If you run a WordPress site, chances are, there are people, bots, assholes– out there trying to hack your site. The first step is preventative, but even the most diligent user might be hacked. This is the down and dirty basics on what to do when your site gets hacked. This isn’t geared for advanced users, this is geared for the average user.
You might be telling yourself it won’t happen to you. But, it might. All some hackers want is credibility or the fact that your site is considered clean. They don’t care about your follower count…all they care about is that you’re easy prey.
Sites get hacked for the following reasons:
- Bragging Rights – All they want to do is say they did it.
- Spread Spam – Spam hacks are common. They want to either promote another site or redirect to that site.
- Steal Data – they are looking for confidential data
- Redirects – They want to redirect to malicious sites, phishing sites, or sites that install malware on your computer
- Ransomware – They new trend is to take over your site and then you’ll get it back if you pay them money.
- Use of Credibility – If a site is flagged as spam, they can use your credibility to funnel users to their site, or use your site to attack other sites.
You should have backed up your site before this, but if you haven’t now is the time. Updraft, WP DB Backup and other backup plugins are always good to use. Backup now. Here are the top backup plugins:
- UpdraftPlus WordPress Backup Plugin
- WP DB Backup
- WordPress Backup to Dropbox
Also backup yourself by going to Tools > Export and backup your entire site. You can also backup your database in your hosting provider.
Take a deep breath and identify what is going on. Can you login using your admin panel? Is your site throwing up weird symbols? Is your site getting redirected? Did you find weird links in your site? Has Google marked you as a possible malicious site? Once you’ve identified the problem, this is when you would call your hosting provider and talk about what is going on. They can easily fix things for you and identify the problems or the code.
Change Your Passwords
Change all your passwords and prompt other users to change their passwords, I recommend doing it for them in the users panel and sending it to them.
Scan your site. Use a plugin like Sucuri Website Malware Scanner. There are also sites that you can use without installing anything:
- Norton Safe Web
- Malware Removal
- Sucuri Site Check
- Scan My Server (this is not instant and requires site verification – a report is emailed to you)
Now that you’ve completely identified what is going on, call your hosting provider. The hack might have happened on their end, or from another site on their shared server. They’ll be able to guide you if they take responsibility. GoDaddy helped me identify the code to remove it, sites like HostGator are also great in walking you through the process.
Don’t panic, this is extra stuff. Start deleting. Start deleting plugins you do not use. Old backups. If you are feeling dangerous, check your file manager and look for non-core wordpress files that are there. A lot of times hacks will add weird .php files, plugins will add extra .php files – but if you see “extra” .php delete them. If your host told you where to find the code, look in that file and delete the code. If you are scared of doing this backup first, all you have to do is copy and paste all the code into a Word doc. Delete the code and test it. If you made an error copy the text back in.
My hacked code was in the .htaccess file, I opened it, deleted the code and fixed the issue.
I also suggest looking into core wordpress files. Delete a new version of WordPress on your computer and just check the folder and then check through your file manager. If you see “extra files” in your core WP files, delete them.
TIP: You can also replace “old” WP files with new files. You can overwrite everything but core files like the wp-config.php, even going so far as doing a fresh install of wordpress without erasing your content. Reinstal through your dashboard or via your host.
Restore a backup
As a blogger you might update your site daily, this might not work for you. You might lose days of content. But, if things have gotten dire, restore a past backup.
Check Your Users
When hackers get into your site they might create a new user. They’ll give these users admin rights. If you see a user on there with permissions that are anything higher than Subscriber, and you don’t recognize them. Delete that user. If you are second-guessing yourself, you can always add a new user later.
Change Your SALTs
SALTs are secret keys. They help encrypt all the important stuff on your website. If they got in, the cookies they generate would allow them to sign-in. To do this manually you need to be able to access your wp-config.php file:
- Generate a new secret key and SALT generator from the WordPress API.
- Copy everything generated:
- Paste over your current SALTs in your wp-config.php file – look for the defines…
It’s good practice to change these randomly. You can also use plugins like iThemes to do this for you if you don’t feel comfortable with changing them.
Call For Help
If you have identified that you’ve been hacked but you don’t see suspicious files or code, or are worried to delete them, this might be the time to call in professional help.
“30,000 sites are identified as ‘hacked’ or passing on malicious code, daily.”
Quick steps: What to do when your website is hacked.
Have you been hacked before? What did you do?
Want more book recommendations & tutorials?
Subscribe to our Awesome Newsletter.
The Parajunkee.com Blog Subscription
The hardest part of Indie Authorship..or at least one of the hardest parts is the publishing process. Formatting, set-up, publishing can be such a headache – and my biggest issues have always been when trying to publish through programs like Smashwords. When I mentioned this to other authors, they either nodded in commiseration, or they quickly responded with: “Try Draft2Digital, I love it.” This led me to research and this is what I came up with. I hope it helps you make the decision. I am currently moving over to Draft2Digital.read more
Happy Valentine’s Day! Today is the day to show the love, and not just to your significant other. You can also show your readers some love. What better day to appreciate your readership, than Valentine’s Day? Spread the love and let them know you appreciate them…here are my suggestions for a bit of blog reader love.read more
This past week Parajunkee.com was a hot mess. Slow load time, weird quirky issues with plugins and then finally the site went down and became nothing but symbols in the middle of the night. The site was hacked, even though I had the Bulletproof Security plugin installed, even though I pay for extra protection from my host, even though I have scanner plugins working daily. The site was STILL hacked.read more