If you’re like most businesses, your website is an important cog in your lead and sales generation machine and there are fewer things more harrowing and downright disruptive than to visit your website one fine day and find that it has been a victim of a hack or malware injection.
The good news (if we can call it that) is that WordPress websites getting hacked is far more common than you might imagine so don’t beat yourself too much over it. What is important at this stage is limit the damage, to take the necessary measures to get your site cleaned up and running again.
In this article, we will look into how to spot whether your WordPress website has been compromised as well as taking a deep-dive into the methods you can use to recover it and get going again.
How to Spot if your Website has Been Hacked
When it comes to hacking, you need to keep in mind that WordPress isn’t very different than sites that have been built using other platforms. Anything that is connected to the internet is prone to cyber criminals and even other, less popular platforms like Magento, Drupal or Joomla are prone to hacking too.
Here are a few common signs of a hacked WordPress site:
- Your security plugin sends you a warning: if you are like the vast majority and you are using one of many security plugins available, then chances are you will be notified as soon as your site gets compromised. As far as WordPress hacks are concerned, this is the best-case scenario, as it enables you to react immediately.
- The site redirects to another one: another sign that your site has been compromised is when you are trying to access your site, but you are redirected to another website and these are often adult and gambling sites. If this happens, you can bet that someone has got unauthorised access to your server and is ready to wreak havoc for their own traffic-gain benefits.
- You cannot log into the admin panel: probably the most common way cyber criminals hack their way into your system is by stealing the login information. Once they’re in, they will hijack your admin account so that you will no longer have access to your site and in some cases may even ask for a ransom (should this happen, never give in to their demands). In many cases, they will ask for a ransom. In case it happens, never comply with their terms. Here is why you should not give into ransomware demands:
- Google marks your site as insecure: if Google detects suspicious activity, they will mark a site as insecure in search results. Of course, they might also remove your site from SERPs altogether. In Google Search Console, you will be notified when your site has been marked as non-secure or has been removed from search results and Chrome and other browsers may also display a warning.
- Warnings from your browser: most browsers are now equipped with built-in security warnings when they detect phishing attacks, malware, cross-referencing or other malicious elements on a WordPress site. If you get a warning from your browser, you know you’ve been the victim of a hack.
- Sudden traffic spikes: a sudden traffic spike doesn’t always mean great marketing! Hackers will sometimes use hacked WordPress sites as their hub of distribution. In other words, they can use your site to send malware and viruses to other platforms. To avoid spam detection, they will link to your domain and then redirect visitors to another site. If you see some unexplained traffic spikes, consider running a malware scan.
- Your site displays strange links: another alternative that hackers may use to sending visitors to other sites is to place spammy links right on your site. This method enables them to remain hidden to run things from behind the curtain. If you notice that your site has weird links on it, make sure to take the steps presented in the section below.
Practical Steps to Take if your WordPress Site has been Hacked
Keep your Calm
First things first: Relax! Rather than panicking remind yourself a fix may not be very difficult.
Being angry or stressed won’t help and just delays the process of you working towards getting the issue resolved, either by yourself or getting someone else to do it.
Important thing is to get to work right away.
Locate the Actual Hack
In order to get the problem solved, you first need to locate the actual hack. Here is a quick list of questions we advise you to go through in order to locate the real problem:
- Does your WordPress site contain any illegal links?
- Is your site redirecting to a third-party website?
- Has Google marked your website as insecure?
- Do you see on your browser a security alert concerning your website?
After you have answered the above questions with yes/no/maybe, follow the steps below.
Contact your Hosting Company
At this point, you need to start acting. The best thing you can do is to contact your hosting company ASAP. Most professional hosting companies will gladly help you with this situation. The ones with more experienced staff have already dealt with hackers before, so they know how to navigate the shallow waters of WordPress hacking.
Before taking any steps yourself, it is wise to contact your hosting company. In case your website is hosted on a server, the hosting company can immediately see if the cybercriminal got access to your WordPress site through another site hosted on their platform. Moreover, there is a good chance that they might tell you how the hackers accessed your site and where the backdoor is located.
Hopefully, your hosting company is professional enough to detect the problem and to clean up your site after an attack. If not, there are other options you have at hand.
Backup your data
While it may sound counter-intuitive, backing up your data after your site has been breached is a vital step in ensuring that you minimise the damage done. You should do this step at the same time you are contacting your hosting company. Keep in mind that some hosting providers might delete all the data on a site that has been compromised. Since you don’t want to lose all your precious data, it is always a great idea to keep a copy around.
Salvage whatever you can using your an effective WordPress backup solution or do a backup by yourself.
Perform a Full Computer Scan
You can do this in parallel with data backing. And, why should you scan your local machine?
In many cases, the actual hack can trigger on the local computer associated with your WordPress account. If a cyber criminal has managed to compromise your computer, it is possible that they can extend their reach to the websites you frequently log into. Using a key-logger, the hacker can get free access to your WordPress site.
For that reason, install and run a full virus/malware scan on your computer. Additionally, ensure that your OS is up to date. By doing this, you can make sure that the problem didn’t originate from your computer and reduce the risk of being reinfected after cleaning up the mess on your WordPress site.
Hire a Professional
If your website has experienced a strong attack and your hosting company is unable to help you, we recommend that hire a WordPress agency. Keep in mind that a vulnerable website only gets worse as time goes on, so the faster you can get the issue fixed, the safer your website will be.
Hiring a professional might come at extra costs, but you get the peace of mind that your website is up and running ASAP and the probability of a repeat hack is less.
Restore a Previous Version
Now, if you’ve developed the good habit of backing up your site regularly, you might be lucky enough to get rid of the hack by simply restoring your site to a previous version. The only downside to this is that when restoring your site to a previous point in time, all the changes you’ve made since then will be lost.
Now that you’ve restored the old version of your site and minimised the damages, add extra security functions to ensure that you site will be able to avoid future malicious activity.
In case you can’t restore your site to a previous version or you don’t want to do to avoid losing data, you may be able to manually clean up the code.
Scan for Malware
After you update the plugins and the theme, it is imperative to scan for malware. A good WordPress security plugin will automatically scan for malware and will scan your cores files for integrity. Moreover, it will tell you if whether your site has been blacklisted by Google.
Scanning for malware allows you to remove any undesirable penalisations by Google so that you can retain your SEO (Search Engine Optimization) ranking.
Replace Any Compromised Files
In case malicious code is found on any files, the best thing you can do is to delete those files and replace them with the original, uninfected version.
For instance, you can replace the core version of your WordPress site with a fresh version without ruining your site. As long as the wp-content section remains intact, you can modify everything else.
In fact, the simplest way to do that is to just go and re-install WordPress from inside the dashboard. Also do that for plugins and themes.
10. Change your Password and Secret Keys
Another step you can take if your WordPress site has been hacked is to change the password again. Do not change just one password, but change them all, including backend credentials, MySQL passcode, FTP login and admin email address password.
Another important password you need to change is the SALTs. WordPress SALTs are secret keys used to encrypt important information. SALTs allow the hacker who has accessed your account to be able to remain hidden thanks to cookies. By changing the SALTs, you ensure that any access from the outside is deleted, and the hacker won’t be able to access your account anymore using the password stored in the cookies.
Rebuilding your Site
Now that the attack has been dealt with and your site is clean, it is time to get everything back. Get all the blog posts, themes or plugins back to their normal state from the backup files on your WP site or from your computer.
The last step of the process is to harden your WordPress site security to ensure this won’t happen all over again. Here is a blog post with just the right security measures: https://diffusion.digital/wordpress-website-security-bulletproof/.