So, you have created a wordpress site, paid a good amount of money for a designer to make the site look “pretty”. You have added lots of page content and spent hours writing blog posts and articles. All in all, you have put a lot of time and effort into the site and a hacker has decided to get in and destroy it. What do you do?
WordPress is a common hack entry since it is an open source platform and so many people use it. It is easy for hackers to find things in common to look for like wp_ database prefixes or “admin” usernames.
I am not a hacker so I do not know HOW to hack a website but hackers are out there and they show up in various ways.
How do hackers get in?
- Through a hosting server. (though the hosting company will never admit to that).
- Through Spyware and Malware – Hackers can infect your PC and steal your passwords.
- Through vulnerable WordPress databases, plugin files, and regular text/html files – this is usually the #1 cause and that is why it is extremely important to keep wordpress and plugins up to date.
Basically, if you have a computer connected to the outside world and someone wants to get in bad enough, they will find a way. Not too reassuring, I know, but at least it CAN be fixed if it does happen to you.
Evidence of a WordPress site that has been hacked:
- Warning Window when trying to enter your site. Google will often blacklist your site and they put up a warning that says “This site could be Malicious”.
- Website home page is completely modified with someone else’s “message”
- Website is being re-routed to another site (such as porn)
- Suspicious Content – You may notice content on your website that you did not put there.
- Stats Change – You may notice that that your site is showing up under keywords that have nothing to do with your site.
- SEO Change – You may notice that your search engine ranking drops significantly and rapidly.
What hackers leave behind:
Hackers often leave behind script code and links that have been embedded into pages and posts using non-visible code. This can be called a “php injection attack”. In other words, some evil person with too much time on their hands wrote a program to destroy your program files. Do not take this personally. Your website was not specifically targeted. This can happen to ANYONE.
But cleaning up these type of attacks can be a HUGE pain in the neck, especially if your database has been compromised and you do not have a backup. We had one site where we spent hours removing links from hundreds of wordpress posts. It cost the client hundreds of dollars. This can be prevented!
Solutions to being hacked:
- Clean up your data.
- Change your passwords.
- Upgrade your external programs (like WordPress, Joomla, plugins, photo galleries, etc) when upgrades are available.
- Notify your webhost and have them do a site restore from a backup done PRIOR to the hacking. Please note that there are times when the hosting company does their backup AFTER the hacking which replaces the previous clean backup. It is always best to have your own clean backup of both the site files and database saved on your computer.
- Run a Scan - http://sitecheck.sucuri.net/scanner/
- Remove corrupt files
- Clean out any bad scripting code
Hackers will never stop finding ways to attack, unfortunately, but we can do a lot of things to prevent our WordPress sites from being hacked. This is not fool proof but it is highly suggested.
Preventions from being hacked:
- Don’t use ADMIN as a user id.
- Always keep your upgrades current.
- Change passwords regularly (wordpress, hosting, and email passwords). Use password generators to create passwords and then use different ones everywhere.
- Change the wp_ database prefix to something else.
- Restrict access to your wp-admin folder and wp-config.php file using .htaccess
- Keep a backup of your site files and your WordPress database (sql file) on someplace OTHER than your website server. (If they can hack your website, they can hack your backups too.)
I hope that this post will help you better understand how hackers can get in, the evidences that a site has been hacked, what hackers leave behind, solutions to fix a site that has been hacked and preventions that you can take to protect your site from hackers.
If your WordPress site has indeed been hacked, we are here to help you get it fixed and get your site back up and running again and help protect you from future attacks.
Please Fill out the form below and someone will get back to you within 24 hours.