Getting your WordPress site hacked may be one of the worst things that can happen especially if your website is a business that cannot just pause its services. Installing security plugins and doing the best practices on trying to make your site unhackable won’t stop hackers from doing their thing. What should you do when your website has already been hacked?
1. Restore backup
When hackers attack your WordPress site, their purpose is to manipulate, if not destroy, your files. This could be the death of your online business especially if you use your site to transact with online customers and engage with your audience.
Therefore, to minimize the problems caused by online attacks, you should always prepare a backup copy of your site that you can easily upload onto your hosting if the damage is irreparable. You can use the UpDraftPlus plugin to manually create a copy of your site that you can save to the cloud or your hard drive. For the paid version of this plugin, you can set it to create copies of your site on a regular basis automatically, so you don’t have to do it by yourself all the time.
2. Use Sucuri
Use Sucuri to recover your site to its state before getting hacked. It has ‘Post-Hack Security Actions’ which walks you through the three steps you need to do after your site has been compromised.
Keep Sucuri installed to protect your site all year-long. Aside from fixing your compromised website for you, it also has a lot of security actions that will help you block off hacking attempts and continue to monitor and scan your website proactively.
Even if your site gets hacked without Sucuri installed, you can still reach out to them to get your site fixed. It may cost a bit more than getting protection before the hack, but such is the price that you have to pay.
3. Use WordPress Hosting
Once hacked, you also need to identify if it’s one of the reasons of your website being compromised. Although most web hosts can support WordPress, getting a host that’s specifically tailored to cater WordPress can be an advantage. Automatic updates, built-in mechanisms, and dedicated support are just some of the services these top managed WordPress hosting boast.
4. Change Login Details
If someone has hacked into your site by stealing your password, they can still access your website if you don’t change your login details immediately. Avoid the most used passwords like “123456” or “qwerty” and update your WordPress site, cPanel, FTP and all the other accounts you’ve used this password on straight away.
While you’re at it, remember that you must change the default “admin” username too. It just makes hackers one step closer to hacking your site if you don’t.
5. Scan Your Computer
In some cases, hacks on websites start on your computer. This means that whatever’s on your computer could be stolen, not just your WordPress website but also some of the sites you frequent. Scan your computer immediately using malware and virus scanners and make your computer up to date.
6. Hire A Professional
Although DIYs have been a common practice to most website owners, if you’re not comfortable dealing with codes, hiring a professional to take care of your hacked website would be the safest option. Some of them may charge more than what you expect, but if your site is your primary source of income and you cannot afford to mess it all up by doing it yourself, it’s best to leave it to professionals to take care of.
Some hackers use brute force attack where they try all the possible login detail combinations until one finally work. Limiting login attempts would prevent hackers from obtaining access to your website. Many plugins on WordPress specifically try and protect your site by adding an extra layer of protection by limiting how many times a user can log in. Also, once you’ve properly cleaned your WordPress site, always prepare yourself for another possibility of an imminent attack.