I’ll never forget that utter feeling of despair right in the pit of my stomach when I looked at my website only to discover it had been hacked. In it’s place stood a holding page playing scary pirate music, skull and crossbones and a message saying I’d been hacked by and the wally had left his twitter handle.
At the time I was using cheap overseas hosting *slaps ones own wrist* and it took hours to get through to someone on chat able to help me. I felt so useless. I had no idea how to fix the situation and I felt violated. The hosting company managed to restore an old version but I was really cross. So cross. For no reason other than to cause me distress someone ruined all my hard work. In the end I actually tweeted the hacker and gave him a piece of my mind. I couldn’t believe it when he DM’d me and apologised. He ran through how he got in and helped me to restore my site! Within a few hours normality was resumed. I know right, even now I’m totally boggled by his actions. However it did mean I changed hosts pretty sharpish! I got my new host to check for any irregular and random code, to delete any unused or not needed data that was clogging up my cpanel. I had literally 100’s of emails and plugins I’d deleted hanging around. It’s worth having a chat with your hosting or tech guys as to whether you are clinging on to unneeded data.
This post looks at advice for self hosted wordpress.org as this is where I have experience.
What to do when you get hacked?
- Contact your hosting provider. They will be able to direct you in the next steps depending on what you pay for. Your hosting provider will usually be able to reinstall your site to pre-hack.
- Put your site in maintenance mode or shut it down so as not to affect your users or your reputation.
- Change your password. This should go without saying and to be honest you should be changing passwords on a regular basis. Also consider downloading a plugin like Wordfence which provides strategies to increase the security of your password/login.
- Back up. It really doesn’t matter how you do it just ensure you do it periodically. Once a week my site backs up to Dropbox via a plugin, there are a few out there including VaultPress, BackUpBuddy ask around what other people use.
- Check your site users list. Sometimes hackers will add themselves as new users! Cheeky!
- If you have loaded Wordfence do a quick scan and double check that there is no malicious coding that might have been missed hanging around.
- Always updating plugins and ensuring you have the latest version of wordpress running will help stop those pesky hackers finding your weak spot.
- In the same breath any plugins that you are no longer using don’t just deactivate them but rather permanently delete from the site. They aren’t doing anything but slowing the site down and taking up valuable storage.
- Be more vigilant. HP are currently running a campaign about how easy a hacker can get into your business via unsecured printers. Those advances in technology that make our business easier also pose the biggest threats. I didn’t even know your printer could be hacked and I’m guessing I’m not the only one.
Have you ever been hacked? I’d love to hear your experiences and top tips so as per usual do leave a comment below.
This post complies with my Disclosure Policy.
Really helpful tips, thank you
Author
Welcome
Some great advice. A lot of people don’t think they will ever be hacked so don’t secure their online profiles and sites very well.
While I hope that this never happens to me, it is good information and advice to know ahead of time if hacking occurs. Thank you for the advice!
I hope it never happens but these are good tips if it does! Thanks!
This is my worst nightmare and I actually thought I had been hacked a couple of weeks ago but thankfully it was just that my SSL certificate hadnt renewed. Keeping this post handy in case the worst happens
Author
Most important is to make sure you back up your site on a weekly basis. I use the dropbox plugin but there are others.