Nothing can ruin a day more than discovering your web site has been hacked.
Maybe the home page has been replaced by a Cialis ad. Or, the layout of the site has changed. Or, you can’t login to the Dashboard. Or, your site is blocked by a Google malware alert.
After all the hard work you’ve put into your precious website, being hacked can make you feel angry, violated, and a little bit dirty. And traumatized.
But to save your site, you have to put your emotions aside and get to work, thinking as clearly as possible. And, fast!
Here is a list of what to do after the hack, to clean up the site and make it whole again. This list is in the general order of action depending on your knowledge.
I’ve noted the minimum WordPress fluency necessary to accomplish each action.
B – Beginner User, I – Intermediate Designer, A – Advanced Developer
Post-Hack Recovery Tips
Request Help from Your Host
For obvious reasons, it’s in your web host’s interest to contain infections on their servers. They might have resources to do something swiftly, like revert to a clean backup, refer you to a cleanup team or at the very least, give you useful information.
Hire a Professional – B
If you are not a web developer – able to locate and delete malware – and are feeling overwhelmed, hire a professional to clean up your site. If you don’t know someone locally, there are services online to help. For instance, Sucuri offers a $199 cleanup that includes one year of protection.
Refer to the WordPress Codex – B
The WordPress Codex offers a step-by-step method of recovering from a hack.
Scan the Site – I
Use your site’s security plugin to scan the site for recently modified files, malware, and date stamps. In addition to isolating the infection, this will help you decide how old of a backup you may need to install. If you don’t have a security plugin already installed (tsk-tsk) use a site like Sucuri SiteCheck or Web Inspector to check your site.
Check Server Logs on Server – I
To figure out how a vulnerability was exploited, comb the server’s Error Logs for clues. It might just lead to the a file you can easily delete.
Clean Hacked Files – A
Depending on what your scan and logs say, clean the malicious code or removed the infected files. This requires some knowledge and experience and should not be attempted lightly.
Reinstall the WordPress Core – I
If you are unable to clean the files individually, replace the WordPress core files in wp_admin and wp_includes through your Cpanel. If scans indicate that malware was injected into your content, find a recent backup of your wp_content folder and replace that too.
Restore the Backup Database – I
Use the clean backup of wp_content saved to your hard drive or Cloud and restore it to a clean new installation of WordPress. Check thoroughly before repointing domain.
Remove Unknown Users – B
This can be done from the Dashboard or Cpanel. Find and delete anyone with Admin privileges that don’t deserve them. Heck, delete anyone suspicious.
Change all Passwords – B
If you are locked out of the WordPress site, go to your Cpanel database and change the passwords for WordPress. While there, change passwords for your hosting account and FTP access.
Change your SALTs – I
Salts are secret authentication keys that live in your wp_config.php file that protect the encryption of login information for your WordPress cookies. They can be changed anytime to harden your WordPress installation, but after the hack is an excellent time to prevent the bad guys from breaking back in. Go to WordPress.org to generate new SALTs.
Scan your Computer – B
Use computer scanning software to find and kill infections you downloaded to your machine. Because how can you use an infected computer to clean up your website when it will just reinfect it? Try using software from Avast, BitDefender, Kaspersky, or Norton to scan and clean your hard drive.
Create a Clean Backup – B
Once your site has been cleaned up, save a backup right away just in case your site is re-hacked.
Get off the Blacklists – B
Search engines may have alerted you with malware warnings and will put you on a black list. Once your site is clean, notify Google, Bing, Yandex, and McAffee immediately.
Use a Managed Security Service – B
A company like Trustwave will provide security testing and firewalls, among other services. Sitelock is a popular service offered by many web hosts.
After the Hack is Gone
Ok, now breathe. Stretch and do a good twist. Relax, knowing the worst of the worst is over.
But don’t delude yourself into thinking lighting doesn’t strike twice, because hackers will. When they know your site has been breached once, they will hover like vultures, ready to dive bomb another vulnerability.
Diligence is the best coarse of action after the hack. Update WordPress and plugins religiously. Backup regularly. Scan often. Heed warnings. Avoid outdated software.
Don’t give an inch or you’ll let the bastards win!
Learn to Sell Stuff on WordPress Using WooCommerce!
If you live in the Vancouver, BC area and want to learn how to make your site handle ecommerce transactions, come to the WordPress Workshop Meetup, Rescheduled for April 8th at 7pm. At Learn to Sell Stuff on WordPress Using WooCommerce, developer Curtis McHale will give us a grand tour of the highly regarded WooCommerce plugin. We meet at Big Rock Urban Eatery, 310 West 4th Ave, Vancouver and the fee is $10.00, which will be quickly paid back when WooCommerce starts raking in the dough on your site. RSVP now!