What to Do if Your WordPress Website Was Hacked
What to Do if Your WordPress Website Was Hacked
WordPress is the world’s most popular way to build websites. Of the top 10 million sites on the internet, nearly 30% are powered by WordPress. It’s no wonder that the company behind WordPress i.e. Automattic, has a highly skilled and expert team of programmers called the ‘WordPress Core Team’. These world-leading experts are responsible for securing the core WordPress software from hackers and malicious attacks.
As you know, you can install various themes and plugins in WordPress to extend the functionality of your website. In a few rare instances, there are chances that one of your themes or plugins may have a security loophole which hackers can use to access your website. In fact, over 50% of attacks in WordPress happen through plugins
In this blog post, we’ll guide you through the signs to look for to know if your WordPress website was hacked. In addition, we’ll also share some strategies on how to protect your website from being hacked, what steps to take if it was hacked and what measures you can take to prevent future attacks.
Since most of the steps in this article can be implemented free of cost, we recommend you go through each tip we’ve shared- and implement it on your WordPress website today.
Let’s get started…
5 Signs Your WordPress Site Has Been Hacked
When your WordPress site gets hacked, you’ll probably know it at once. But you also may not realize it for quite some time. So here are 5 basic signs to look out for to know if your WordPress site has actually been hacked.
1. You’re Unable to Login
This is obvious. If you aren’t able to login to your WordPress dashboard, it means you’ve been hacked (unless your coworker played a prank on you). There can be many reasons for this, but the number one reason why this happens is because your username is one of the following:
- admin
- Admin
- administrator
- test
- root
If this is the case for you, change your username immediately as WordPress accounts with these usernames are targeted frequently by hackers.
2. You’re Experiencing a Sudden Drop in Traffic
If your website was performing really well, and now got a sudden drop in traffic, chances are your WordPress site has been hacked. That’s because malicious hackers create a backdoor to your WordPress file system and replace the code with their own scripts and files.
This way, they redirect the traffic coming to your website to other spammy locations, steal private information of incoming visitors and wreak havoc in other ways.
In addition, once Google discovers that your site has become infected and is misbehaving, it blacklists your site from the search engine until you secure your website.
All of these matters lead to a sudden drop in traffic.
3. Your Homepage Has Been Vandalized
Most hackers operate in secrecy, but some hackers like to make themselves known when they successfully hijack a website. If your homepage has been vandalized and you can clearly see the name of hacker or some form of announcement that your website has been hacked, you need act immediately.
The reason why this happens mainly is that hackers want to hold your website hostage in exchange for money or some other demand.
4. You See Pop Ups and Other Ads You Didn’t Put There
If you are seeing that your WordPress site has become slow and unresponsive, and now have pop ups, sidebar and other kind of ads, it can be a sure sign your website has been hacked.
Usually, this kind of hacking isn’t done by a hacker.
Rather this is an automated attack which has entered your WordPress core system either through an weakly protected theme or an insecure plugin.
What makes this kind of hack genius (and dangerous) is that fact that the ads won’t show up for logged in users or users who are able to access your site directly. Rather, the ads will only show up for those visitors who come to your site via Google or another referral site.
This can make it practically impossible to know that your site has been hacked for the longest time.
Plus, the ads lead your visitors to spam websites, which can not only damage your website and its traffic, but also your reputation.
5. There’s Unusual Activity in Your Server Logs
If there’s one extremely efficient way to know if your website is hacked, it’s by looking at your server logs.
They are located in your cPanel which can be accessed by logging in to your hosting account. In cPanel, under statistics, you’ll find two kinds of logs:
- Access Logs: these logs show you who accessed your WordPress through which IP.
- Error Logs: these logs show you what errors occurred during modification of your WordPress system files.
Using the information inside your server logs, you can get a good idea whether your WordPress website was hacked. And since these logs also keep a record of all the IP addresses used to access your website, you can blacklist or block those IPs which are not from your location or are unknown.
What Steps Should You Take?
Your WordPress website can be hacked if you don’t take serious steps to improve your site’s security. And even if it is hacked, it’s still a good idea to take steps to prevent this from happening ever again.
In this section, we’ll discuss what preventive measures you should take both before your WordPress site has been hacked and after it has been recovered.
Steps To Take Before Your WordPress Site Has Been Hacked
Let’s start by taking a look first at the precautionary steps you should take to prevent hackers from breaking into your WordPress site.
1. Update your WordPress to the latest version.
According to WordPress, only 64.9% of sites have the latest version of WordPress installed, while 36.1% websites don’t. Since WordPress powers millions and millions of websites, this poses a serious security risk to a significant number of them.
The reason why so many websites aren’t updated is because of the confusing updating system of WordPress.
You see, WordPress releases minor and major releases of their software. For example, right now, the latest version of WordPress is 4.9.8.
If they release a minor update in the future, say, 4.9.9, the software will update automatically. But, if they release a major update, say, 5.0., you’ll have to manually update the software yourself by logging in the WordPress dashboard.
Many people fail to update their WordPress to the latest version either because they are unaware of this or forget about it. This exposes them to a lot of security threats as each new update comes with new bug fixes and security patches.
2. Always create backups.
While many people realize the importance of backing up their websites, sadly, most of them don’t actually do it.
No matter how many security measures you take, there’s still a chance your WordPress website may get hacked. And once your website is infected by hackers who put in their own malicious code and files, there’s a chance your website won’t be able to return back to its former self.
In this case, having a recent backup of your site is absolutely essential. For this, you can use a number of well-known WordPress plugins like BackupBuddy and Jetpack, both of which have different payment plans depending on requirements. Jetpack is included with HostPapa Optimized WordPress plans.
3. Install the top WordPress security plugins.
In general, WordPress is extremely secure. But many of the plugins and fancy themes you install on it are not. These provide a gateway inside your website that hackers are looking for. Before you know it, your site is hacked and blacklisted by Google.
For this reason, it’s important to regularly scan your WordPress sites for malware and other malicious forms of code. In addition, it’s also equally important to actively monitor your website for any incoming threats as well.
For that, installing a WordPress security plugin is a must.
Right now, the two best plugins in this regard are Wordfence or Sucuri. Both provide great security features such as scheduled malware scanning, real-time IP monitoring, spam detection and much more. Both of these security plugins have different plans which you can subscribe to, and none of them cost more than $200 per year to get you started.
Steps To Take After Your WordPress Site Has Been Hacked
If your WordPress website got hacked, don’t panic and follow the steps below to bring it back to normal.
1. Get ahold of your website backup.
The first step you should take after your site has been hacked is to look for any backups you may have of your site. If your backup has been stored on the same server as your website, it’s highly likely that backup isn’t there anymore — or has been corrupted. That’s why it’s never a good idea to store your website’s backup in the same place where you store your WordPress website.
There are three likely places where you might have a backup of your WordPress website:
- Inside your WordPress backup plugin service. If you’ve installed a WordPress backup plugin, chances are they’ve stored a backup of your site on their own cloud service or on a cloud service like Google Drive or Dropbox.
- Inside your WordPress backup plugin service. If you’ve installed a WordPress backup plugin, chances are they’ve stored a backup of your site on their own cloud service or on a cloud service like Google Drive or Dropbox.
- Inside your WordPress backup plugin service. If you’ve installed a WordPress backup plugin, chances are they’ve stored a backup of your site on their own cloud service or on a cloud service like Google Drive or Dropbox.
In your own account in the cloud. Check out your Google Drive, Dropbox or other cloud services if you have a manual backup of your website you might have put there by yourself.
With your hosting provider. If you didn’t invest in a WordPress backup plugin or were to lazy to manually backup your website, your last bet is to contact your hosting provider since it’s highly likely that they also regularly create a backup of your website on their server.
If you can find backup from one of these places, you’re good to go. All you have to do is restore your website either manually, or using one of the plugins where you created the backup, or by asking your hosting provider to do so.
2. Remove all your unused / outdated themes and plugins.
As we’ve mentioned above, themes and plugins are one of the easiest ways hackers gain access to your website. The more unnecessary and unused plugins you have, the more vulnerable you leave your website to unsuspecting attacks.
That’s why the moment you restore your backup, here are three important steps you should take:
- The first thing you want to do is browse the list of plugins and themes you have and delete the ones you haven’t used in a long time, especially the deactivated ones.
- Another important thing you should do is look out for plugins and themes that haven’t been updated in a long time. Because the longer a theme or plugin goes without an update, the more security holes it leaves in your WordPress backend.
- The final thing you want to check is whether your site is using a free theme or not. If you’re using a free theme, consider upgrading to its paid version or another paid theme as those provide better security to your WordPress site.
Many people assume that since they’ve deactivated a plugin or theme, it can’t cause harm to their WordPress backend. But that’s totally untrue. The plugin, even if deactivated, is still installed on your server and occupying space, which means hackers can still access it.
And finally, once you’ve deleted all the unnecessary plugins and themes, update the ones you plan to keep to their latest versions.
3. Update all your usernames and passwords.
One final thing you should do is update your WordPress username and password. Since your WordPress site was recently hacked, doing this is a good idea since it’s the best way to protect yourself from future attacks.
Here’s what you can do to fortify your WordPress login information:
- Frequently change your WordPress login password after every few weeks.
- Stop using the default username i.e. ‘admin’ or similar. Instead use a username that’s unique.
- Generate a strong password using a service like LastPass and store your password inside it for maximum security.
Not only are these tips applicable to your WordPress login info, they are also useful should you want to update your hosting account or FTP account password.
Another way you can protect your website from being attacked again is by hiding the ‘wp-admin’ directory and by limiting the number of login attempts which can be made to enter your WordPress. Both these things can be done by using the WPS Hide Login and WPS Limit Login Attempts plugins.
3 Useful Tips You Can Use To Secure Your WordPress Site From Further Attacks
“Better safe than sorry”…
This sentence is almost cliché, but in the case of WordPress, it cannot be more true. Your website takes a lot of time, money and energy to build. But one simple attack by a malicious hacker can bring it down in an instant.
That’s why, in order to make sure anything like that doesn’t happen, here are a few tips you can use to make your WordPress website extra secure.
Tip # 1: Enable two-factor authentication.
If you’ve shared the password to your WordPress backend with multiple people, you should enable two-factor authentication for each one of them (including yourself).
Two-factor authentication ensures that even if your WordPress login details get leaked by someone, no hacker is able to enter your dashboard without you knowing an attempt was made.
Tip # 2: Invest in a firewall solution and SSL certificate.
A firewall will block any suspicious network traffic from getting inside your WordPress website. And even if some kind of harmful traffic gets into your site, an SSL certificate will encrypt sensitive information within your website, so no one can access it. And in this way, your website will be protected from both ends.
To get an SSL certificate and firewall for your website, you’ll need to subscribe to one of the more premium plans within your WordPress security plugins. And if you don’t want to, you can purchase an SSL certificate from your hosting provider separately.
Tip # 3: Choose your hosting provider carefully.
Make sure you host your website with a good hosting provider. That’s because they are responsible of keeping your website safe on their servers.
But the sad truth is many hosting providers fail to provide the high level of security need to keep your site safe. According to WPWhiteSecurity, 41% of websites were hacked due to a security vulnerability on the platform where the site was hosted.
That’s why you should do your research and choose a hosting provider that has a good reputation of being secure, and who goes the extra mile to protect your website on their servers.
Once you’ve taken these precautions, and followed the tips and strategies outlined in this article, you can be sure the chances of your website being hacked will get reduced dramatically. And even if it does get hacked, you can finally have a peace of mind that no matter how strong an attack your website faces, you’ll always be able to restore it back to its former glory.
Was your website ever hacked? What did you do? Tell us in comments.