First of all, you need to calm down. Almost 30,000 websites get hacked everyday, chances of attack on your wordpress being a targeted one are fairly less. Most of the times the ‘so-called-hackers’ test newly released vulnerabilities in wordpress core or plugins. Once tested, they do not harm the website. Here’s a step by step guide to assist you if you wordpress website was hacked.
Related Guide – Fixing Hacked WordPress website
Note: You think you have been victim of a hack and want immediate professional assistance? Contact us now!
A few signs that mean that your site was really hacked:
- Deface Page: Home page being replaced by an ugly looking page
- Malware Warning: If you hosting provider says that your website has malware and you need to clean it to start using their services again. Sometimes even google flags a website if it detects malware showing the follow warning page:
- Additional User Accounts Added: If you see user accounts being added and don’t remember adding them, this might be due to a vulnerability being exploited by hackers
Related Symptom – WordPress Redirecting to Spam – Fixing
Apart from the above mentioned other things like javascript in comments/posts, additional of files in wp-contents, adding/deletion of stuff in .htaccess file etc. can also mean that your site was hacked. But whats happened has happened, here are the:
Immediate steps you need to take to restore your WordPress:
- An Under Maintenance Page: You do not want your visitors to see a deface page. Put an under maintenance message on your index page.
- Take Backup: In the process of cleaning up, you might have to remove/edit your wordpress files. So, download your complete wordpress instance on your local machine.
- Run Anti-Malware: Most of the hosting providers give malware scanners bundled with their hosting packages. Perform a malware scan and scan your entire server space.
- Try to Find Vulnerability Exploited: Usually the vulnerability exploited by hackers is a known one. Try to google the following: “wp-version exploit”, “plugin-name exploit” , “wp-version vulnerability”. Replace wp-version with your current wordpress names and plugin-name with each plugin you are using.
- Check for Backdoors: Hackers often leave a backdoor to access your website whenever they want. Look for unidentified uploads in wp-content/uploads folder. If you find any suspicious file, delete it immediately. Also, check is any additional users have been added.
- Harden the WordPress: We often tend to leave directories like wp/includes, wp-content and wp-admin open for the world. Hackers often leverage the information they get from these files. So hardening the wordpress becomes really important. Here’s an article on securing wordpress website.
Our security suite regularly checks your site health & send you login notifications. We send email notification from getastra.email
Still nothing works? Contact us and we will assist you. Additionally its important to have a Web Application Firewall in place to protect against hackers in real time. Our product ASTRA gives your website rock-solid security against hackers. Sign-up for it here.