with a website attack is a stressful event but you can only get through his with a clear head.
Now let’s run through a checklist to help you access whether or not your website has been a target of a hacker’s attention.
- Can you login to your WordPress admin panel?
- Are you being redirected from your WordPress site to another site?
- Are there new illegitimate links on your site?
- Has Google marked your WordPress site as insecure?
Keep this list handy because it will help you supply information while talking to tech support at your Hosting Provider or even as you continue to troubleshoot the issue yourself.
At this point, it is imperative to change all of your passwords for your site. Make them really secure with a combination of letters, numbers and symbols. Do this before going through cleaning up your site and securing it.
In addition, once you’re done cleaning your site of the hackers mark you will need to change your passwords again.
Step 2: Check with your Hosting Company
Your hosting provider is well equipped to deal with this situation and their abled tech support staff is used to dealing with issues like this all the time. They will be able to assist you with through the process of recovering your WordPress site especially since they know the ins and outs of the hosting environment.
In some instances, in a shared hosting environment, the hack could have possibly affected the entire server. If you’re using shared hosting, this may be the time to consider upgrading to Dedicated Hosting.
In any event, on a shared hosting plan, your host provider’s technical team can provide information on the origin of the attack, where backdoors were placed, malware used etc.
If it’s your lucky day, your host may even clean up the hack for you.
Step 3: Restore from Back Up
Hopefully, you’ve been using a tool to back up your WordPress site. If you have, it’s best to restore your site from a point before the hack happened. If you can that’s perfect!
However, bad news if your site had a blog as you can potentially lose more recent blog posts and new comments.
If you don’t have a backup for your site at this time then you can simply continue on with the steps to manually remove the hack. Once you’ve cleaned up your WordPress site, it is important to make sure you have a BackUp Solution in place.
Step 4: Scanning for Malware and removing it
In order to launch their attack, hackers place backdoors and malware on your site. A backdoor is just that a way in behind normal authentication to gain remote access to the server while remaining in stealth mode. Backdoors allow hackers to come back again and again. The most common way in for hackers to place backdoors is through WordPress Plugins. Go through the plugins on your WordPress site and delete any inactive plugins and themes. Once you’ve removed them, scan your WordPress Site for the hacks. Use a WordPress Plugin like Sucuri WordPress Auditing and Theme Authenticity Checker (TAC). As soon as you download and install these plugins run the Sucuri scanner, this will scan your site and give you a rundown of your core WordPress files and shows you where the backdoor and malware is hiding.
Backdoors glamour themselves to look like WordPress files so they aren’t detected. Hackers commonly target themes and plugin directories, uploads directory, wp-includes directory, wp-config.php, and .htaccess file.
Next, run the Theme Authenticity Checker. It will scan all themes loaded on your site and ensure their authenticity is accurate. If it finds any malicious or suspicious code in your themes it will display it in the results next to the theme showing the file that has been corrupted. The scanner will also display the malicious code.
There are two options for fixing the hacked files:
You can either manually remove the corrupted/malicious code or you can replace the files with new originals.
Any corrupted files should be overridden by new fresher copies. This goes for themes, plugins, and other core WordPress files as well. Continue this until all damaged files have been replaced by new files. As a further precautionary method, check all your theme and plugin file folders. Sometimes hackers disguise new files within them that resemble the plugin or theme file and are easily overlooked. Keep cleaning and replacing the corrupted files until everything is successfully removed.
Step 5: Review and Check WordPress User Permissions
Review your user account section in your WordPress and ensure that all the users listed there are of your team. If you see any suspicious user accounts delete them. Only you and your team members should have administrative access to your site.
Step 6: Change your Secret Keys within WordPress
Since the rollout of WordPress 3.1, WordPress generates a set of security keys which encrypts your passwords. Therefore, if a user or hacker stole your password, and they are still logged into the site, then they will continue to be logged in because their cookies are still valid. To disable these cookies, you have to create a new set of secret keys. To accomplish this you need to generate a new security key and add it to your wp-config.php file.
Step 7: Change Your Passwords—Again
When you began in Step 1 you changed your passwords. Now that you’ve cleaned up the mess the hackers made of your website, it is time to change them again.
Passwords you need to change include your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used the old password.
Our recommendation is that you use a difficult and strong password that is a combination of letters, numbers, and symbols.
If your site has multiple users then demand or just change all their passwords for them. Send a new decoy password and have them prompted to create a new one after.
Final Steps and Thoughts
The ultimate form of security for your website hands down is having a really good backup solution. If you didn’t have one before this attack then you should make having one mandatory after it. Use a backup solution that constantly backs your site up on a daily basis.
In addition to using a backup solution you should also consider doing as many of these things as you can to further protect your site from any future attacks:
- Disable PHP Execution in certain Directories
- Setup a website Firewall and Monitoring System for daily checks
- Consider a switch to Managed WordPress Hosting
- Always Limit Login Attempts in WordPress
- Disable theme and plugin editors
- Password protect your Admin Directory
Most important of all is you must keep your WordPress core, themes and plugins constantly updated.
We hope that this article helped you to recover your site from a hacker attack. If you still find you are having trouble to contact a professional in website security to help or call your hosting provider.