It’s sad but true. Websites can get hacked. And it’s a stressful experience if yours is a business site. Your readership and business will take a solid beating. You have to recover your hacked site as fast as possible.
A hacked WordPress site can also result in you losing your rankings on the search engines, make your readers vulnerable to viruses and get your reputation smeared if it is redirected to bad sites in the neighborhood or even to porn websites. The worst thing is you could lose all site data. Thus, make security your top priority especially if you run a business.
It’s vital that you have a reputed WordPress hosting company and if your budget is good enough, use managed WordPress hosting. Also, ensure that you have at all times a good WordPress backup solution like BackBuddy.
Guide to Fix Hacked WordPress Website
Hire a pro:
For websites, if you are uncomfortable when you deal with servers and codes, you must hire a pro to do it for you. Since hackers conceal their scripts in various locations and thereby enable hacks to repeatedly return to the site, it’s good to hire a professional.
What is the hack?
It’s imperative that you remain calm when you deal with a hack. Note down all that you can concerning the hack. Run through this checklist: [clear]
- Are you able to login into your WordPress administrator panel?
- Is your site redirecting to other websites?
- Does your site still contain illegal links?
- Has Google marked your site ‘insecure’?
Make a note of the list for this will come in help when you speak with your hosting company or to a professional. It will also be helpful when you begin to fix your website. Also, it’s vital to change passwords before the start of the clean- up. You will have to do the same (change passwords) after the cleaning of the hack is done.[clear]
Contact your web host:
Hosting providers are helpful, and they have skilled staff who do these things almost every day. They can guide you best because they are acutely aware of their hosting situation. So contact your host and do what they instruct you to do.[clear]
Scan, remove malware:
First, delete all inactive plugins and themes on your site. Hackers hide their ‘backdoor’ here. ‘Backdoor’ refers to a technique of skipping standard authentication procedures and getting the capability to stay undetected while remotely accessing the server. Most savvy hackers first always set up the backdoor for this enables them to gain access again even after you remove the plugin that’s exploited.[clear]
If the theme authenticity checker discovers malicious or suspicious codes in your themes, it will display a ‘details’ button near the theme with a reference to the infected theme file. The malicious code that it found will also be shown to you.[clear]
Trusted members of your site – and you, of course, — only have access to the WordPress administrator. In the users, WordPress user section ensures that only people who are team members have access. If you spot suspicious users, delete them.[clear]
From the time WordPress 3.1 came into being, WordPress has produced many security secret keys that encrypt your passwords. If a user steals your password while still being logged in, they will stay logged in for their cookies are legitimate. To immobilize the cookies, you need to have new secret keys and add it in your wp-config.php file.[clear]
Change passwords again:
In step one, you changed your passwords. Now do it once more. You have to refresh your WordPress password, cPanel / FTP / MySQL password and anywhere else you have made use of this password.[clear]
Reinforcing up Your site
It’s a proven fact that a good backup is the best security system for your site. If your site hasn’t a good backup, correct this oversight at once and install a backup that protects your site daily. Besides that, there are some other things you can do to protect your site better. From the list given below, do as much as you can.
- Set up a Website Monitoring System and Firewall: Find a good provider which obstructs attacks before they can reach your server.
- Use Managed WordPress Hosting: Most hosting companies likely WPEngine and Pagely, go the extra mile to ensure that your site is kept secure.
- Disable Plugin Editors and Theme: This is the best practice to secure your site.
- Keep Login Attempts Limited: Don’t underestimate the importance of this. Read up tutorials on the subject.
- Guard Admin Directory with Password: Install additional layers of a password to your admin area.
- Immobilize PHP Execution in Some Directories: This will give you one more security layer.
Above all, keep the themes, plugins and core of your WordPress up-to-date. Google announced recently that they had added a change in their algorithm which impacts sites that are hacked with spam results. So make sure your site is secure.
I hope this post has been of help to you and has guided you on the right path when fixing your hacked site. If you still have problems, then I recommend you to hire a professional. Sucuri is one of the best fixers of hacked sites. You can also seek help from your hosting company to help you to fix your hacked site.