You begin your normal workday, and you bring up your WordPress-based website and notice something isn’t quite right. You may see some content added to the bottom of a page that does not make any sense. You go to the admin of the website to edit it and can’t get logged in. “I’ve used the same credentials for years,” you think to yourself, “This can’t be right.” You go back and search through the rest of the website and notice there are even pages that are getting redirected to another website trying to sell you prescription drugs! Then it hits you harder than your morning coffee and you say under your breath, “I’ve been hacked.”
My website was hacked. Now what?
Being a WordPress website owner, you may read about it every day and think “Oh, it’ll never happen to me” or “That only happens to popular or largely used sites, not my little small business or nonprofit site.” But the truth is that any site, largely or sparsely used, can be vulnerable to being hacked. In fact, statistics show that 70% of WordPress installations are vulnerable to being hacked. If you haven’t been a part of that statistic yet, be sure to read more about how to protect yourself with a secure website. Let’s talk about what happens if you become a part of that statistic and it’s too late.
Step 1 – Call for Backup!
The easiest way to get your website back from the intrusion is to restore it from backup. From your backup source, find a backup from the last time you know your website was working. Now, this will not solve the problem of your website getting hacked again but it will get you to a place where you can start taking action to help prevent it.
The downside for restoring from backup is the data loss between the last working backup and the current version of the website. While this is not the best answer for folks who need that data as pristine and up to date as possible, it is the quickest and easiest.
No backup? After you get this cleaned up, you should seriously consider it. Or give us a call to help you get started. Don’t live dangerously.
Step 2 – Good vibes only. Remove the Bad Code.
This takes knowledge of the system files and how they work or function on the website. If you feel uncomfortable doing this, it would be well worth it to hire someone to do it for you. Like Vervocity! Mistakes at this point could lead to a loss of data or your entire website. So first, make a full and complete backup. Yes, make a backup of the current hacked website and keep it in a safe spot offline for now. This is your safety net in case things get…. worse.
If you do get access to your website by restoring a backup or you don’t have a backup at all, you will need to remove or clean up all your website files. This could fix or close the holes on the website the hackers used to get in.
You will need access to the files on the server via FTP (File Transfer Protocol). Download a program like FileZilla to use as an interface if you do not have one installed. You will also need the server, username, and password credentials to access the site this way. Find the directory of your website files. You will see folders for wp-admin, wp-content, wp-includes as well as several framework files.
From here, you will need to manually update WordPress. Remove lines of hacked code and reupload them to your website. Manually clean up folders and subfolders and make sure there are no extra plugins that you did not install. Be sure to check all files carefully as you want to be sure not to delete anything that is needed.
This is a very tedious process depending on the level of the hack. The hacker likes to leave backdoor files to access a site after it has been cleaned so do a thorough job!
Step 3 – It’s time for a change of ALL the passwords
Once an intruder has gained access to control uploading and editing files, it might be possible they also obtained access to your database. While the user password is encrypted, the database password is not. This is in the wp-config.php file. You will need access to your website hosting to update the database user password and then make the change in the wp-config.php to match it.
For users, make sure there are no extra administration users and then change your password while you are in there. It is not only good practice to do so even though the passwords are encrypted, but this might also be the way the hacker got into your website. Through a brute force attack of a weak password!
Step 4 – Update!
Update all framework, theme, and plugin files. Don’t forget this step because if you do you are leaving the door wide open for your website to get hacked again.
Don’t Get Hacked Again
Remember, this is a very simplified version of our strategy for fixing hacked websites. Not all hacks are the same. Some are much worse than others to fix. The worst hacks will fully delete or ransom your website files, in this case, none of these steps will help you out.
If you are a Vervocity WordPress Hosting and Security Plan Client, we take care of backups, security, and updates. We also are available to clean up any WordPress website if you noticed any sign of being hacked. Save yourself the stress and contact us!