Your WordPress installation has been hacked.
How do you respond?
First, don’t worry, as this happens to WordPress site owners everywhere. The WordPress platform is one of the most popular content management systems used to power websites around the planet. However, with that wide-ranging usage, comes risks.
And because WordPress is used so widely, it has become a favorite cybercrime target as well. Even if you keep your WordPress site secure with various security plugins, malicious actors can still find holes in your security. So if you’ve found yourself needing help with a hacked WordPress installation, follow our tips to keep your sanity and hopefully fix your site.
Here are 8 Steps For Responding To A Cyber Attack On Your WordPress Website:
1 – Identify The Type Of Hack
First, you have to find out what type of hack has happened. Can you still access the WP admin panel? How does the hack present itself? Is your website serving pop-ups, or is it redirecting to another URL?
Determining the type of hack is crucial to your ability to fix whatever went wrong. Once you learn what has actually happened, don’t be afraid to give it a Google to see what the best course of action may be. The WordPress support forums are great for providing advice, as well as StackOverflow WordPress section.
But remember, when asking for help from a community always search to see if the question has been asked and answered before. Community members hate nothing more than being de-facto customer service agents for people who do not search beforehand.
2 – Change Any & All Passwords
Your first thought might be to change the passwords on your WordPress installation after a hack. However, you need to take it a bit further than WordPress. Even if malicious actors or hackers compromised only your WordPress installation, they might have gained access to the web server or database as a whole.
One of your first steps should be changing all passwords associated with the hack. That means not only your web server login, but the database login and password hooked to your WordPress installation, your email passwords on the domain, and literally, any other passwords you can think of that are connected to your hacked WordPress installation.
One of the best ways to ensure that you always have secure passwords will be to invest in a high-quality password manager, which can change your passwords regularly for you and will always choose ones that are the toughest to break.
3 – Contact Your Hosting Provider
Your web host may be able to provide more in-depth info about the hack, such as access and FTP logs you may have access to otherwise. Most hosts will also offer some sort of back-up if you do not have one yourself.
Some hosts have also been known to add compromised WordPress files to a “quarantined” area of the web server. If this is the case, and your host has quarantined files already, you now know exactly where to look to find the hack.
Your host will also be a great resource to find out how the malicious behavior happened in the first place, possibly giving you a good idea of where to start repairing security holes.
4 – Audit WordPress Theme & Plugins
If your WordPress installation is still accessible via the admin panel, a good first step is updating both your WordPress installation, themes and plugins. When developers update their plugins & themes, it is often because a security issue is being fixed. So that means you, as a WordPress site owner need to keep them updated to keep your site secure.
You can update your WordPress installation, plugins, & themes directly from the WordPress admin panel. Don’t have access to the admin panel because of the hack? Your alternative would be deleting the plugin from your website server and downloading the newest version and uploading it as a replacement.
5 – Restore From An Existing Backup
Most hosts provide some type of backup and restore functionality at the server level. However, lots of WordPress owners choose to create secondary backups. If this is you, and you have backups, restoring may be a good course. Yet, you have to make sure the version you are restoring isn’t compromised as well.
And certainly, once you restore your site (if possible), you should update WordPress, your theme, and plugins. If possible, you should also try to save a copy of your site backup locally. There is a possibility that if your backups are stored on the same web server as the hacked WordPress installation that they might be compromised as well.
6 – Hire A Professional Security Export or WordPress Developer If Needed
There is no shame in hiring a WordPress or security professional to finish what you started. Cleaning up a hack can be complicated. And if you’ve never done it before, there is always the risk you will miss something, leaving your site and visitors vulnerable.
7 – Check All Your WordPress Users & Permissions
Often you will see that user permissions have been changed after a hack. This usually happens because the malicious actors or hackers have created an account for themselves, or compromised an existing account and upgraded its permissions.
Sometimes, hackers have a way of keeping accounts hidden from the admin panel of WordPress, meaning you have to check the user MySQL database to find them. You should delete any accounts you don’t recognize, and change all passwords for every user account, in addition to checking their permissions.
8 – Stay Calm & Keep Your Composure
The most important thing required of you when your WordPress site has been hacked is to keep calm. Often times you see website administrators doing more harm than good when dealing with a hack, due to the frantic nature of the work.
Often times a website being down meaning the business or individual it belongs to is losing money. However, you can’t let this fact allow you to cut corners, or fix the hack sloppily.
Hopefully, these steps have given you a sound basis for how to respond to cybercrime, hacking, or malicious behavior on your WordPress installation. If you do fix the issue yourself, great!
However, keep in mind that you have to stay diligent in the future. The security landscape changes continuously, and so should how you handle these situations. And remember, keeping calm is the most significant help in scenarios like this.