Back to blog

wordpress-is-hacked-first-aid-when-your-website-is-attacked

The idea of website development in its essence mostly has nothing else but the sense of income increase. Among 1000 websites it would be hard to find the one, which was created without intention to earn money in this or that way. 

Certainly, the world web has enough informative sites, designated just to provide general information about the activity of the company or organization to a user. The sites of news-agencies, educational establishments or any state structures can serve as good examples of non-commercial internet units. This category makes less interest to hackers as a rule, whose potential victims turn out to be the sites of financial institutions or online commerce. 

Still, quite often this statement can reveal itself as a false supposition, because the tactics of the modern hackers may be so different, that after being disclosed on one scheme, they invent an absolutely another, which does not have any means of protection for the moment of its launch. Thus, the probability of being hacked concerns each possible site ever. We’d like to move the focus of our attention to the cases of WordPress breaches and give you some advice on the first aid if this misfortune has happened to you.

*NOTE: The main signs of a site’s breach

The main thing, which is to understand is the fact that all kinds of breaches in the majority of cases have their typical signs, which can hardly be hidden from the site’s owner. Here are they:

  • You detect a problem trying to log in the site (get the messages like “the username or password is invalid”);
  • You notice that any foreign or even abusive content on the home- or any other page has appeared;
  • The speed of the site’s performance has reduced considerably 一 so, that it becomes a torture to use it;
  • You notice any new users along with the previous ones in the “users” section;
  • You detect a failure by sending or receiving WordPress emails;
  • By entering the site the user is redirected to another one;
  • By entering the site you see a popup, warning you that your computer has been infected, quite often with a demand of ransom payment for provision of an entrance code;
  • You detect some warnings in search results.

Basic guide: what to do?

1. Don’t panic

don't-panic

The first thing you are to do in case you’ve noticed any suspicious activity on your site is to keep your shirt on. Don’t panic and try to estimate the extent of the problem.

In most cases, regardless of the field, people make other mistakes and only twist the knife if they act being in a pixelated condition.

2. Put the site into the mode of maintenance

put-the-site-into-the-mode-of-maintenance
The main reason for this step is as banal as the door. If the site does not look appropriately, it will compromise the reputation of your company and make the users decide to the benefit of your competitors. Certainly, in some cases, such a step is not possible if you can’t log in.

 3. Reset passwords

reset-your-passwords

This statement doesn’t concern the password to your WordPress dashboard, though the latter one is probably to be changed as well. But much more important is to reset the SFTP password, database password and the password of the hosting provider. Additionally to all this, it won’t be a fifth wheel to change the passwords of all the other admin users.

4. Clean your files and database

clean-your-files-and-database
Remove the malware from the folders kept on your hosting server. Most of the hostings have an option called Malware Removal Service. By the process of cleaning don’t forget to turn to the database as well, because the latter one does not make an exception for the hackers. Thus, the database will have less stale files and speed up the site’s response considerably. In order to understand whether your database has been breached or not, you need to use a security plugin or service. Both of them can scan the site and tell you whether any disorders are noticed or not there.

5. Update plugins and themes

update-plugins-and-themes

Quite often the out-of-date versions of plugins or themes may become a reason for the hack. In case such a misfortune has already visited your site, the necessity of themes’ and plugins’ updating is extremely high. Go to the dashboard/updates and update everything that’s out of date. It’s strictly recommended to do this before you start any fixes of other kind, because most of them may be impossible at this stage.

6. Remove suspicious users

remove-suspicious-users

If you notice any admin accounts that you don’t recognize, it’s worth to take care of their removal. Make sure that these new accounts have not appeared as a result of any other administrator’s changes. If the new accounts have not been created by any of your partners, go to the “Users” and click the administrator link above the list of users. Click the checkbox next to the suspicious user and then “Delete” in the dropdown list of the Bulk Actions.

7. Clean your site-map

clean-your-sitemap

If the target of the hackers was the sitemap.xml file, this can be recognized by a red flag indicator, appearing next to the site’s placement in search results. As a rule breaching of a sitemap has an intention to add any links to the pages of yours, which will drop the user to the other site. For the regeneration of an infected sitemap, BestWebSoft has a special plugin called Sitemap XML. By activating this plugin, you enable regeneration of your sitemap and sending your sitemap data to Google. This may take some time, so you need to be patient.

8. Reinstall WordPress

reinstall-wordpress

If none of all the above-written points brings your site to an appropriate state, the only most effective medicine for its illness can be reinstallation of WordPress itself. If the files in the WordPress core have been infected, it is necessary to replace them with a clean WordPress installation. For this, you need to upload a set of clean WordPress files to your site by means of SFTP placing them instead of the old ones. Make a backup of your wp-config.php and .htaccess files and then go to reinstallation. Keep in mind that you should not turn to the usage of auto-installer, because it will overwrite your database and this will lead to the loss of the content. To avoid this use SFTP to upload files only.

Conclusion

Being hacked is always an unpleasant surprise for the site’s owner. In some cases, this may have really detrimental consequences for his business, what is never preferable. So, it’s very important for the parent of the site to keep an eye on his child. Try not to leave your site without control lookups for more than 24 hours. The sooner you notice the problem, the less you will lose. Install strong passwords and all the necessary plugins of security as a measure of breach prevention.

If by the adherence of all the security measures you’ve nevertheless been hacked, don’t consider this to be the end of the world – the described above measures will help you for sure! We recommend you to add all of them to your armoury!



Popular Posts

Like This Article? Subscribe to Our Monthly Newsletter!

Comments are closed.