A hacked website is one of the most dreaded things for developers and website owners. Because WordPress is an open source system, its code base can easily be studied and loopholes can be found (although the WordPress community keeps on removing those threats with regular updates). This is the primary reason for hackers to make WordPress websites their target.
A hacked website can be a threat to its owner as well as the visitors. It is a very stressful situation because this can lead to lowering of search engine rankings, a threat of viruses, loss of integrity of the content, or worse of all, redirection to the bad websites containing porn, etc.
It is because of these reasons that website security is a serious topic among website owners. Also, a backup for your website should always be present. This can save the complete loss of data and content on the website.
The initial steps
The first step in dealing with this issue is finding out whether your website really got hacked. This is because people often don’t know the exact meaning of hacking and confuse something else with hacking. A spam message or a broken WordPress site is often considered as symptoms of a hacked website by people. To check if your website is actually hacked, you can read – How to check hacked Website?.
We then recommend you to make a backup now. Although you might already have a backup present for your website, this will help in the analysis later (if required). Many hosting providers will immediately delete your website once they find that it has been compromised. Also, if you don’t have a backup at all, you can save some part of it now (But that will be risky and should be done carefully).
Steps to clean your hacked website:
Try to identify the hack
This is important because this will narrow down the steps you will have to perform to counter the compromise. Evaluate and take a note of answers to some of these questions:
- Are you able to login to your WordPress Admin Panel?
- Is there an illegal link present on your website?
- Does your website redirect to another website?
- Has google marked your website as insecure?
Contact your Hosting Company
Most of the hosting companies are very supportive when it comes to these issues. They understand the risks better and since they have to deal with these issues on regular basis, they can help you in a much better way. Contacting your hosting company and following their instructions can be very helpful.
There is an additional reason to follow this step, especially if your website was hosted on a shared hosting. Many times, the entire server is compromised and hence all the websites hosted on that server will be impacted. The company can provide you with additional details of the hack like origination, the location of a backdoor and what steps have already been taken by them for more security. There is a chance that the host will perform the clean-up process for you.
Take a glimpse at your backup
If you’ve been religiously backing up your website and all its related files, this situation will make it all worth it. An important advice will be to change your passwords right now, just to be extra careful (You’ll need to again update the password in the end).
Try to restore the website from an earlier point when the site wasn’t hacked. If it’s possible then it is a good measure. However, keep in mind that it might lead to the loss of latest comments or posts which came at the later stages.
In the worst case scenario, if you don’t have a backup at all and want your content desperately, you’ll have to do some more digging.
Scanning and Removal of the Malware
In the majority of the cases, the reason for the hack is the presence of backdoors (security loopholes which can provide unauthorized access) in the components of your WordPress. All the plugins and themes should be regularly updated as their developers keep removing security threats from them with every update.
Here you should install these free plugins to run on your WordPress website:
These plugins will scan your core files and themes, etc. so that you can locate the location of the compromise. You should check all the plugins and files and if you find the location of compromise, you should either reinstall the particular theme/plugin from its original source or if it’s the core files, replace them with a non-infected one.
Check User Permissions
Go and check the Users section of the WordPress and re-evaluate the status of other users. Make sure that only the people who should be given the access and administrative rights are given so.
Needless to say, if you find any suspicious modification or a new user, remove them immediately.
Change your passwords (Again) and Secret Keys
Make sure that you change all the passwords related to your WordPress including WP dashboard, MySQL DB, FTP, or anything else which can lead to a compromise. You can use a password generator to generate a strong password.
Once you’re done, don’t forget to change the Secret Keys (they encrypt the passwords) as they can reassure you that no one can make another compromise to your website.
Following these procedures will enable you to clean your website and make it safe and secure. But as you might already know, you have to be extra cautious from now on and take special care of the steps required to save your website from being hacked. You can check some of those steps here.