What To Do When Your WordPress Site Has Been Hacked?
Posted on October 24, 2018
WordPress is both free and amazingly customisable, so it’s no surprise that it’s the most widely used CMS in the world. Anyone can get started on a site of their own with no frustrating barrier to entry or knowledge required to give it a try. These advantages have their downsides, though — because it’s so popular and flexible, WordPress is a prime target for hackers.
If you run a WordPress site but you’re not very technically-minded, you might feel totally powerless if you’re ever unfortunate enough to suffer a website hack. What should you do to respond to that kind of event? Does your site need to go down, or can you get it back to where it was? Is there a way you can avoid such a thing happening again?
To make things a little clearer, this post is intended to give you some idea of what you should do in the event of a hack to your WordPress site, so let’s get started.
Get Logged In To The WordPress Admin Area
Hacks come in many different forms, but you’re ultimately going to notice them when you see changes to your site. You’re most likely to notice the content change, see unusual login activity, find new plugins installed, or be unable to log in at all.
If you can still log in, go ahead and do so immediately. If you can’t, you’ll need to contact your web host and inform them of what’s happening.
They’ll be able to confirm your identity, look at system history, determine what’s going on, and reset your login details so you can get back in.
What To Do If Your WordPress Site Is Hacked
Once you’re logged into the system, you’ll need to proceed through the following checks very promptly. The hacker (or hackers) might still be in the system trying to make further changes, so exercise your admin power while you still can.
- Remove Any New Users – If you go to your user permissions, you’ll be able to see the full list of users with admin access. Has that list grown? If not, you’ll need to proceed directly to the next step. If you do see some new users, however, or some altered permissions, change them right away. Act as quickly as you can. To be optimally safe, you may want to delete all admin accounts but yours. You can always recreate additional admins later once things are safer.
- Change Your Security Information – At a minimum, you’ll need to change your password, but you’ll also need to check your recovery email address. If it has been changed, change it back to the original email account, and reset the password to that email account as well. When you set your new password, follow standard recommendations and aim for a high level of security — memorise it, then keep a record offline if you have to keep a record at all.
- Take The Site Offline – With the permissions done, you should take the site offline. If you needed to contact the web host to log in, you may have asked them to do as much then — if not, log in to your web hosting panel and take the site offline (then change your web hosting password for good measure). The reason for this is that you likely won’t know the exact nature of the hack, and you’ll want to fully check the entire site before putting it back up.
- Inform Everyone Relevant – If your site is just a personal project, or a basic promotional business site with no user accounts, then you may not need to notify anyone. If your site does have user accounts, though — and especially if it serves as an ecommerce store using WooCommerce — then you’ll need to reach out to the registered users as soon as possible to let them know their user data has been compromised.
- Check Your Plugins – The ability of WordPress to support a lot of plugins in combination is very valuable, but it’s also a security risk if abused. Just one plugin with a security vulnerability can ultimately allow a hacker access to an entire WordPress system, even if the basic installation is solid. Did you install any new plugins after the WordPress site development or before the hack took place? Were there any important updates pending? Perhaps an urgent patch was released for one of your plugins but you didn’t install it it in time. If you find updates that need to be made, make them, and Google your newest plugins to see if anyone online has been talking about them. If a particular plugin was the problem, you should find others with similar hacks, because hackers wouldn’t have targeted you in isolation.
Try To Restore an Old Version
Have you been keeping site backups? It’s always a good idea to make regular website backups, and if you’ve been taking that precaution then you should try to restore the most recent backup that you’re confident was made before the hack took place — unless you looked extremely closely, you would struggle to know for sure that deeper changes hadn’t been made to the site, so it’s best to revert the entire thing. Bear in mind that any plugin updating you did in the previous step may need to be redone here (it will depend on the exact nature of your backup system).
Consult A WordPress Expert
At this stage, you should have staunched the wound, but you won’t be able to do the full security audit that you’ll need to ensure that the website is ready to go live again. You’ll need a WordPress expert to help you with that. Feel free to get in touch and I’ll be able to inspect your site, remove the hack and minimise the risk of suffering another hack not long after the first.
This is a quest post and thanks to Patrick Foster from Ecomm Tips for submitting it. If you’d like to submit a quest post then get in touch.