When I went on maternity leave I decided I would totally switch off this time around. I entered my newborn bubble and forgot about the outside world, just as it should be.
This also meant I stopped logging into my website to do updates. The number one thing I really drill into my Digital Alchemy students. Keep your site up to date! In 15 plus years, I’ve never had my website hacked, I am usually vigilant with updates but I really dropped the ball on this one and when I checked back in to come back from maternity leave I noticed that my site had been hacked!
How does it happen?
As WordPress is one of the most popular website publishing tools, it’s a prime target. No you’re not specifically being targeted, the platform itself is.
Generally there are a few main reasons why your site may be hacked, poor website hosting security or a vulnerability is exposed on your website files. To give you some perspective, in the past 12 months, there has been 25 releases of WordPress, and a lot of them are fixing security vulnerabilities. And it’s not just the WordPress core, it’s can also be attributed to third party plugins.
What can I do if I’ve been hacked?
Whilst there are loads of things you can do to preventatively, often we don’t even consider it until it’s too late and the damage is done.
- Change all your passwords – your WordPress and your FTP logins.
- Check your users listing to make sure you don’t have any randomly created users.
- If you can access the site, install a security plugin such as Securi Security (there is a free one) and scan the site to find where the issue is and replace the affected files (or if you have a backup in place restore an unhacked version). You can also use the plugin to fix any vulnerabilities.
- If you’ve got a good host, often you can contact them and they will restore your site for you.
- If you work with a web designer, contact them, it may be part of a care package you’re on or they can fix it up for you for a fee.
- Sign up to Sucuri for malware removal
What can I do to avoid being hacked?
Install your self hosted version of WordPress correctly, install security monitoring and protection plugins, keep everything up to date and spend the extra money for a good web host.
Sounds simple right.