•  
  •  

What to Do When Your WordPress Website Gets Hacked

No one wants to find themselves in a situation facing a hacked WordPress website, unless you’re into that sort of thing, which in that case, you do you. And frankly, no tone really expects themselves to actually be in that situation, let alone taking steps to recovering from it.

So that whenever a person does get hacked, you can bet your bottom dollar that the first thing that happens is — panic ensues.

Well, hackers hack, and for one reason or another, your website could be next. I say it’s best to be prepared for the worst, and altogether avoid the panic that’s sure to follow.

To start things off, make sure you perform the basic WordPress security actions just to make sure your website is on the safe side. You can never foolproof your website entirely, but going through the steps in this & this article, you should be good to go.

Also, make sure to go through this list to get yourself a good hosting provider. Your hosting provider should provide you with ample security tools to secure your website. I recommend 10Web’s Managed Hosting for this, but more on that later.

Even though your hosting provider might provide you with backup/restoration service alongside hosting, you should always go for a separate backup solution as well.

Cloud backup

Now that you’ve secured your website (to the best of your abilities), as the title of this article suggests, you might be here after your website has already been hacked. Let’s see some of the security and recovery steps that you can take if that’s the case.

Your best bet in receiving useful and trustworthy assistance is through your website’s hosting company. But, before you ask them for help, it’s better to identify where things might have gone wrong for your website, just to make it one step easier for the hosting company’s support.

Here are some of the more obvious telltale signs of a hacked website:

  • Not being able to log in your WordPress admin
  • Finding illegal/fishy links spread across your website
  • Your website getting blacklisted by search engines (Google, Bing, etc.)
  • Getting redirected to a different website when entering your website’s URL

If you notice any of these signs, start preparing an incident report. Even though the next step is to report to your website’s hosting company, an incident report will significantly reduce the time it takes for the support team to help fix your website.

Website hacked

You can start by documenting the exact day and time when you first started noticing abnormal behaviors on your website. The nature of the weird things happening to your website, which you might have identified from the signs mentioned above. But most importantly, a detailed documentation of all the latest changes that you’ve done to your website, i.e. what new plugins you’ve installed, any changes or modifications to your themes, widgets, and other elements.

Contact your hosting provider

When your incident report is ready, it’s time to contact your hosting company and let them know exactly what’s what. If you’re with a hosting company that knows their stuff this is exactly the sort of thing that they are specialized in fixing.

Notify Hosting Profider

This is a crucial step since having a professional helping hand guiding you almost always yields better results than you trying to battle things out on your own. Chelsea Brown from Digital Mom Talk raises similar points to this saying:

“The most important thing for you to do after your website is hacked, is to contact the hosting service and make sure they know what’s going on. That is part of what you pay them for, if not then it needs to be corrected immediately. Hiring a professional company to monitor your site is always essential, and a crucial way for you to be able to make sure that your site is protected and professionals are there to defend against attacks on your website.”

A good hosting company that provides its own dedicated support team will provide you with whatever’s necessary to help you get to the bottom of your situation. They can, and should also help you identify the origin of the hack that’s affecting your website, as well as any vulnerabilities that are still active.

Restore your backups

Once you’ve notified your hosting company, it’s time to restore things back to normal. You need to use your backup systems to restore as many files as you can back to their pre-hacked state.

Some hosting companies such as 10Web offer multiple backup services, which would work wonders for your hacked website.

First, there’s the backup service that comes packaged alongside your hosting. Backup on your hosting level allows you to revert your entire website to a specific restore point in the past. Reverting all changes done to your website after said point.

The Most Reliable WordPress Backup Service
BACKUP YOUR WEBSITE It's free and always will be
The Most Reliable WordPress Backup Service
BACKUP YOUR WEBSITE It's free and always will be

Not every hosting offers this, but a restoration service such as the one that you get hosting on 10Web, is super important, especially if your website ever ends up getting hacked. Since the restore service automatically creates restore points every 10 days you can rest assured that even in a worst-case scenario you can safely rollback your website to an earlier state.

Apart from hosting-side backup (restore points) 10Web also provides a fully-fledged backup service to keep all of your website’s data safe. With this, you can both manually and automatically schedule backups for your data. You get to choose from 7 different locations to store your backed up files. This way, you’ll have your files on-hand at all times.

Having a reliable backup service is crucial to getting your service back online asap. The last thing you need is for word to go around regarding your website’s hacked status, which is why it’s essential your website is returned to a functional state as quickly as possible.

After this step, depending on how the conversation goes with your hosting company and the fixes they apply to your website, there are a few more things that you can do to make sure your website’s safe and clean going forward.

Malware scanning

Check website for malware

Next, you’d want to scan your website for malware.

You can do this easily with a WordPress plugin or service. Try the security service by 10Web.

Start your security procedures with a vulnerability scanning. If you have already set up regular scans, just look for the recent results. If not, start scanning now and see if there’s anything else wrong with your website.

You’ll lucky if you’ve started using the service before your website got hacked. It means that all changes have been logged and you can now view them from your 10Web dashboard. The security service allows you to track and reverse any change made on your website.

Make sure to install it now, before anything has happened, so have a safe version to restore. Any irregular behavior will be reported after scans. That will help you detect attacks at an earlier stage.

To stay safe in the future, go through this article about 14 ways to secure your website.

Check website users and user permissions

user permissions website security

How much do you trust the other users of your website? Even when they don’t intend any malice, are you sure they won’t leave their laptops unsupervised with the website open?

Make sure you only allow users to make the changes they are responsible for. A blog editor doesn’t need access further than the text content of your blog.

Double-check all permissions, limit them if necessary, and take some time to train all users on cybersecurity.

If you have an open registration form for users (e.g. to submit guest posts), never allow them to make even the slightest change without your approval.

Change passwords for all users on the website

Regardless of the permissions, any account on your website can be hacked, including both your admin account and all kinds of user accounts.
Make sure to change all of their passwords to avoid new attacks.

You should feel safer now!

Got burning questions regarding all things WordPress? Throw them our way in our WordPress Family Facebook Community, and we’ll answer them right away.

Don't forget to share this post!

Garbis Vizoian
Garbis Vizoian
If Garbis is not in front of his computer screen, writing articles and exploring the world of WordPress and tech at 10Web, he must be painting Warhammer, playing video games or screaming his lungs out in his metal band.

Leave a comment

Your email address will not be published. Required fields are marked *

Your email address will never be published or shared. Required fields are marked *

COMMENT

NAME *

WEBSITE

Cancel reply

1 comments

Sort by recent
  • Amit Khandelwal

    Nice points but we can some more thing like prevent yourself being hacked.
    – Disable directory listing
    – Change salt key
    – Change WP-Config file permission
    – Choose better table prefix than WP

    Loading
Ask a question