Help, I’ve been hacked!
Don’t panic. Here’s what you need to do.
What does ‘hacking’ mean?
‘Hacking’ is the term used when somebody gains access to your web site or system without permission. Sometimes it is done ‘just because’ and sometimes it is done to be malicious. It’s a nuisance and something we need to take seriously.
WordPress is one of the most popular and commonly used web content management systems, so it’s often a target for hackers. It’s nothing personal towards you, just a way for them to polish their skills by finding loopholes to get into a site. That’s why we need to stay on top of maintaining our sites.
How do you fix it?
If you’ve found yourself the victim of a hacker, or even suspect there has been unauthorised access, here are some steps you need to take, pronto!
If you can’t get into your site:
If you don’t have access to log into your WordPress site, you will need to change your password in the database. This is not something you should be playing with if you’re not confident as you have potential to cause a lot of damage. If you’re not sure, get in touch with Meg or your local web designer to take action for you.
Once you are logged into your WordPress site:
- Change all of your passwords for your web site, including your WordPress login and FTP login (via cPanel).
- Go to your Users list to see if there are any strange accounts. If any stand out, change their role to ‘–no role for this site–‘.
- Install the Sucuri Security Scanner plugin (FREE) on your site and activate it. Once running, go to Sucuri Security and wait for it to run an integrity check.
- Remove any code that was added by hackers (Sucuri can do this for you). Or if it is too extensive, restore your site from your latest backup.
- Let your web host know you have been hacked. They may be able to help you with your site restore.
- As soon as you’re back up and running, run all of your plugins and core system updates to close any loopholes.
How can I stop it happening again?
Sadly, Hackers are something we need to be mindful of as web site owners and we need to take it seriously. To help prevent further attacks in the future, take the following actions:
- Keep your site and plugins updated regularly. Set your calendar to remind you to run updates every two weeks.
- Set the Sucuri Security Scanner hardening features, which will lock your site down tight.
- Install Wordfence plugin (FREE) onto your site to monitor suspicious behaviour.
- Take regular backups of your site. UpdraftPlus is a great FREE plugin that you can set to automatically take regular backups.
- Get familiar with the different ways you can secure your site and throw hackers off the scent, via this link