You’ve probably heard again and again that you need to take measures to keep your WordPress website secure. But do you really need to worry about WordPress being hacked? What are the threats exactly?
Once hackers gain access to a website there are a number of ways they can really mess things up for you.
The more politically motivated post their own content defacing your website, but recent times have seen a surge in malware ‘phishing’ for credit cards details. Then there’s the spammers, sending thousands of viagra emails from your account until you realise you’ve been blacklisted and no one is getting your emails.
Whatever the hackers intention, your business income and reputation are at stake.
If your website is a victim with WordPress hacked, or you want to know how to clean and secure WordPress read on – As a website owner, it’s not only in your interest to protect your website from hackers, you have a responsibility to protect people using your website from experiencing malware attacks.
Help my website is hacked!
Do you suspect your website has been hacked, or has a customer reported something unusual? Take a deep breath and stay calm.
First check your website is actually hacked.
If your website shows a blank page, or is reporting an error, check if anyone with access has recently made any changes. Someone with good intentions may accidentally have caused an issue.
Your WordPress host could also experiencing a server issue, so login to your hosting control panel and check the updates and server status.
Next run this free website malware and security scanner. Although not guaranteed to be 100% accurate, it not only scans your website but checks various blacklist databases, such as “Google Safe Browsing” and “Norton Safe Web”.
If it’s bad news at this point, again stay calm. Having your WordPress website hacked is stressful, but reaching out for help and following the next few steps will see your site clean and secure in minimal time.
Restoring a WordPress website
If you have a recent backup restoring your WordPress website to a previous version is an option to get the site back up quickly.
But even if you are confident the backup was taken before the website was hacked, to be sure you’ll still need to have the site professionally checked for malicious code. And remember this version was vulnerable to hacking, so it’s important to improve it’s security.
WordPress malware cleanup
Any detected malicous code needs to be cleaned from your files. At this point it’s time to get WordPress help from a developer or a malware cleanup service.
Sucuri have a reliable service to clean and remove malware from hacked websites. A world leader in website security, Sucuri have developed technology to quickly scan the thousands of files in your WordPress installation detecting malicious code. With robust and tested procedures in place they can remove that malware without harming your website at all.
WordPress website security
Ok so with the malware cleaned you’re now back up and running, what a relief!
It’s not time to relax just yet. You need to secure your website or risk being hacked and reinfected with malware all over again.
There are many ways a WordPress website might be vulnerable, but most websites that are hacked have one of the following two security weaknesses.
Weak passwords. Change all your passwords including hosting, FTP, email and WordPress for all users. The passwords should be at least 10 characters long, containing capitals, numbers and symbols.
Outdated Software. Check and run all available updates, remembering to take a backup first! Most WordPress websites are hacked via security holes in outdated plugins and WordPress versions.
To more thoroughly lock down your website follow these 11 WordPress security tips or reach out for expert WordPress help.