What to do after your WordPress site has been hacked

ByKarl

The internet is, sadly, full of bad actors who are constantly looking for ways to cause mischief (and damage!) to your business.

So your WordPress site has been hacked. This is stressful, but you can come back stronger from this annoying side quest that has interrupted your day.

Follow these steps to regain control of your website and minimise the damage.

1. Stay Calm and Assess the damage

  • Don’t Panic: After you’ve muttered (or shouted!) the required number of obscenities directed at those who did the damage, it’s time to stay calm and methodically address the issue.
  • Identify Symptoms: Look for signs of compromise such as defaced pages, unexpected redirects, or unusual server activity.

2. Take Your Site Offline

  • Maintenance Mode: Use a maintenance mode plugin to temporarily take your site offline. This prevents further damage and protects your visitors.
  • Backup Your Site: Before making any changes, create a full backup of your site, including the database and all files.

3. Change All Passwords

  • Admin Password: Change your WordPress admin password immediately.
  • Database Password: Update your database password and update the wp-config.php file accordingly.
  • FTP and Hosting Account: Change passwords for FTP, cPanel, and any other hosting-related accounts
  • If you use your WordPress account password elsewhere (you shouldn’t, but life is messy sometimes and things happen), you’ll want to change that password in the other places too.

5. Check User Accounts

  • Review Users: Check for any unauthorised user accounts in your WordPress admin panel.
  • Remove Suspicious Accounts: Delete any accounts that you do not recognize or that seem suspicious.

6. Restore from Backup

  • Clean Backup: If you have a recent clean backup, restore your site from it. Ensure the backup is free from malware before restoring.
  • Manual Cleanup: If a clean backup is not available, you may need to manually clean your site by removing malicious code and files.

7. Update Everything

  • WordPress Core: Ensure your WordPress core is updated to the latest version.
  • Themes and Plugins: Update all themes and plugins to their latest versions. Remove any unused or outdated plugins and themes.

8. Secure Your Site

  • File Permissions: Check and correct file permissions. Typically, directories should be set to 755 and files to 644.
  • Two-Factor Authentication: Enable two-factor authentication (2FA) for all admin accounts. You’ll need to use a plugin like WordFence to set this up.

9. Monitor Your Site

  • Activity Logs: Use plugins that log user activity to monitor for any suspicious behavior.

10. Tell Your Hosting Provider

  • Contact Support: Tell your hosting provider about the hack. They might offer to setup a whole new Virtual Machine or user account to avoid malware remaining hidden in your website.

11. Consider Professional Help

  • If you find the process overwhelming or need expert assistance, we can help!
    We specialise in handling such incidents and can help you restore and secure your site efficiently.

Conclusion

Recovering from a WordPress hack requires quick and decisive action.

If you follow those steps, you’ll mitigate the damage, clean your site, and strengthen its security to prevent future attacks. Remember, maintaining regular backups and keeping your site updated are key practices to protect your WordPress site from potential threats.

If you need professional help, just let us know! SpringUp Software offers comprehensive web solutions and we can fix whatever the dickheads bad actors on the internet broke.