First of all, you need to calm down. Almost 30,000 websites get hacked everyday, chances of attack on your wordpress being a targeted one are fairly less. Most of the times the ‘so-called-hackers’ test newly released vulnerabilities in wordpress core or plugins. Once tested, they do not harm the website. Here’s a step by step guide to assist you if you wordpress website was hacked.
Note: You think you have been victim of a hack and want immediate professional assistance? Contact us now!
A few signs that mean that your site was really hacked:
- Deface Page: Home page being replaced by an ugly looking page
- Malware Warning: If you hosting provider says that your website has malware and you need to clean it to start using their services again. Sometimes even google flags a website if it detects malware showing the follow warning page:
- Additional User Accounts Added: If you see user accounts being added and don’t remember adding them, this might be due to a vulnerability being exploited by hackers
Immediate steps you need to take to restore your WordPress:
- An Under Maintenance Page: You do not want your visitors to see a deface page. Put an under maintenance message on your index page. You can find one here.
- Take Backup: In the process of cleaning up, you might have to remove/edit your wordpress files. So, download your complete wordpress instance on your local machine.
- Run Anti-Malware: Most of the hosting providers give malware scanners bundled with their hosting packages. Perform a malware scan and scan your entire server space.
- Try to Find Vulnerability Exploited: Usually the vulnerability exploited by hackers is a known one. Try to google the following: “wp-version exploit”, “plugin-name exploit” , “wp-version vulnerability”. Replace wp-version with your current wordpress names and plugin-name with each plugin you are using.
- Check for Backdoors: Hackers often leave a backdoor to access your website whenever they want. Look for unidentified uploads in wp-content/uploads folder. If you find any suspicious file, delete it immediately. Also, check is any additional users have been added.
- Harden the WordPress: We often tend to leave directories like wp/includes, wp-content and wp-admin open for the world. Hackers often leverage the information they get from these files. So hardening the wordpress becomes really important. Here’s an article on securing wordpress in 10-minutes.
Still nothing works? Contact us and we will assist you. Additionally its important to have a Web Application Firewall in place to protect against hackers in real time. Our product ASTRA gives your website rock-solid security against hackers. Sign-up for it here.