Due to the platform’s popularity with new web site owners, WordPress is a frequent target for hackers. Those new to operating a website don’t always know the best security practices.
Various exploits in old versions of the popular blogging software also mean that hackers can gain access to your site without jumping through many hoops.
If you’ve left a plugin with known vulnerabilities installed on your site, are using an old version of WordPress, or if you are not using complex passwords there is a good chance that your site is going to get hacked.
If your website does fall victim to malicious actors, there are five specific steps you can take to reclaim your site and prevent falling victim to hackers in the future.
1. Stay Calm and Document
When you see an attacker compromised your site, it’s tempting to want to panic, delete everything, and pretend like it never happened.
Panicking is almost always the worst thing you can do. Liability issues can arise from hiding the attack. Your best action is to document what you are seeing.
If the attacker has taken over your site, take a screenshot of the compromised page. Note the date and time you first observed the attack. If your site is now distributing malware, document what type of malware it is.
Make sure that you try and understand as much about what happened as possible. This documentation forms the basis of an incident report.
You’ll want to be especially careful about your documentation if you have reason to believe the hacker compromised your database and retrieved user account information.
Many jurisdictions have laws now requiring you to disclose the hack to all persons that may have been affected. If that is the case, you’ll invariably want to consult with a lawyer after determining the compromised accounts. A lawyer can help walk you through your liabilities and choose the right wording for any communications to users.
If your website doesn’t store any visitor financial or personally identifiable information you don’t need to worry about contacting a lawyer.
2. Take Your Site Offline
Once you’ve documented everything, you’ll want to take your site offline while you conduct repairs. Now, if your site has a lot of traffic and the extent of the attack is minor, you may not need to do this.
If you don’t know how to take your site offline, ask your hosting provider for help.
However, if your hacked blog now shows an unwelcoming message because of the attack, you’ll want to remove that as quickly as possible. Even if you zip up the contents of the site and copy them locally for diagnosis, it’s better than having people visiting your corrupted site.
Doing this also limits your liability exposure as well. For example, knowingly leaving your site operational if it’s infecting computers may make your hosting provider unhappy. In general, stopping the general public from having access to your site while you’re attempting repairs is the smartest course of action.
3. Work With Your Hosting Provider
If your web hosting provider hasn’t already alerted you to the hack, you should consider contacting them for assistance. Many times they can help you track down which files caused the corruption.
The support staff can often identify the corrupt files for you. Having this list enables you to know what you need to replace to get your site working again. Replace all the files in this list with the appropriate ones from either the WordPress or relevant plugin source code. Ensure that you are only downloading these files from verified sources.
If a specific plugin was the cause of the attack remove that plugin from your website and find a replacement.
4. Update WordPress and Plugins
Hacks are almost always the direct result of an outdated plugin or WordPress code. Old versions have attack vectors that are well-known in the security community. Hackers also know these possible exploits and use them effectively.
By upgrading every single theme and plugin, you significantly reduce the risk of having a future attack. Be sure to update your WordPress version to the latest version as well. If you cannot update everything to the latest due to version conflicts, upgrade as much as you can.
5. Restore Your Site And Reset Your Passwords
With the hack patched and all components upgraded, you should now make your site available again. Bring it online and reset the administrator password.
If you have users that login to your site, you may need to expire or reset their passwords as well to ensure that their accounts are not compromised.
Getting hacked is undoubtedly a pain. Since WordPress is an incredibly popular platform, it is also a prime target for attacks.
If attackers compromise your site, make sure you stay calm, take your site offline, remove the compromised files, upgrade everything, and reset all passwords. Being hacked is scary, but recovering from it is possible!