What to do if your WordPress website has been hacked
If you believe that your WordPress website may have fallen victim to hacking, it is important that you remain calm and act quickly. Here are the steps that you should follow…
Identify the hack
The first step that you must follow is to identify the hack. You can scan your site using a security plugin such as Wordfence or Sucuri Security, in order to check for malware or vulnerabilities. Additionally, it is important to check if there is any unexpected activity on your site, for example unknown logins or changes to files or server logs. Wordfence actually includes a malicious code scanner, which can inform you of potentially harmful files, as well as plugins that need updating.
Utilise maintenance mode and backups
It is recommended that you put your website into maintenance mode, ensuring that visitors are informed that you are addressing an issue, as well as preventing further damage from being done.
Before you make any changes to address the threat against your site, it is important to make sure that you have a backup of your website, just in case something goes wrong. You should create a full backup of your site, including all files and the database.
Change passwords and clean up
If your site has been breached, then you will need to change all of your passwords. These include the WordPress Admin, database, file transfer protocol (FTP), and hosting account passwords. When you update your database password, make sure to update the wp-config.php file as well.
The next step is to clean up the hack. You can do this by manually inspecting your website in order to identify any code that could be seen to be malicious. This could be in your plugins, themes or core files. Any files that appear suspicious should be removed or replaced.
You can then download a new copy of WordPress from wordpress.org, replacing your core files like the wp-admin and wp-includes folders, while making sure to preserve your wp-content folder and wp-config.php file. Additionally, you should make sure to check the wp-config.php and .htaccess files for any unfamiliar modifications or malicious code.
In the case of a severe attack, it may not be possible to clean up the site. If this is the case, you should restore your site from a backup that was taken prior to the attack occurring.
Update and monitor
You should make sure that you are running the latest version of WordPress, and also that all of your themes and plugins are fully updated to the latest version available. Any themes or plugins that you no longer use, or have become obsolete, should be removed. Also, ensure that your server is running a version of PHP that is supported.
To monitor your site going forward, you can use a security plugin to schedule in regular scans. You can also enable audit logs, which will allow you to view changes and user activity taking place on your site.
Make sure to inform your hosting provider, as they may be able to assist with clean up and the prevention of future attacks.
Seek professional help
If you are having issues with the cleanup after a hack or wish to boost your security in order to mitigate the risk of a hack before one occurs, then it might be worth getting in touch with WordPress experts, like the team at This is Fever.
At This is Fever, the team can help you recover from being hacked in a variety of ways. Initially, we can conduct a comprehensive website audit in order to highlight malicious code, compromised areas, and any vulnerabilities that your site might have. We can then provide you with a comprehensive report of the findings of the audit, and follow the recommended steps for cleaning up the hack. We can manually remove any malware, tidy up your database, and even check the integrity of your files by comparing them against original WordPress files, themes and plugins.
Other steps that we would complete would be reviewing the server and WordPress logs to trace the source of the hack, restoring the functionality of your website, and keeping you informed throughout the entirety of the cleanup process.
Taking this a step further, This is Fever can reduce the chances of your website being hacked by working to improve your WordPress website’s security. We can carry out penetration testing, a process where we utilise similar techniques to those used by hackers, in order to identify any weak points in your website’s security. Our website development services include the implementation of WordPress security best practices as standard. Additionally, our hosting and maintenance services will make sure that all the latest security updates are installed on your site, and our website audits will allow us to spot any vulnerabilities that your site might have, so that we can recommend improvements before they become security risks. If you want to find out some steps that you can make yourself to help prevent a data breach, then take a look at our article on that topic.
For a deeper look at WordPress, feel free to check out our Ultimate Guide to WordPress, or if you’d like to find out more about security, then maybe try our article on The Importance of WordPress Security, or get in touch with any questions that you might have.