So, you’ve woken up one morning to discover that your WordPress website has been hacked. A cold, icy panic grips your body – this site is your livelihood. It’s where a lot of your business is conducted. It can’t be hacked; it’s far too important. However, there are a few things that you can do in the event of a hack, and we’re going to be looking at them here. So calm down, take a deep breath, and let’s see if we can’t find an answer together.
Identify The Attack Vector
When it comes to the malware, you need to know how it got into your site, to begin with. This will involve identifying if the weakness in your site was down to a password, or if it was a complex problem. It’s crucial that you know how hackers got in so that you can stop them from doing so again. Check if your plugins have known vulnerabilities, you can use our WordPress vulnerabilities database. You can also analyse your website access logs. For most Apache users, it is stored in /var/log/apache2/access.log.
Make Sure That You Change Your Passwords
If you have a hacked site, then it is possible that your passwords are at risk. If hackers have the passwords to your site, then it is possible that they can directly go back onto the site in the future and insert malicious software into it again. Thankfully, WordPress has always made it quite easy to change passwords, but just make sure that they are entirely different from last time and are also as secure as possible. You should change your FTP and database password too.
Restore Your System From A Backup
Restoring your system is an excellent way to counteract a hack without losing too much data. If you have a restore point for your website and/or customer database, then you can avoid data loss by uploading that in place of the corrupted version.
Destroy The Hack
Now that you’ve gotten those bits out of the way, it’s time to move onto the process that most people might be thrilled to do, and that is to remove the hack from your system completely. You can follow our removal guide: How To Clean A Hacked WordPress Site On Your Own. However, it’s advised that you never try and do it yourself in case something is missed, so trust professionals and contact us. We have extensive knowledge of hacks aimed at WordPress sites, and should easily be able to help, so they’re worth looking into.
Overall, these are the main steps that you should take if your WordPress site has been compromised. These will all help to make sure that no matter what, you can restore your site back to full working order and also purge it of any problem elements. If you remain calm and act quickly during a hack, you’ll be able to prevent it from getting out of hand or damaging your business too extensively.