If your WordPress blog has been hacked, there are chances of you getting frustrated and even going insane. In such scenarios, you will have to employ a pragmatic approach and learn how to be sure that you have definitely been hacked. You will have to understand certain symptoms that lead you to believe that you have been hacked. These symptoms are also known as Indicators of Compromise (IoC).
These are a few key indicators highlighting that you are definitely experiencing a ‘wordpress blog hacked’ situation:
- Host has disabled your website
- Website has been flagged for distributing malware
- Notice behavior that was not authorized
- Readers complaining that their desktop AV’s are flagging your site
- You have been contacted that your website is being used for attacking other sites
- You can visibly see that your site has been hacked when you open it in the browser
- Website is blacklisted by Bing, Google, etc.
Consider applying these rules after confirming that your WordPress blog has been hacked:
- You can usually delete anything in the wp-content/plugins/directory and you will not lose data or break your site. This is because these are plugin files that you can reinstall and WordPress will automatically detect if you have deleted a plugin and will thus disable it.Ensure deleting entire directories in wp-content/plugins and not just individual files.
- You usually only have one theme directory that is used for your site in the wp-content/themes directory. If you know which one this is you will then be able to delete all other theme directories. If you have a “child theme” you could be using two directories in wp-content/themes, even though this is rare.
- Watch out for old WordPress installations and backups. What sometimes happens is you or a developer will back-up a copy of all your site files into a subdirectory like ‘old/’ that is accessible from the web. This backup is not maintained and even though your main site is secure, a hacker can actually get in there, infect it and then access your main site from the backdoor they planted. So make sure that you do not leave behind old WordPress installations and if you do get hacked, you will have to check those first because there are chances of them being loaded with malware.
The steps below will help you to start working on the post-hack process when you are sure of experiencing a ‘wordpress blog hacked’ situation.
- Stay calm by taking a step back and composing yourself. This will enable you to effectively take control of the situation and thus allow you to recover your online presence.
- Take a moment to document what you are experiencing.
- Scan your website.
- Scan your local environment.
- Check with your hosting provider.
- Watch out for website blacklists.
- Improve your access controls.
- Lock things down so that you can minimize any additional changes.
- Create a backup.
- Find and remove the hack.
- Once you are clean, you should update your WordPress installation to the latest software.
- You need to change the passwords for your site after ensuring that your site is clean, thus successfully recovering your site.
To prevent yourself from experiencing a ‘wordpress blog hacked’ situation, you can install cWatch Web software that has been specifically designed to protect all your web activities, shut down hacking attacks, clean up your site from malware, and prevent malware infections from occurring in the future.