Oh no!
Did your WordPress website gets hacked?
It’s like your worst nightmare just came to life!
It may seem bad but all is not lost, you need to calm down. Take a deep breath.
Once you are a bit calm you can work on your plan on how to regain a hacked WordPress website.
In this post, we’ll walk you through the step by step process of what to do when your WordPress website gets hacked.
Let’s get started.
First – Breathe & DO NOT Panic
If your website gets hacked, you may start to panic. Which will trick your mind that everything and all the effort you have put until now is gone. That is not the case, in reality.
If this happens, the first thing that you need to do is take a deep breath and do not panic.
All is not lost!
Once you are a bit calmer and in a better state of mind, there are some practical routes you can take to get your website back. Which you will only be able to do if you are able to think clearly.
Hire a Professional
Most people who choose WordPress to build up an online empire from the ground up are not tech-savvy.
People pick this platform for its easy to use and easy to handle features.
If you are one of them, it is wise to hire a professional as soon as you suspect something went wrong with your website, instead of wasting valuable time trying to figure things out on your own.
Because it’s something that needs to be taken care of immediately.
With WordPress’s popularity, it is very easy to find experts with the required set of skills that will be more than happy to help you.
Of course, there is always the option of fixing things up by yourself but it’s going to cost you both: precious time and money. If you don’t know what you’re doing, the chances are you might mess things up further.
If your WordPress website has been hacked, the best thing to do is act immediately before your website suffers further damaged. And hiring a professional is the best way about it.
If you decide to take matters in your own hands, here is what you need to do.
Step 1- Find Out the Source
The best way to solve a problem is to figure out exactly what caused the problem in the first place.
Most hackers access your website at three critical points:
- .htaccess files
- .php files
- Media files
If you’re familiar with these files (if not, the sooner you get a hold of these common files the better) be sure to audit them the first thing.
Other common places for potential hacks are themes, plugins, uploads directory.
Hackers can manipulate these files and incorporate malicious links that can adversely affect the overall website performance.
Also, a lot of website data cluttering up in these files can slow down the overall website speed.
Keep your website data clean and up to date to avoid any potential attack.
You need to check a few things first:
- Are you able to access your WordPress dashboard?
- Has Google marked your website as insecure?
- Is your website redirecting to some other web page?
- Does your website have any illegal links?
Note all of this down as these are the things that your hosting company is going to ask you.
Step 2- Get In Touch With Your Hosting Company
Next, if your WordPress is hacked you got to check with your hosting company.
Most of the good hosting companies are really helpful when it comes to dealing with these types of situations. They have a team of highly trained professionals that deal with such situations on a regular basis.
Contact them right away if you find something fishy with your online presence. They will help you in the following ways:
- They give you the information on how your website got hacked.
- Inform you if the hacker got access to your website through another website sharing your server
- They might even figure out the backdoor used by a hacker to gain entry
- Hosting companies keep regular backups of your website which might be useful.
Sometimes your host might even offer to clean up your site for you (if you’re lucky). We have good experience with SiteGrounds when it comes to such matters.
Step 3- Create a Manual Backup
Never take all the effort you put for granted. Creating a manual backup regularly is the best way to secure your website and away from the suspicious eyes of potential hackers.
If your website gets hacked, you can revert it back to the previous version.
You won’t get back the images and content posted after the backup was created.
It’s still better than risking your whole content available online.
Updraft Plus is one of the best plugins to create a backup. It comes with both options: do a manual backup or set the timeframe to create it automatically.
Not limited to avoid hacking attacks, these manual backups are necessary to keep your website at the safe end.
Sometimes when you rearrange your plugins and add some extra code to customize your website, it is likely you do some blunder that puts whole website at stake.
These backups help you play with your site as you like better.
Step 4- Restore WordPress From Backup
In situations like these backups can be real lifesavers.
If we are in the habit of creating backups of your website, all you have to do is go back and restore it to the version from before you were hacked.
Once you have restored to the previous version, keep in mind that all the updates, posts or general changes that you have made will be lost.
But you would have a clean website again.
This is not the best or permanent solution, as you are still are at risk.
As you did not block the backdoor that the hacker used to break into your website which means you are still vulnerable to further attacks.
You need to learn how to make your WordPress website more secure.
Step 5- Check Your Website Activity Log
It is wise to keep your settings in check.
Audit your website quite often and see who logs in to your website.
Make sure only authenticated persons have access to the admin and cPanel of the website.
If you find some suspicious activity here, it will help you track down the problem. If you think that your WordPress website has been hacked that you need to keep an eye out for:
- Who Logged in?
- Does this person have administrative privileges?
- Should that person be logging in?
- Was the login attempt a failure or successful?
- Did this person make any changes in the post/page?
- Did they install something? (plugin or theme)
Step 6- Scan Your Website
Scan your website regularly. Many security plugins are available in the WordPress plugin directory that ensures robust and powerful website security.
The website slapped with outdated stuff becomes more vulnerable to the successful attack. Hackers can create a backdoor using these outdated versions and can manage your website remotely.
Backdoor is a process in which hackers bypass the legal authentication process and access website data from anywhere.
iTheme Security and Sucuri are the best WordPress security plugins that help scan website data and predict where the potential hack is residing.
Step 7- Un-Used Plugins & Code
Instead of leaving everything to the shoulders of security plugins, it is wise to do some drill, manually.
Update plugins and themes every now and then.
Mind you, if you fail to update the plugin with two successive updates, you feel trouble jumping from your version to catch up with the recent one.
Remove the unused plugins and codes that burden up your website unnecessarily.
Sometimes it happens you install a plugin to do a little tweak on the website but you fail to delete it after fixing the issue and it keeps residing on your website forever. Better remove them to make your data load faster.
Step 8- Check Your Permission Level
This is very important.
Make sure only authorized and trusted persons can access and manage a website admin area.
If you give permission to content creators, be sure they cannot log in to your admin area. Always keep control of publishing the new content in your own hands.
Step 9- Change Your Password
Change all passwords related to your WordPress site including WordPress Dashboard, cPanel, FTP, MySQL data.
Also, the password needs to be unique that no one can access with a simple guess. You can use a password generator to create a strong password.
WordPress can generate a set of security keys that serves as a set of random valuables to improve encrypted information in the user’s cookies. These keys make it almost impossible to crack the code and access your website.
A password with no encryption like “WordPress” or “username” is easy to break but if you create an encrypted password like “34b5da45349fdehwej343ljki45hj3” no one even with a genius brain can generate a right combination.
Check this post to get more information about WordPress security keys.
Step 10- Strengthen Your Website Security
Once you get your website back, consolidate your existing website security.
And address the loopholes where hackers got access to your WordPress website and hack it.
Because if they steal your data the first time, they can do it again.
Conclusion
Keeping your website security up to scratch is a continuous process. You cannot install a single security plugin and think that now your WordPress website will not be hacked.
Be sure to check your website regularly. Even if you are not doing any work related to your content. Simply logging in to the WordPress dashboard once a day is enough.
Take everything in your control. Never give permission to someone, unless highly trusted, to login to the admin or cPanel area.
We would suggest that you hit publish with your own hands once blogs or videos are ready to be published.
How do you keep your website safe and secure? Have you had any experience of compromising your website data with the hacking attack? If yes, how did you recover it?
FAQs
It covers many things. From picking the reliable hosting company, installing WordPress security plugins, choosing a strong password, giving limited access, to limited login attempts, all are necessary to make your website secure.
Based on stats, almost 70% of WordPress website are vulnerable to potential hacker attacks.
The reason why WordPress is a common target for hackers is that it is a widely used platform for creating a website.34% of total websites are powered by WordPress.
