Snoack Studios

»  The Blog

Your WordPress website has been hacked, now what?

business | web design | WordPress by Shannon Noack on September 28, 2015 | 0 Comments

We talk a lot about website security the importance of updating your WordPress website, making sure you stay on top of updates that are put out for plugins, themes, and the WordPress core. Many updates fix vulnerabilities that have been found, and help patch security holes. An outdated website with a security flaw is one of the most common ways a WordPress website gets hacked into. But what exactly do you do if your site becomes compromised? Your site may go down, so you need to get the site back up, cleaned up, and secured again.

Some steps to take

It can be scary to have your site compromised, and many people say they feel helpless. Your site can usually be recovered and restored though, especially if you’ve taken some precautionary measures beforehand. Here are some steps to take when you find your site has been attacked:

  • Take it down: Depending on how bad your site is, and if your site hasn’t been taken down already, you may think about putting up a maintenance page on your site that says, “We’ll be back soon” so no one is seeing any foul language, bad links, or other destructive content that may have been placed there.
  • Restore your files: If you can’t access your site at all, get in touch with your hosting company to see if they can restore your site to the day before the attack. Or, if you have a full site backup from before the attack, you can clear all site files and the database and restore the site with your clean version.
  • Clean it up: Your backup may still be compromised, so you’ll want to make sure you scan all site files for any malware or malicious files. We like using Wordfence for this. If the scan finds anything malicious, delete it. Make all WordPress updates that are needed as well.
  • Change passwords: Make sure you change all passwords associated with the site including all WordPress users and your ftp. Use strong passwords that include upper and lower case as well as numbers and symbols. If you need to store the password or share it, don’t email it or store it in a place that isn’t secure.
  • Secure your site: Install a security plugin that will help prevent an attack in the future. Wordfence is an excellent option for this. It scans for malware regularly, alerts you when someone signs into your site, and limits login attempts, as well as many other security features.

Things that may help avoid getting hacked

We can’t promise you won’t be the target of an attack, but there are some precautionary measures you can take that should really help avoid this:

  • Updates: Keep your site updated. We honestly can’t say it enough, this is the most common way to make your site vulnerable so it’s the most important security  measure you can take for your site. Having a plan in place is best so you’ll keep up with it and make it a regular habit.
  • Security: Install a security plugin like Wordfence. We’ve mentioned this one a lot as well, it just has so many helpful features. Regular malware scans, custom alerts, and many other security features that are well worth the 5 minutes that this takes to set up.
  • Backups: Backup your site files and database regularly. This may not help you avoid getting hacked, but it will help you restore your site quicker. Your host may offer this service for you, or there are many WordPress plugins that offer scheduled backups so you don’t have to think about it, like BackupBuddy.
  • Passwords: Use secure passwords, and don’t share or store them in a non-secure place like email.
  • Clean up: Delete and clean out anything that isn’t needed. Regularly delete plugins and themes that aren’t being used or aren’t needed, and replace ones that haven’t been updated in a few years. Some plugins are created and then not supported or updated by the developer, which can lead to vulnerabilities as well.

Going through this can be stressful, but planning ahead and being proactive can really help and hopefully even avoid it altogether. Feel free to share any additional security tips you have in the comments as well!


No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment