What to do if your Website is Hacked
Nothing quite drives your visitors away from your website like a big bright red message from Google saying “this site may harm your computer” or “this site may have been compromised”.
Hopefully your not reading this post because you’ve been hacked, but rather to prevent it from happening in the future. If you are reading this and you have been hacked My Site Got Hacked understand how you feel as we have been in this boat before.
Personally the first time I had a hacked site was for a clients website. This virus was really malicious. It managed to crawl through my FTP and attacked all the saved FTP credentials. In total I had to fix 6 websites! Took me about 12 hours in total, but finally got there and hence why My Site Got Hacked was founded.
Part of the reason hacked websites are difficult to deal with is often developers wouldn’t even be aware that their website has been compromised.
Two really good starting points for reading up on hacks (and where I started) was;
Stay Calm and Scan your local machine
The first point Codex make is to “Stay Calm and Scan your local machine”. Sometimes malware can be introduced through compromised system. This is what happened to me, through my FTP system. So I decided to switch computers and work from a new computer to fix my issues.
Contact your host provider
At the time my websites were on a shared hosting environment –bluehost. So I contacted Bluehost to check what steps or precautions I needed to take. They weren’t too helpful. I have since moved over to Site5.com and they seem to be very helpful when sites have been compromised.
The one good thing about my Bluehost account was that I arranged for the daily backups. I was able to restore some of the sites to a working backup and then decided to update WordPress, update plugins and lockdown file permissions in my FTP and change all the passwords to FTP, database and WordPress. I even deleted my “admin” login and changed to a different login username.
Latest Modified Files
For the other sites that didn’t have backups, I was still on the hunt to find the issue. I decided to download all the files to my computer (I was on a MAC so was confident the computer wasn’t going to get affected. Maybe if you are on a Windows computer I would do this with caution). I preceded to look at all the core files and check at the latest modified files. Doing this I found that 5 files had been modified that day and opened the files and removed any suspicious code.
I then preceded to look through the server logs at any suspicious activity such as failed login attempts. Alas, on one of my sites up to 35 failed login attempts!
Recommendations from my learning’s
Go with a hosting company you can trust
I choose Site5.com for all my client sites. They have great support and offer a malware scan service.
WordPress is vulnerable to hacks. Read my article on how to beat hackers with 5 easy steps.
Lock down WordPress
Refer to the codex on how to Harden your WordPress.
Trust the Experts
As Codex first eluded, stay calm and trust someone like My Site Got Hacked. We have been helping websites for the last 6 months recover from hacked websites.
No website has taken us longer than 24 hours to get back up and running.