First of all, you need to calm down. Almost 30,000 websites get hacked everyday, chances of attack on your wordpress being a targeted one are fairly less. Most of the times the ‘so-called-hackers’ test newly released vulnerabilities in wordpress core or plugins. Once tested, they do not harm the website. Here’s a step by step guide to assist you if you wordpress website was hacked.

Note: You think you have been victim of a hack and want immediate professional assistance? Contact us now!

A few signs that mean that your site was really hacked:
  • Deface Page: Home page being replaced by an ugly looking page
    What to do if my wordpress website was hacked: Deface Page

    source:pinoyhacknews

     

  • Malware Warning: If you hosting provider says that your website has malware and you need to clean it to start using their services again. Sometimes even google flags a website if it detects malware showing the follow warning page:  What to do when wordpress website was hacked
  • Additional User Accounts Added: If you see user accounts being added and don’t remember adding them, this might be due to a vulnerability being exploited by hackers

Apart from the above mentioned other things like javascript in comments/posts, additional of files in wp-contents, adding/deletion of stuff in .htaccess file etc. can also mean that your site was hacked. But whats happened has happened, here are the:

 Immediate steps you need to take to restore your WordPress:
  1. An Under Maintenance Page: You do not want your visitors to  see a deface page. Put an under maintenance message on your index page. You can find one here.
  2. Take Backup: In the process of cleaning up, you might have to remove/edit your wordpress files. So, download your complete wordpress instance on your local machine.
  3. Run Anti-Malware: Most of the hosting providers give malware scanners bundled with their hosting packages. Perform a malware scan and scan your entire server space.
  4. Try to Find Vulnerability Exploited: Usually the vulnerability exploited by hackers is a known one. Try to google the following:  “wp-version exploit”, “plugin-name exploit” , “wp-version vulnerability”. Replace wp-version with your current wordpress names and plugin-name with each plugin you are using.
  5. Check for Backdoors: Hackers often leave a backdoor to access your website whenever they want. Look for unidentified uploads in wp-content/uploads folder. If you find any suspicious file, delete it immediately. Also, check is any additional users have been added.
  6. Harden the WordPress:  We often tend to leave directories like wp/includes, wp-content and wp-admin open for the world. Hackers often leverage the information they get from these files. So hardening the wordpress becomes really important. Here’s an article on securing wordpress in 10-minutes.

Still nothing works? Contact us and we will assist you. Additionally its important to have a Web Application Firewall in place to protect against hackers in real time. Our product ASTRA gives your website rock-solid security against hackers. Sign-up for it here.