Website Hacked? – 5 Ways to beat the hackers!
If you are reading this article, your site has most likely been compromised or hacked. In today’s world this is unfortunately very common. Everyday cyber criminals are writing scripts in order to attack vulnerable websites.
In today’s post I’m going to explain to you why your site may have been hacked, what type of sites get hacked, and how you can stay on top of things to prevent this from happening or reoccurring.
If you have been hacked, and haven’t updated your CMS platform, change your server passwords or “lock down” your files – you will get hacked again!
How do I know if my website is vulnerable?
WordPress CMS is a powerful CMS platform that is used by more than 73 million websites across the world (WordPress Stats). Unfortunately, with WordPress comes vulnerabilities. Those vulnerabilities exist with all of the plugins & themes used on WordPress platforms. If these plugins or themes aren’t maintained or updated your site may become vulnerable.
Hackers create “backdoor” scripts to automatically search for vulnerabilities and then execute those scripts to compromise your site. Some of these scripts can be harmless and put an ugly cover page on your website while some can hack in and steal valuable information such as credit card information!
The WordPress Codex has a great step-by-step article on securing your website.
OK, lets get started, i’m going to break this down and make it a lot easier for you to understand.
Always update your WordPress
If you have a WordPress website, you will notice when you login that you may be running an outdated version of the software. This will appear on the dashboard highlighted in yellow.
If this is the case, the number one defence against having your website compromised is to update WordPress (or any CMS platform) to the latest version. New releases of WordPress don’t just have cool features or make the website run faster, they often include critical security patches to protect your site or visitors from malware. UPDATE NOW!
It’s important to note that an update can sometimes break your theme. If you are using a purchased theme, WordPress free theme or a custom developed theme from a web developer it’s important to update with caution. It is highly recommended to do a full backup of your WordPress website before updating your theme or plugins.
How to conduct a backup
I am going to show you how to install the BackUpWordPress plugin in order to create a backup.
- Login to your WordPress dashboard.
- Hover over plugins and click “add new”.
- Search for “backupwordpress” – look out for spaces here!
- Click “install now”.
- You will see that your plugin has successfully installed.
- Hover over to “Tools” and click “Backup”.
- Click on settings (note: if your screen doesn’t look right, be sure to “clear your cache” – [CMD + Shift + R] OR for PC users [CONTRL + Shift + F5]) – then refresh your page and repeat step 6.
- Backup – select “both database + files”.
- Schedule – select “manual” – if you do want to run a schedule of backups, this is a great idea! I would recommend backing up both files and your database once a fortnight. If you are a frequent blogger you could set the schedule to backup your database every week and files once a fortnight.
- Setup your email notification.
- Once you have received your email notification and your backup has executed, be sure to save the file to your computer (somewhere safe!)
OK – great work! We have backed up our files and database incase anything goes wrong. Just to be 100% certain, I always open the ZIP file to be sure the backup has been successful.
Now that we have taken our backup, let’s update our WordPress.
This is extremely easy! In the screenshot below simply click “Please update now” and follow the prompts.
Once your site has been updated, be sure to go to the front end of your website and double check everything is still working how it should. I would even fill out the enquiry form!
Make sure your plugins, themes and any 3rd party scripts are updated!
This point is just as important as updating your WordPress theme. Make sure that your plugins are always updated!
A big hint! By default, WordPress comes with pre-installed themes. TwentyTen, TwentyTwelve, TwentyThirteen and the latest TwentyThirteen. If you are not using these themes please delete theme! Too often I see that the older themes aren’t ever updated and are usually the most vulnerable files on the server.
Installing Plugins – be cautious.
One of the most powerful aspects of WordPress are plugins. However, they can also cause the biggest headaches.
Heck! I love plugins myself. When clients come to me with crazy ideas for their website and ask if I can build them, my answer is: if you have thought of it, chances are someone else has thought of it too. I then head over to the WordPress plugins page, do my search and voila – there it is!
Some tips before using a plugin:
- Do your research. Search in Google for reviews – can’t find any? Don’t use it!
- Look at the last update. If the plugin hasn’t been updated within a substantial period of time (3-6 months), then stay away. If you are going to use a plugin you want to know that it is well-supported.
- On the above note, head over to the support section. See if there are any support queries and if they have been resolved.
- Go to the stats, see how many daily downloads and look at the ratings.
- Lastly, read up on the developers, see what else they do! Usually they are active writing a blog. Read some articles and make sure you feel comfortable!
Please don’t EVER install a plugin as a Band-Aid fix!
BIG AND EASY TIP – Get rid of the “ADMIN” user
So simple, yet always ignored. By default, WordPress recommends creating the “admin” user. This makes it easy for hackers and their automated tools to guess your password. These scripts can execute thousands of different password combinations in seconds. Having the default “admin” user makes this easier for these tools to just “guess” the password.
Be sure to check out security plugins.
On the WordPress Security Codex article, WordPress recommends installing the “All in One WP Security and Firewall” plugin. This will be sure to include extra security precautions to enforce best practice!
Has your site been compromised? We offer an affordable malware removal service that will have your website up and running within 24 hours.