The following 11 steps, divided into 3 phases: Identify, Executing and Preventing, serve as a quick immediate response when your WordPress website is hacked. However, they work best when you already know them all before the attack occurs.
Before proceeding any further, there is one thing you must remember at all time.
If your website is down and you are losing money by the minute, don’t let that get to you. Be in control of the situation, remember these following steps and start fixing.
(Detailed analysis can be found below)
11 steps to follow when your WordPress website is hacked – CyStack
Identifying (4 steps): Find out whether your WordPress website is hacked or not
Not any WordPress website owner know that they are a victim when a cyberattack occurs. According to our CyStack Website Security Report for Q3 2018, over 20% of the attacked websites are still not recovered 2 months after the attack. There are many cases when a website runs slowly or even stops working, with a very clear warning by Google attached to its entry in the search result page, but the website owner still have no idea of what is going on.
Be the first one to know that your own WordPress website is hacked by using these methods:
- Pay attention to changes in the website content and theme. Despite how obvious this sounds, some people still cannot do this properly! A very common objective of website hacks is defacement, when a hacker leaves behind clear evidence to show off that he was the one behind the hack of your WordPress website.
- Try Googling your own website. With the query “site:domain.com hacked” with “domain.com” being your website domain, you will see all the pages that have been defaced by the hacker. You might even get a “The website ahead contains harmful programs” warning, showing that you have indeed got blacklisted by the giant search engine.
- Use a website monitoring tool. This is by far the most convenient method. With tools like our CyStack Monitoring, you will be notified of content modifications in your website and your Google blacklist status when there are any changes.
- Look for strange files in your source code. This is only for those who constantly interact with the source code. Make sure not to miss any suspicious changes in the source code.
Executing (4 steps): Start recovering your website after an attack
Let’s get down to actually fixing your hacked WordPress website. It is not difficult to find a guide for recovering a hacked WordPress website on the Internet. Here, we will list 4 basic and essential methods that are a must when your WordPress website is hacked.
1. Check your log file
The log file can tell you about the state your website is in, all malicious behaviors that have occurred in recent times and even the time of the hack. This can greatly help you in deciding on the best solution.
2. Return the website to the state before the attack using backups
This is one of the most widely recommended methods by many website recovery guides. This is a very effective method, but is not enough. Apply the measures below to make sure your website is really “healthy” and will not be compromised again immediately after the repair. After all, the backed up version of your website is affected by vulnerabilities – that’s how it got hacked in the first place!
This method also does not work with websites which are updated frequently or are not backed up regularly.
3. Reinstall a clean version of WordPress
Reinstalling WordPress is not an easy option, but it is very effective nonetheless. The details of how to reinstall the source code will not be discussed here (you can find the detailed tutorial in the references of this article). However, we want you to remember an important rule when installing and updating WordPress core, themes and plugins:
“Download from the right page, update at the right time”
Do not follow in the footsteps of countless other hacked WordPress websites with nulled themes, pirated plugins, and an obsolete WordPress core!
4. Use an application to scan for malwares
Using cloud-based security platforms is a worry-free method to cope with website attacks. Our CyStack Platform offers a 14-day trial with the following applications for securing your website
CyStack Responding: Detects and removes malicious codes on your website.
CyStack Monitoring: Monitors website status around-the-clock.
CyStack Scanning: Detect vulnerabilities affecting your website.
CyStack Protecting: Web application firewall for total protection against malicious behaviors.
Preventing (3 steps): Set up precautionary security measures to avoid future hacks
Firstly, you can find one of the simplest guidelines for basic WordPress security here. In this article, I’ll just summarize the key points for you to quickly grab hold of the 3 pillars that make a secure WordPress website:
- Backup your website and database regularly: Avoid data loss and help recover your website quickly after being attacked
- Update WordPress Core, themes, and plugins frequently: Minimize the risk of hackers’ exploiting vulnerabilities in your website, especially vulnerabilities that have just been publicized.
- Use website security platforms: Detect recently publicized vulnerabilities in your website with applications like CyStack Scanning.
Use a web application firewall and HTTPS protocol (included with CyStack Protecting).