Steps to Take if your WordPress Website has been Hacked

keep wordpress secure

If you’re like most businesses, your website is an important cog in your lead and sales generation machine and there are fewer things more harrowing and downright disruptive than to visit your website one fine day and find that it has been a victim of a hack or malware injection.

The good news (if we can call it that) is that WordPress websites getting hacked is far more common than you might imagine so don’t beat yourself too much over it. What is important at this stage is limit the damage, to take the necessary measures to get your site cleaned up and running again.

In this article, we will look into how to spot whether your WordPress website has been compromised as well as taking a deep-dive into the methods you can use to recover it and get going again.


How to Spot if your Website has Been Hacked

cyber criminals

When it comes to hacking, you need to keep in mind that WordPress isn’t very different than sites that have been built using other platforms. Anything that is connected to the internet is prone to cyber criminals and even other, less popular platforms like Magento, Drupal or Joomla are prone to hacking too.


Here are a few common signs of a hacked WordPress site:


  1. Your security plugin sends you a warning: if you are like the vast majority and you are using one of many security plugins available, then chances are you will be notified as soon as your site gets compromised. As far as WordPress hacks are concerned, this is the best-case scenario, as it enables you to react immediately.
  2. The site redirects to another one: another sign that your site has been compromised is when you are trying to access your site, but you are redirected to another website and these are often adult and gambling sites. If this happens, you can bet that someone has got unauthorised access to your server and is ready to wreak havoc for their own traffic-gain benefits.
  3. You cannot log into the admin panel: probably the most common way cyber criminals hack their way into your system is by stealing the login information. Once they’re in, they will hijack your admin account so that you will no longer have access to your site and in some cases may even ask for a ransom (should this happen, never give in to their demands). In many cases, they will ask for a ransom. In case it happens, never comply with their terms. Here is why you should not give into ransomware demands:
  4. Google marks your site as insecure: if Google detects suspicious activity, they will mark a site as insecure in search results. Of course, they might also remove your site from SERPs altogether. In Google Search Console, you will be notified when your site has been marked as non-secure or has been removed from search results and Chrome and other browsers may also display a warning.
  5. Warnings from your browser: most browsers are now equipped with built-in security warnings when they detect phishing attacks, malware, cross-referencing or other malicious elements on a WordPress site. If you get a warning from your browser, you know you’ve been the victim of a hack.
  6. Sudden traffic spikes: a sudden traffic spike doesn’t always mean great marketing! Hackers will sometimes use hacked WordPress sites as their hub of distribution. In other words, they can use your site to send malware and viruses to other platforms. To avoid spam detection, they will link to your domain and then redirect visitors to another site. If you see some unexplained traffic spikes, consider running a malware scan.
  7. Your site displays strange links: another alternative that hackers may use to sending visitors to other sites is to place spammy links right on your site. This method enables them to remain hidden to run things from behind the curtain. If you notice that your site has weird links on it, make sure to take the steps presented in the section below.


Practical Steps to Take if your WordPress Site has been Hacked


  1. Keep your Calm

First things first: Relax! Rather than panicking remind yourself a fix may not be very difficult.

Being angry or stressed won’t help and just delays the process of you working towards getting the issue resolved, either by yourself or getting someone else to do it.

Important thing is to get to work right away.


  1. Locate the Actual Hack


In order to get the problem solved, you first need to locate the actual hack. Here is a quick list of questions we advise you to go through in order to locate the real problem:


  • Are you able to successfully log into your admin panel?hacked vs fixed
  • Does your WordPress site contain any illegal links?
  • Is your site redirecting to a third-party website?
  • Has Google marked your website as insecure?
  • Do you see on your browser a security alert concerning your website?


After you have answered the above questions with yes/no/maybe, follow the steps below.


  1. Contact your Hosting Company


At this point, you need to start acting. The best thing you can do is to contact your hosting company ASAP. Most professional hosting companies will gladly help you with this situation. The ones with more experienced staff have already dealt with hackers before, so they know how to navigate the shallow waters of WordPress hacking.

Before taking any steps yourself, it is wise to contact your hosting company. In case your website is hosted on a server, the hosting company can immediately see if the cybercriminal got access to your WordPress site through another site hosted on their platform. Moreover, there is a good chance that they might tell you how the hackers accessed your site and where the backdoor is located.

Hopefully, your hosting company is professional enough to detect the problem and to clean up your site after an attack. If not, there are other options you have at hand.


  1. Backup your data

data backup button on keyboard

While it may sound counter-intuitive, backing up your data after your site has been breached is a vital step in ensuring that you minimise the damage done. You should do this step at the same time you are contacting your hosting company. Keep in mind that some hosting providers might delete all the data on a site that has been compromised. Since you don’t want to lose all your precious data, it is always a great idea to keep a copy around.

Salvage whatever you can using your an effective WordPress backup solution or do a backup by yourself.


  1. Perform a Full Computer Scan


You can do this in parallel with data backing. And, why should you scan your local machine?

In many cases, the actual hack can trigger on the local computer associated with your WordPress account. If a cyber criminal has managed to compromise your computer, it is possible that they can extend their reach to the websites you frequently log into. Using a key-logger, the hacker can get free access to your WordPress site.

For that reason, install and run a full virus/malware scan on your computer. Additionally, ensure that your OS is up to date. By doing this, you can make sure that the problem didn’t originate from your computer and reduce the risk of being reinfected after cleaning up the mess on your WordPress site.


  1. Hire a Professional


If your website has experienced a strong attack and your hosting company is unable to help you, we recommend that hire a WordPress agency. Keep in mind that a vulnerable website only gets worse as time goes on, so the faster you can get the issue fixed, the safer your website will be.

Hiring a professional might come at extra costs, but you get the peace of mind that your website is up and running ASAP and the probability of a repeat hack is less.


  1. Restore a Previous Version


Now, if you’ve developed the good habit of backing up your site regularly, you might be lucky enough to get rid of the hack by simply restoring your site to a previous version. The only downside to this is that when restoring your site to a previous point in time, all the changes you’ve made since then will be lost.

Now that you’ve restored the old version of your site and minimised the damages, add extra security functions to ensure that you site will be able to avoid future malicious activity.

In case you can’t restore your site to a previous version or you don’t want to do to avoid losing data, you may be able to manually clean up the code.


  1. Scan for Malware

warning - visiting risky site


After you update the plugins and the theme, it is imperative to scan for malware. A good WordPress security plugin will automatically scan for malware and will scan your cores files for integrity. Moreover, it will tell you if whether your site has been blacklisted by Google.

Scanning for malware allows you to remove any undesirable penalisations by Google so that you can retain your SEO (Search Engine Optimization) ranking.


  1. Replace Any Compromised Files


In case malicious code is found on any files, the best thing you can do is to delete those files and replace them with the original, uninfected version.

For instance, you can replace the core version of your WordPress site with a fresh version without ruining your site. As long as the wp-content section remains intact, you can modify everything else.

In fact, the simplest way to do that is to just go and re-install WordPress from inside the dashboard. Also do that for plugins and themes.


    10. Change your Password and Secret Keys


Another step you can take if your WordPress site has been hacked is to change the password again. Do not change just one password, but change them all, including backend credentials, MySQL passcode, FTP login and admin email address password.

Another important password you need to change is the SALTs. WordPress SALTs are secret keys used to encrypt important information. SALTs allow the hacker who has accessed your account to be able to remain hidden thanks to cookies. By changing the SALTs, you ensure that any access from the outside is deleted, and the hacker won’t be able to access your account anymore using the password stored in the cookies.


Rebuilding your Site


Now that the attack has been dealt with and your site is clean, it is time to get everything back. Get all the blog posts, themes or plugins back to their normal state from the backup files on your WP site or from your computer.

The last step of the process is to harden your WordPress site security to ensure this won’t happen all over again. Here is a blog post with just the right security measures:


Top tips on optimising for voice-enabled assistants like Amazon Echo & Google Home

Voice search is more than just a fad; it is something being used by millions of households worldwide, and the numbers are only going to continue growing as home-based smart assistants get smarter and more affordable. Using our voices to browse the internet is getting more common as Amazon Alexa, Google Home and others have taken pride of place in our homes. If you haven’t yet incorporated voice search into your overall SEO strategy, then you need to get right to it.

voice search icon

Natural language processing and voice search are being improved all the time and as more people begin to use it for general internet browsing, it should be your number one priority to get your website optimised for it. Voice search is completely changing the game and has even modified the way Google handles search queries, and this has an impact on everything, from Ecommerce to Search Engine Optimisation (SEO) and everything in between.


A Brief History of Voice Search

Initially introduced in 2010 by Google, voice search could be used by dialling a phone number and saying some keywords, and Google would then return some webpages which best related to these keywords. Although this admittedly wasn’t the best voice search solution, it enabled Google to develop the voice search and speech recognition technology which is used today.

how did voice search change SEO?

There are many devices, products and services used by millions of people all around the world on a daily basis which can be used for voice search and, as more people utilise voice search for its convenience, this number is going to keep growing as the technologies get more intelligent and voice search becomes a more intuitive way to browse the web.

What is Voice Search Used For?

There has been plenty of research done into what exactly voice search is used for, and this can help you optimise your website and fill it with relevant content. Although the specific figures vary, voice-based search is generally used for the following in relatively equal measure by searchers –

  •    Local information
  •    Fun and entertainment
  •    Personal assistance
  •    General information

Voice search catagoriesThere are plenty of ways you can optimise the content on your website to fall within these categories, especially if you are a local business or operate premises within a local area… more on this later.

As voice search begins to be more widely used, exactly what it is used for will begin to change and we are likely to see it being used for more specialist and specific searches.


Preparing for Voice Search

Unfortunately, you cannot just sit around and ignore voice search; if you don’t get your website and its pages optimised now, the growth of voice search will have a hugely detrimental impact on your web traffic. There are a few key ways you can get yourself ready for voice search –

  1.     Prioritise local search

“Near me” searches are one of the most common uses of voice search, for example where the end-user is searching for something near them such as a café or restaurant. If you are operating a business which owns a brick-and-mortar location, you should be tailoring your site for this purpose. Make sure that your Google My Business information is updated and correct and add location-specific pages to your website if you operate multiple physical locations.

  1.     Write casual copy

You should be writing your web copy in a way which sounds like how somebody speaks: conversational and natural. Copy which is more casual in tone instead of being corporate and official will help catch voice-based searches. When you are writing your web copy, think about how you would talk with your friends about the subject in a casual setting and try to convey that tone on the page. Voice search carefully analyses the end-user’s speech to carry out the search, and your copy needs to somewhat mirror that.

  1.     Use long-tail keywords

Targeting long-tail keywords is a good idea as they are more specific; long-tail keywords are longer than a typical search query and many sites overlook them and use shorter ones. This is a good thing for your website – using long-tail words helps you remain competitive. Because voice searches are generally conversational, long-tail keywords places you in a much better position and higher up in search results.

  1.     Answer questions on your site

Most voice-based searches are carried out in question form, so it is important that your website specifically answers questions frequently asked by your visitors and customers. This can be done either through your general content or as a dedicated FAQs page and it helps your overall SEO as well as your SEO for voice search. It’s always a good idea to do this regardless.

  1.     Be optimised for mobile devices

Your website needs to be optimised for use on mobile devices and it is something which you should already have done. If you haven’t yet, you really need to – voice search brings with it an increased need for mobile optimisation because voice assistants fall under the “mobile” device category. Google have announced their “mobile-first search index” and you simply won’t rank in search results if your website is not optimised for mobile devices.

Voice Search is the Future

Even though there is still much to learn about voice search, it is certainly the future. It is going to continue growing at a fast rate as it becomes more accurate, responsive and viable for day-to-day use. Because of this, you need to get your website optimised and fully ready for voice search sooner rather than later if you want to get well ahead of your competition and continue to rank highly in search results.

It’s key that both your website design and its content are fully optimised for voice searches and mobile devices. Content which is more casual, user-friendly and scannable is likely to bring in voice-based searches as opposed to long-winded content which is formal and harder to read. Although getting your website ready for the rise of voice-based search is going to take time and effort, it is necessary.

To find out more on how Diffusion Digital can help improve your online presence, read more about our Shopify offering or our WordPress development here.


How to choose a website design agency

The website design and development racket is a tricky field to navigate.

If you find yourself in search of web design agencies, it’s sometimes hard to tell the wood from the trees in terms of differentiating between the good and the bad.

The aim of this blog is to give you a few pointers on why it’s worth your while getting professionals to design and develop your website.


#1 How hard can it be? I’ll do it myself for a fraction of the price


Don’t get me wrong many people have successfully designed, developed and launched their own websites using one of the well-known platforms such as WordPress or Wix.

But, have they created something that truly reflects their brand or business? Well I’d bet that 99% of ‘self-built’ websites entirely misrepresent their brand/business or simply don’t do it justice.

A website is often the first place a prospective new client will look – the importance of making a good first impression is essential in building trust, driving conversion and encouraging advocacy.



#2 Due-diligence whether it’s a new business or an upgrade – don’t go rogue


So, you’ve made the right choice and realised what’s best for your business.

You must be careful though. As in every industry, especially overcrowded ones, there are those who have your best interests at heart, and then there are the crooks.

Owing to how diluted the industry is, the web design and development space is littered with people trying to exploit other peoples ignorance and make a quick buck and whilst most agencies in question provide a similar service offering to one-another, it’s up to you to differentiate between them all.

It’s important to try and choose an agency that will take as much pride in the client’s business and brand, as the client themselves.

This is obviously easier said than done but finding a team with enthusiasm for not only their work, but also their clients, will ensure a positive outcome further down the line.

An obvious place you can check this is in their case studies. If there aren’t beautiful examples of past work proudly placed on a pedestal on the agency’s website, alarm bells should be ringing.

Another easy way of finding reputable agencies is through industry related publications and the annual awards given out to leading website design agencies in London and globally.


#3 Pay Peanuts, Get Monkeys


Monkey selfieWhen it comes to costs, if it sounds too good to be true, then it probably is and somewhere down the line you’ll end up in losing out either financially or being lumped with a mediocre, under-whelming website.

Always bear in mind the number of different elements it takes to build a good website – design, UX, development and SEO. Each are very specific skills that people spend years honing and as such you expect to pay!

So, save your time and don’t engage with any company who quote significantly less than all the other quotes that you have received.

Especially in regard to SMEs and start-ups, budgets can be restrictive, but, considering the importance of a website plays on client’s first impressions, every effort should be made to make them as well-crafted as they can be.

Websites are often more expensive than people think but when you take into account the expertise you are getting for your money, the juice is worth the squeeze.

75% of user judgment about your business’s credibility is based on your website’s design
University of Surrey

People are often taken aback by the costs of building a custom website. Whilst these costs are usually fair, the agency should provide fairly comprehensive breakdowns demonstrating how they are arriving at the forecasted costs, including an idea of additional development and post build costs should they be needed.

Getting several quotes from different agencies should give you a good idea of a ballpark figure you should expect to pay.

Whilst there are some very intuitive platforms out there that can walk you through every step to building an intuitive and responsive website for relatively little money, the chances of you creating a website that best reflects your business is hard with off the shelf templates. What’s more; by using the standard themes offered by the likes of WordPress and Shopify, it’s likely that your website will end up looking similar if not identical to someone else’s and correct me if I’m wrong, it’s in a businesses interest to stand out from the crowd, not mix about in it.


#4 Forming Lasting Relationships


Digital professionals helping ambitious brands thrive online.

This is the mantra at the core of Diffusion Digital’s ethos and fundamentally lays out our driving force, and, in danger of sounding self-righteous, it’s one that every digital agency should pursue.

people working happily

I say ‘pursue’ because – owing to evolving environments, demographics and products, to name but a few – this process is changes with the times and we must adapt with it. Having an agency aboard throughout will make your life easier in the long run.

Agencies should demonstrate that they take genuine pride in the websites they help craft. They should take the time to truly understand what the brand or business stands for and the client’s objectives or vision into the future, as well as Key Performance Indicators.

When a collection of brilliant minds, hearts, and talents come together… expect a masterpiece
John Ruskin


#5 Sit back and watch your business/brand evolve online


The beauty of using an agency is that you should expect all bases to be covered.

  • Appropriate platform

Magento, WordPress, Kentico, Salesforce, Shopify are just a few of the platforms that people host their websites on and which one to use depends on your business. Engaging the correct platform from the outset is critical to all businesses moving forward in terms of functionality abd scaling the business in the future.

  • SEO structure

It is essential to involve Search Engine Optimisation (SEO) from the earliest stages of a website build. Creating keyword optimised landing pages will help Google recognise what your business is and subsequently, with an ongoing content strategy, high quality organic traffic will be driven to your site.

  • Clever custom animations

Being able to customise apps and other integrations is essential to truly bringing a brand to life online. Agencies make it their mission to tweak existing apps to best fit the profile of the business they are working for. This allows entirely bespoke interactions that will truly enhance the appearance and performance of the site.

  • Seamless user experience

Creating a site that is easy to navigate, with intuitive integrations and that’s pleasing both visibly as well as practically is a crucial part of attracting engaging and retaining visitors to a site.

  • Responsive design

Increasingly people use a variety of devices to access the internet making it essential to develop a website that transitions seamlessly from one device to another.

#6 Key considerations


  • Does this agency have the right expertise?

Choosing an agency cartoonThe agency doesn’t necessarily have to be old but it is worth checking the experience of the team who is going to be working on your account. It has been known that experienced people will be in the discovery stages in order to win the brief and subsequently pass the account onto less able juniors. Whilst this is great in teaching other people skills, it might not be ideal in terms of building your website.

  • Does this agency offer all of the services I require?

Where possible find an agency where all departments — SEO, Development, UX, Copy Writing to name but a few — are housed under one roof. In terms of simplicity, efficiency and ease of communication this is far better than working with agencies who sub-contact elements out to people who might be based on the other side of the world

  • Is my business important to them?

Find people who care. If it is a small project don’t go to a big agency because they might not assign the same amount of time as they do to other projects.

  • How many people will be working on my account?

This will vary throughout the build. Expect all sections to be involved during the initial discovery stages but once designs and strategies have been laid down the teams will work individually on the sections that are relevant to them before passing it onto the next to complete theres.

  • Who will be my main contact?

Ensure clear lines of communication are set up and you know who you speak to directly should you need to

  • What am I paying for?

You are paying for a team of experts in their respective fields to help bring your business to life on line. In a world where digital is taking over a little more each day, it is essential that we keep up with the times and by creating a beautiful website you will extend your reach enormously.

  • Do you like and trust them?

This isn’t just an agency who you need to help you in the short term. These individuals are going to be dealing with something which is incredibly important to you and as such you need to not only to like them, but more importantly trust them. You need to be able to look at them and tell that they are going to treat your baby – so to speak – with the upmost respect. Essentially a website design agency becomes intimately involved in the development of your brand/business and as such you need to see that they care.

  • Are they asking the right questions?

The agency should develop a deep understanding of the business and how it works during the initial discovery stage, this should also look into key performance indicators and future targets.

  • Are they able to provide testimonials and examples of work?

Whilst the agency doesn’t necessarily have to be too old, it is important that at least a few of the people who work there have considerable experience working in the industry. This can be tested by looking at the testimonials on both the individual as well as the work they have done.

Ultimately what you ant to ask yourself is whether or not you will form a good relationship with the agency and especially the team who are going to be working on your account.

Contact with an agency rarely ends after the build is complete and usually an agency will offer retainer packages to manage a website into the future. Moreover finding an agency who offers on-going SEO and content marketing retainer strategies that will help drive high quality organic traffic to your site.