Scroll Top
Give us a Call: (301) 337-7744

Someone hacked my WordPress. What do I do?

Computer Virus Skull and Crossbones Warning
0
By Sarah Savage Security September 9, 2024

Your worst nightmare strikes: you or a customer just discovered that someone hacked your WordPress website. Now what do you do?

WordPress powers a significant portion of the internet. And 90% of site hacks that involve a CMS (content management system) are WordPress hacks.

Now that you have discovered the hack, what do you do about it?

Step 1: Don’t Panic

You’ve been hacked. You’re probably worried, scared, and annoyed, all at the same time. Experiencing a hack is frustrating, annoying and inconvenient. And the fear you feel – incredibly real.

Take a breath. You’re not the first person to experience a WordPress hack, and you probably won’t be the last. So Step 1 is to not panic.

Your website is not alone in this. In 2023 alone, nearly 6,000 vulnerabilities were added to WordPress vulnerability databases. This is an incredibly large amount of WordPress security issues to defend against.

You’re not the first site to ever get hacked. And you definitely won’t be the last.

But panic can be dangerous when you’re facing a hacked website. It can lead you to make poor decisions and mistakes in managing the intrusion. Taking a step back and avoiding panic will help you make the right choices in mitigating the attack.

Step 2: Identify Your Options

The number of options you have will depend upon how thoroughly prepared you are for an intrusion or hack of your website.

Let’s consider the options you may have but don’t recognize yet:

  • Do you regularly back up your website? Backups are crucial to defending against a WordPress hack.
  • Do your backups include database snapshots or backups from different dates?
  • Do you have the original theme files, or the latest version? Do they exist in version control?
  • Are there any custom plugins on your site? If there are, do you have the original source code?
  • Do you have all the passwords and access codes to your hosting environment? Do you have the ability to change them?

If you can answer “yes’ to many if not most of these questions, that’s great! You’re in an excellent position to resolve the attack on your website. If you answered “no”, the task is much more difficult, but still possible.

Make a list of your options so you can talk to your developer or WordPress host about it. You’ll need their help in resolving the attack.

Step 3: Plan Your Response

Hackers have many reasons for gaining access to WordPress sites. Sometimes they want to send spam. Sometimes they want to deface your website. Sometimes they insert malicious code to do things like mine for Bitcoin or take over the underlying infrastructure.

Whatever their reasons, they don’t matter to you at this point. What matters is that you plan a comprehensive response that addresses all the options available to you.

If your WordPress installation has been compromised, you should assume the attackers have access to every aspect of your site, server, and resources. You should plan on making your site secure by addressing every aspect of your infrastructure.

Based on the options available to you, your response plan might include the following:

  • Migrating to a new server or hosting environment.
  • Installing WordPress fresh from the source code. Updating WordPress to its newest version should be a part of this process.
  • Reinstalling each plugin you use from source (and upgrading them to their latest versions)
  • Reinstalling your theme from a known, good source (i.e. one that has not been compromised)
  • Scanning your database for malicious entries or links to third parties.
  • Engaging the services of a managed WordPress host (or other hosting solution) that includes a website firewall or other security measures.
  • Changing all user credentials. This includes passwords on your WordPress site, as well as database user passwords, server passwords, and any keys you use.

Of course, this list is an ideal scenario where you have a comprehensive set of options. If your options are more limited, you may be able to do some but not all these things. That’s okay!

You’ll want to work with your host and/or development team on resolving the attack. Leverage their skills and abilities. Present them with this list as a starting point, and insist that they do as much as they can to fix the issue.

Step 4: Correct The Hack

Now that you have determined your options and established a plan, it’s time to counter the attack.

  • Set up a new server with enhanced security measures.
  • Install a new version of WordPress core (do not rely on a backup, as it may be compromised).
  • Install all plugins that you use from known good sources (e.g. wordpress.org).
  • Reset the passwords for every user account on your WordPress website. Use strong passwords to prevent brute force attacks.
  • Install your theme from a known good backup option.
  • Reset your database and server passwords to new, secure passwords.
  • Scan your /wp-content directory for any content that you don’t expect or did not install.
  • Ensure that your plugins and themes are the latest versions.
  • Ensure PHP and underlying dependencies are updated to supported versions.

Work closely with your support team and website hosting provider to ensure these issues are addressed. Once you have restored your site to a state where it’s no longer hacked, you can point your DNS at the new instance.

But it’s not time to rest yet.

Step 5: Protect Your Website

Your website will be vulnerable again. If you run a website on WordPress, bots, script kiddies and hackers will always try to find a way in. This requires a multi-layer approach to site security.

Luckily, you have options for ensuring your website is secure.

You can take these steps to help secure your website from future hacks and intrusions:

  • Install a security plugin, like WordFence (WPConcierge requires clients to use WordFence as part of our security posture).
  • Ensure that crucial piece of your website (like your /wp-admin directory) are not visible to the public. You can consider obfuscating the URL or blocking it entirely except from known IP addresses.
  • Install a Web Application Firewall (WAF) to defend against bots, script kiddies, and known intrusion types.
  • Consider a different type of web hosting. If you’re on a shared hosting plan, or managing your own VPS, migrating to a managed WordPress hosting plan might help. You’ll also have a support team that can provide expertise.
  • Take regular backups of your website and store them for longer. Keeping your backup for 30-60 days will ensure that you have a copy that was not hacked to fall back on.
  • Develop an incident response plan, intended to protect you if your WordPress site gets hacked again. Having a plan will prevent panic and ensure everybody knows their job when disaster strikes.
  • Stay up-to-date. Update WordPress plugins and themes, as well as WordPress core. Develop and conduct a regular update schedule.

Next Steps

They say an ounce of prevention is worth a pound of cure. That’s certainly truefor preventing attacks on your website. Now that you’ve resolved the hack, what can you do next?

What you do next will depend on how easy or difficult it was to resolve the attack you just experienced. If your host was on top of things and focused on helping solve the issue, that’s great. But if you ran into issues with your host or had to dig deep into technical topics, those are red flags.

Look carefully at your hosting provider

What kind of hosting provider are you using? Are you using shared hosting, which means having your website hosted alongside many others? Are you on a dedicated server? Are you on fully managed WordPress?

If your website matters to your business, it’s important to have either a dedicated server or a managed solution like WPConcierge. Shared hosting isn’t appropriate for business websites, or anyone with sensitive data.

If you’re technical, you can probably get away with a VPS. But if you struggle with technology, consider a managed hosting provider, like WPConcierge.

Like most managed hosting providers, WPConceirge provides a multi-layer security approach. We take care of the technical aspects of your website, including updates and maintenance. This lets you focus on your business, rather than on your website.

Unlike most managed hosting providers, WPConcierge offers customers things like content updates and website maintenance. We take care of these things so you don’t have to spend hours in your admin panel, trying to format that one blog post “just so.”

Think about your backup and restore strategy

Lots of WordPress hosts claim to back up your website. But does yours provide free restore services if something goes wrong?

WordPress backups can vary between providers. They can be as simple as backing up your /wp-content directory, or as complex as dumping your database and copying your entire code tree.

As with security, a multi-layered approach to backups is a good idea. WPConcierge offers our clients daily backups of their database and /wp-content directory. We keep those backups for a minimum of thirty days.

We also provide free restore services to our clients. And since we manage the WordPress core, we are always on the latest version of WordPress for our clients. That ensures we protect you against the latest attacks. Our goal is for your backup to never be necessary.

Consider whether you have the support you need

Having a website is a non-negotiable in business. Without a website, your customers can’t find you. Your website needs to be unique, but clear; fast, but comprehensive; up-to-date but timeless.

Those are big asks of a small business owner. You’re busy running your business, and your website is just one more thing to deal with.

Do you have the support you need for your website? You just dealt with a hack – how easy or hard was that? Did your hosting provider or website developer jump on the issue and solve it immediately? Or did you have to file a bunch of support tickets and fight to get the service you deserved?

Most website hosts and even managed WordPress providers don’t know who you and your business are. They don’t provide services like content updates. And they don’t personally respond to emergencies.

WPConcierge is different – we care deeply about you and your business. We focus on customer service and knowing your name and business when you call or email. and when an emergency strikes, we jump right on it to make it as simple as possible for you.

Your business is important. You should never feel like a number or a statistic.

Website under attack? Reach out today for help.

If your website is currently under attack or covered in malware, WPConcierge is here to help. We’ll not only clean up your site, we’ll migrate it and get it set up for you on super-fast premium hosting – for free.

Stop getting the runaround from your hosting provider and reach out to us today.

Sarah Savage / About Author
Sarah is the founder and owner of WPConcierge. She is focused on helping small business owners manage and maintain their WordPress websites so they can focus on their business. She has twenty years of experience developing, deploying and maintaining software like WordPress.
More posts by Sarah Savage

Related Posts

Popular WordPress hosts may not be best for your small business

There are hundreds of WordPress hosting companies competing for your business. But its become a commodity – a race to the bottom. This is bad for your business.

0
03 Sep 2024
Five tips for excellent WordPress backups

The case for backups None of us know when disaster will strike. If we’re lucky, we’ll use a backup to…

0
10 Sep 2024

Leave a comment