What to Do When Your Website is Hacked

You can also listen to an overview in our previous podcast episode about getting hacked.

So, your website has been hacked. 

Step 1. DON’T PANIC!

Seriously, it is all going to be OK. I have helped many people recover from this situation either by giving them DIY instructions or cleaning their site for them. You can make this better.

As I have said before when you self host you are the one responsible and with great power comes great responsibility and now is when you will use that power.

Why did I get hacked?

While this is not really an important question it is one that you are likely to ask yourself. There are more reasons than are worth spending time on. But there are really two main reasons. One is simply for defacement, there are several websites where these kinds of hackers list the sites they have hacked and a screenshot to prove how they defaced them.

The second sort is all about money. Either they hijack your site to redirect traffic for clicks and money or they are using your server to mine bitcoin. These hacks are often harder to get rid of because they have a financial motivation.

How was I hacked?

Most of you are on a shared server. That means a really big server shared by hundreds, maybe even thousands of other websites. Each site has a small slice and the hosting company has a vested interest in making sure that the server itself is safe from hacking because if the root server is hacked then all of the sites on that server will be compromised.  99.9% of the time sites are hacked it is because they got in through your CMS, that is the software that is actually running your website, like WordPress or the plugins that make your CMS do more. The biggest reason sites get hacked is people don’t keep all of these bits updated.

What do I do now?

1. As I said before, don’t panic.
2. See if you can get into your admin dashboard.
3. If you can and can add a plugin, use something like Wordfence or one of the many other security plugins to scan your site. They can often remove or repair infected files.
4. Check your last few backups. You may be able to use one of those to restore your site to before it was hacked. You might lose some posts but that is better than being infected.
5. If none of those steps work then download the WordPress software from WordPress.org and upload it through your Cpanel into your public_html directory. Then unzip it and rename the wp-admin and wp-includes folder to wp-admin.old and wp-includes.com. Go into the wp-content folder and rename the plugins folder to plugin.old. Go into the WordPress directory and copy the wp-admin and wp-includes folder into the public_html directory and see if the site loads now.
6. There are more steps that can be taken that will depend on a higher confidence level with working with files and databases. I would list them here but this post would get to be very long and very technical and you might stop reading.
7. Hire me to clean it up. In most cases, it will take me from one to twelve hours to get it all fixed and for a very reasonable rate.
8. Hire Wordfence or Sucuri or another professional security company to do it for you, I will say that I wish I could charge their prices.
9. Talk to a web tech guy you trust and if that isn’t me that is fine. I am happy to answer any questions to help you in your time of need.

Don’t let it happen in the first place.

There are many things that you can do to keep the bad guys at bay.

1. Keep your WordPress install, your themes, your plugins, and your PHP updated.
2. Remove unused plugins and themes.
3. Check plugins that haven’t had an update in a long time to see if they are still supported.
4. Run regular backups and keep them someplace other than on your server.
5. Use security software and a firewall to monitor for malware to stop it before it becomes a problem.
6. Use strong passwords and 2-Factor authentication.
7. Pay attention to your site. Visit it while not logged in, look at it on your phone. Be the first to know when things aren’t right.
8. Have a nice cuppa because you have prevented a problem before it happened.

Want to reach out to Michael and hire him? Contact him here or reach out on Twitter @newsigns2