Oh Plums… You Have Been Hacked!
Things have been going swimmingly (read: very well) for your Wordpress site, not only have you managed to update with some fantastic reads lately. The site readership is going up, your social-media presence is growing at a steady clip and all feels right with the world. You feel almost, should we say, “Proud”. You give yourself a pat on the back and arrange a long overdue night out with your friends, heading out to grab some drinks and devour some Tapas.
It’s a lovely evening, the wine is flowing, the conversation is joyful and pleasant. Your pocket vibrates, a faint humming as your phone rattles in your pocket. You retrieve it and unlock the device. A notification that your Wordpress traffic is increasing further, you smile to yourself and place it on the table. A couple of minutes later it vibrates again, shaking across the table. You pick it up after a few minutes expecting to see another notification of the same ilk, nope.
You are greeted by the words ‘I think you’ve been hacked, you may want to sort that out pal’, an email from one of your site users notifies you that something is seriously amiss with your Wordpress. Sweat beads on your brow, a sudden rush of blood to the head (No, not a decent Coldplay album before they turned all modern-age U2 on us), “Shit, hackers… how?” you think as you excuse yourself from the table and you make your way outside into the increasingly cooler Autumn evening. You have never been hacked before and right now you are unsure of what you need to do, but what you want to do right now is scream, or roar, or even punch something hard. That won’t solve things however, not one bit.
So What Do You Do?
- Stay calm, panicking in this situation will not solve it and you need to maintain clarity right now.
- Begin assessing how you can find out what this Wordpress hacking issue is and how to fix it. Once you have a clear idea of how to approach this hacking incident you can clearly find a means to resolving the issues with your Wordpress and move forward. Take the following steps:
- Perform a local machine scan, by narrowing down the possible threats present on your system you have now begun the reparatory process. Run ‘anti-virus’, and a malware scan on your machine to check for local threats. Malwarebytes is a highly recommended piece of software that scans your computer for Malware.
- Log into your hosting account and contact your Wordpress site hosts, if you have been hacked you should send a support ticket requesting help on how to track and trace the hacking issue and what has caused it.
- Limit the access. Change your passwords, change these for everyone who has access to your Wordpress site. If only you have access to your site, I recommend changing your passwords on a frequent basis, I do this on a monthly basis even when I am not subject to attempts to brute-force access to my Wordpress. Many hacked sites are usually easily accessed in ‘brute-force’ password attempts by hackers who continuously attack a website in an attempt to guess the admin access password.
- Restore your website from a backup, if your Wordpress site is hacked and thusly compromised to such a negative level, it is often best if you ‘roll-back’ your site to an earlier version. You can install a plethora of plugins that will back up your website for free on a daily or weekly basis. BackUpWordPress or Duplicator fulfil these functions for you.
- Reduce opportunities for hackers or script-kiddies to gain access to your Wordpress, by configuring your wp-config file you can increase the security on your Wordpress site. An excellent tutorial on this can be found here.
- Enlist the help of a premium exploit and security scanner to protect you further from hacking issues going forward. Download the free exploit scanner from www.fixhacked.com and activate this to run in the background of your Wordpress site for increased peace-of-mind.