Site icon WordPress Developer

What To Do When Your WordPress Site Has Been Hacked?

What to do when your WordPress site is hacked

WordPress is both free and amazingly customisable, so it’s no surprise that it’s the most widely used CMS in the world. Anyone can get started on a site of their own with no frustrating barrier to entry or knowledge required to give it a try. These advantages have their downsides, though — because it’s so popular and flexible, WordPress is a prime target for hackers.

If you run a WordPress site but you’re not very technically-minded, you might feel totally powerless if you’re ever unfortunate enough to suffer a website hack. What should you do to respond to that kind of event? Does your site need to go down, or can you get it back to where it was? Is there a way you can avoid such a thing happening again?

To make things a little clearer, this post is intended to give you some idea of what you should do in the event of a hack to your WordPress site, so let’s get started.

Get Logged In To The WordPress Admin Area

Hacks come in many different forms, but you’re ultimately going to notice them when you see changes to your site. You’re most likely to notice the content change, see unusual login activity, find new plugins installed, or be unable to log in at all.

If you can still log in, go ahead and do so immediately. If you can’t, you’ll need to contact your web host and inform them of what’s happening.

They’ll be able to confirm your identity, look at system history, determine what’s going on, and reset your login details so you can get back in.

What To Do If Your WordPress Site Is Hacked

Once you’re logged into the system, you’ll need to proceed through the following checks very promptly. The hacker (or hackers) might still be in the system trying to make further changes, so exercise your admin power while you still can.

Try To Restore an Old Version

Have you been keeping site backups? It’s always a good idea to make regular website backups, and if you’ve been taking that precaution then you should try to restore the most recent backup that you’re confident was made before the hack took place — unless you looked extremely closely, you would struggle to know for sure that deeper changes hadn’t been made to the site, so it’s best to revert the entire thing. Bear in mind that any plugin updating you did in the previous step may need to be redone here (it will depend on the exact nature of your backup system).

Consult A WordPress Expert

At this stage, you should have staunched the wound, but you won’t be able to do the full security audit that you’ll need to ensure that the website is ready to go live again. You’ll need a WordPress expert to help you with that. Feel free to get in touch and I’ll be able to inspect your site, remove the hack and minimise the risk of suffering another hack not long after the first.

This is a quest post and thanks to Patrick Foster from Ecomm Tips for submitting it. If you’d like to submit a quest post then get in touch.

Exit mobile version