If you run a WordPress site, chances are, there are people, bots, assholes– out there trying to hack your site. The first step is preventative, but even the most diligent user might be hacked. This is the down and dirty basics on what to do when your site gets hacked. This isn’t geared for advanced users, this is geared for the average user.
You might be telling yourself it won’t happen to you. But, it might. All some hackers want is credibility or the fact that your site is considered clean. They don’t care about your follower count…all they care about is that you’re easy prey.
Sites get hacked for the following reasons:
- Bragging Rights – All they want to do is say they did it.
- Spread Spam – Spam hacks are common. They want to either promote another site or redirect to that site.
- Steal Data – they are looking for confidential data
- Redirects – They want to redirect to malicious sites, phishing sites, or sites that install malware on your computer
- Ransomware – They new trend is to take over your site and then you’ll get it back if you pay them money.
- Use of Credibility – If a site is flagged as spam, they can use your credibility to funnel users to their site, or use your site to attack other sites.
You should have backed up your site before this, but if you haven’t now is the time. Updraft, WP DB Backup and other backup plugins are always good to use. Backup now. Here are the top backup plugins:
- UpdraftPlus WordPress Backup Plugin
- WP DB Backup
- WordPress Backup to Dropbox
Also backup yourself by going to Tools > Export and backup your entire site. You can also backup your database in your hosting provider.
Take a deep breath and identify what is going on. Can you login using your admin panel? Is your site throwing up weird symbols? Is your site getting redirected? Did you find weird links in your site? Has Google marked you as a possible malicious site? Once you’ve identified the problem, this is when you would call your hosting provider and talk about what is going on. They can easily fix things for you and identify the problems or the code.
Change Your Passwords
Change all your passwords and prompt other users to change their passwords, I recommend doing it for them in the users panel and sending it to them.
Scan your site. Use a plugin like Sucuri Website Malware Scanner. There are also sites that you can use without installing anything:
- Norton Safe Web
- Malware Removal
- Sucuri Site Check
- Scan My Server (this is not instant and requires site verification – a report is emailed to you)
Now that you’ve completely identified what is going on, call your hosting provider. The hack might have happened on their end, or from another site on their shared server. They’ll be able to guide you if they take responsibility. GoDaddy helped me identify the code to remove it, sites like HostGator are also great in walking you through the process.
Don’t panic, this is extra stuff. Start deleting. Start deleting plugins you do not use. Old backups. If you are feeling dangerous, check your file manager and look for non-core wordpress files that are there. A lot of times hacks will add weird .php files, plugins will add extra .php files – but if you see “extra” .php delete them. If your host told you where to find the code, look in that file and delete the code. If you are scared of doing this backup first, all you have to do is copy and paste all the code into a Word doc. Delete the code and test it. If you made an error copy the text back in.
My hacked code was in the .htaccess file, I opened it, deleted the code and fixed the issue.
I also suggest looking into core wordpress files. Delete a new version of WordPress on your computer and just check the folder and then check through your file manager. If you see “extra files” in your core WP files, delete them.
TIP: You can also replace “old” WP files with new files. You can overwrite everything but core files like the wp-config.php, even going so far as doing a fresh install of wordpress without erasing your content. Reinstal through your dashboard or via your host.
Restore a backup
As a blogger you might update your site daily, this might not work for you. You might lose days of content. But, if things have gotten dire, restore a past backup.
Check Your Users
When hackers get into your site they might create a new user. They’ll give these users admin rights. If you see a user on there with permissions that are anything higher than Subscriber, and you don’t recognize them. Delete that user. If you are second-guessing yourself, you can always add a new user later.
Change Your SALTs
SALTs are secret keys. They help encrypt all the important stuff on your website. If they got in, the cookies they generate would allow them to sign-in. To do this manually you need to be able to access your wp-config.php file:
- Generate a new secret key and SALT generator from the WordPress API.
- Copy everything generated:
- Paste over your current SALTs in your wp-config.php file – look for the defines…
It’s good practice to change these randomly. You can also use plugins like iThemes to do this for you if you don’t feel comfortable with changing them.
Call For Help
If you have identified that you’ve been hacked but you don’t see suspicious files or code, or are worried to delete them, this might be the time to call in professional help.
“30,000 sites are identified as ‘hacked’ or passing on malicious code, daily.”
Quick steps: What to do when your website is hacked.
Have you been hacked before? What did you do?
Want more book recommendations, product reviews & tutorials?
Subscribe to our Awesome Newsletter.
The Parajunkee.com Blog Subscription
As a blogger, Indie Author, or in my case, both, tracking and analytics is imperative to continued success. If something works, you want to know that it works and then you want to know what you did, so you can repeat it. No one is going to knock on your door and say “Hey, what you did there. It rocked. Do it again.” But, if you see that people are clicking, things like links… a lightbulb can go off, and you’ll realize that your efforts are paying off. If you can’t tell what people are clicking, though…well you’ve lost before you even started.read more
The weekend that passed, was Booking in Biloxi, a large author even that is held every year in the city of Biloxi, Mississippi. The BiB signing was the first signing that I participated in as a new author. It took me almost a year to work myself up to do a signing – and – also to make it onto a list. So, after this recent event, I had successfully (loose interpretation of successful) completed one year of signings. This is what I’ve learned.read more
TUTORIAL TUESDAY Top Ten Ways to Optimize Your Facebook Usage Rachel Rivera, PJV Tutorials 07 March 2017 Make sure you have a dynamic cover photo and you incorporate your brand within your profile picture. If your brand is YOUR face, that works too. I see a lot of...read more