What to do when your website has been hacked

What to do when your WordPress website gets hacked

When I went on maternity leave I decided I would totally switch off this time around. I entered my newborn bubble and forgot about the outside world, just as it should be.

This also meant I stopped logging into my website to do updates. The number one thing I really drill into my Digital Alchemy students. Keep your site up to date! In 15 plus years, I’ve never had my website hacked, I am usually vigilant with updates but I really dropped the ball on this one and when I checked back in to come back from maternity leave I noticed that my site had been hacked!

How does it happen?

As WordPress is one of the most popular website publishing tools, it’s a prime target. No you’re not specifically being targeted, the platform itself is.

Generally there are a few main reasons why your site may be hacked, poor website hosting security or a vulnerability is exposed on your website files. To give you some perspective, in the past 12 months, there has been 25 releases of WordPress, and a lot of them are fixing security vulnerabilities. And it’s not just the WordPress core, it’s can also be attributed to third party plugins.

What can I do if I’ve been hacked?

Whilst there are loads of things you can do to preventatively, often we don’t even consider it until it’s too late and the damage is done.

  • Change all your passwords – your WordPress and your FTP logins.
  • Check your users listing to make sure you don’t have any randomly created users.
  • If you can access the site, install a security plugin such as Securi Security (there is a free one) and scan the site to find where the issue is and replace the affected files (or if you have a backup in place restore an unhacked version). You can also use the plugin to fix any vulnerabilities.
  • If you’ve got a good host, often you can contact them and they will restore your site for you.
  • If you work with a web designer, contact them, it may be part of a care package you’re on or they can fix it up for you for a fee.
  • Sign up to Sucuri for malware removal

What can I do to avoid being hacked?

Install your self hosted version of WordPress correctly, install security monitoring and protection plugins, keep everything up to date and spend the extra money for a good web host.

Sounds simple right.