Thousands of WordPress sites are hacked every single day. These hacks can range from harmless annoying tracking pixel implementations to full blown attacks and takeovers of a website. The majority of the time, a hacker just wants to use your website to implement some sneaky hidden links to their own websites. It’s called Blackhat SEO.
The problem with a hacked site is that people using Google Chrome will be warned not to continue to your site if it Google detects that it’s been hacked. Your website could also be de-indexed altogether and this takes a lot of time to reverse.
How Do I Know If I’ve Been Hacked?
A lot of people don’t know they’ve been hacked until their hosting provider sends them a warning or they see a warning from Google when they try to visit their website. When you visit your site, do you notice any new spaces or weird pixels showing up on the site? If you’re noticing slow or sluggish behavior, it might be time to do some checking. More commonly, you’ll notice random folders showing up in the directory of your website.
How to Combat a Hacked Site
Most of the time, these are relatively easy and simple to clean.
Step 1) First thing is first, check your computer. Do an anti-virus and anti-malware scan just to make sure your local environment is safe. Malwarebytes is one of the best free options for detecting intrusions on your computer. It can be downloaded from: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
Step 2) Change your passwords. Change both the password to your administrative access (cPanel/FTP) and WordPress. Your WordPress password can easily be changed from the WordPress dashboard but you need to make sure your computer is 100% clean first.
Step 3) Once your passwords have been changed, update your theme if needed and make sure all of your plugins are up to date. Developers have a dislike for plugins because attackers can use out of date plugins to find security vulnerabilities and gain access to someone’s WordPress without the administrative credentials.
Step 4) Scan your site. This is done with a plugin called “Anti-Malware Security and Brute-Force Firewall”. It’s free and will scan the entire root of your website.
It’s a very straightforward plugin with an easy to use interface. You might need to download definition updates first before it will let you run a complete scan of your website. This can take up to an hour or longer if you have a lot of files on your website.
Ideally, Anti-Malware will clean out small hacked websites pretty well. It’s uncommon but some cases of hacked sites require more in-depth attention and professional cleaning services that involve going into the database and decryption.
WARNING: Once Anti-Malware has completed a scan, do not delete anything!
First, you need to download a plugin called BackUpWordPress. Once you’ve installed and activated the plugin, go to Tools>Backups.
Next, you’ll want to click on Settings and you’ll see this screen:
I prefer to set up an automated process of backing up once a week. Make sure the option ‘Both Database & Files’ is selected. For the ‘Number of backups to store on this server’, you can use at your own discretion here but I usually only keep a couple. If you have a large site, it will quickly hog space.
After you’ve setup an automated process, simply click ‘Run Now’ and then download your backup. Now, you’re finally safe to remove any results that Anti-Malware found safely. After you’ve been cleaned, you might also want to look into a plugin like Sucuri or Wordfence to monitor the site and actively ward off attackers.
If you find the article helpfull or you have any comments/ suggestion let us know below.
Looking for a secure wordpress hosting? Follow this link and get one cheap wordpress hosting in malaysia.