Think of your website, and see it as a giant business card. An open invitation for the world to come in and see you, what your business is all about. You and your team have put countless hours envisioning, organising, and creating an appropriate representation of your organisation. Now imagine its thoughtfully-chosen colors suddenly interrupted by flashes of red and black, with some gibberish in caps you’ve never seen before running down the page.
It’s not a pretty picture, but when your WordPress site gets hacked, you’re in for a few repairs. You’re most ready to tackle the issue when you take a deep breath, calm down, and bear in mind that you will indeed recover, as chaotic as it may be at the moment. Read on to learn what to do when it happens, and what preventive measures you can take for the future.
- Get professional help (optional, yet recommended)
If you’re one of the few technology-savvy entrepreneurs and you feel comfortable undertaking this issue, we applaud you and will point out some tools that can support you in this undertaking. However, if you’re not experienced in web security issues and code, professional help might be the best option for you. Being hacked is a serious matter that exposes you and your readers to many dangers, and it should be carefully handled.
- Clean up
Update whatever programs need to be updated, and run your machine’s anti-virus and malware scan thoroughly. If you don’t have any anti-virus software installed, you can use McAfee’s 30-day free trial as an emergency measure. However, we strongly recommend you have permanent anti-virus protection for all your computers.
You can also scan your website by using a plugin. Make sure this scan is thorough, allowing all file extensions to be checked.
- Contact your host
Reach out to your hosting service, making them aware of your issue. Ask if they can help you to trace the root of the problem.
- Change your passwords
Change all backend passcodes (FTP/SFTP/MySQL). Depending on what kind of access you still have to your website, you will use one of the different methods to reset passwords. Make sure you also change the passwords for all the people who have access to your site.
- Restore your information
Counting on that you’ve backed up your website, restoring it should be an orderly step-by-step process, depending on the plugin you use. If you haven’t backed up before, we urge you to do so now! You can back up your WordPress with services such as VaultPress which backs up your website on real time, for a price ranging from US $5 per month to $440 per year. Other backup plugins for WordPress include BackupBuddy, BackWPup, and BackUpWordPress.
- Close backdoors
Backdoors grant hackers access to your server, even after you’ve identified and removed the corrupted plugin. You can learn to close backdoors yourself, as well as to secure your wp-config.php file, or hire a professional to do so if you’re not experienced.
After all the ruckus has settled and your website is clean yet again, do take some time to take preventive safety measures for the future. WordPress hacking can have detrimental consequences on your data preservation, rankings, company’s image, and your users’ security. Getting hacked can simply happen to anyone, but as we learn through experience, prevention and readiness is key. So take a deep breath, keep calm, and continue WordPressing – safely.