We know that dealing with a hacked WordPress blog can be super stressful and frustrating. But don't worry! We are here to help guide you in what to do.
It can also be tough to actually know if your site was hacked or if the problem you are seeing is being caused by a different problem.
Here are a few indicators that you site may have been hacked:
- Random errors or pages unable to load
- Notice behavior that was not authorized (i.e., creation of new users, etc...)
- You can visibly see that your site has been hacked when you open it in the browser
- Website is flagged by Google, Bing, etc.. in search results
- Readers complaining that their desktop anti virus software is flagging your site
- Contacted that your website is being used to attack other sites
How Did I Get Hacked?
It is difficult to pinpoint exactly how WordPress was originally hacked but in most cases it is due to an insecure WordPress login password or out of date / unstable plugins or themes installed on the blog. Showit provides software to build a site in conjunction with WordPress, which is a very popular blogging platform. Because the blog allows you to install plugins which are custom code, that plugin code is not controlled by Showit and you assume responsibility and it should be carefully installed at your own risk. Installing lots of plugins or not updating plugins you have installed is a recipe for allowing something to slip through the cracks and thus targeted by hackers.
For more understanding on this, Google also provides a helpful video and info on hacked sites and recommendations on returning your site to a clean status.
What Should I Do?
We are here for you! While we are happy to help you get your site back online, due to the number of different types of WordPress hacks that are possible, we may not be able to completely remove all infected files. Here are some steps to take if you suspect your site has been hacked:
1. Contact Showit Support
Submit an emergency message to firstname.lastname@example.org and let us know what is happening. We can then help you get your site back online by reverting the site to a previous backup. We store 30 days of backups so it is important to let us know so we can restore your blog to a clean state.
2. Reset Your Password and Improve your Access Controls
To prevent any further hacking of your site, reset your password to something much more secure. This means using Complex, Long and Unique passwords for starters. The best recommendation is to use a Password Generator like those found in apps like 1Password and LastPass. This extends beyond your user, and must include all admin users that have access to your blog. It is also recommended to consider using some form of Two Factor / Multi-Factor authentication system. In it's most basic form, it introduces, and requires, a second form of authentication when logging into your WordPress instance. Some of the plugins available to assist you with this include:
3. Update and Remove Plugins & Themes
If you have any plugins or themes that you no longer use, deactivate and remove them so that they don't leave you vulnerable. Choose carefully the plugins you keep and make sure they are updated and maintained by a reputable source.
4. Scan Your Website
When scanning your website you have a few different ways to do this, you can use external remote scanners or application level scanners. Each are designed to look and report on different things. No one solution is the best approach, but together you improve your odds greatly. Our team uses WordFence which has a free version that will scan the files on your site.
Application Based Scanners (Plugins):
Remote Based Scanners (Crawlers):
5. Have Your Blog Cleaned
While reverting to a site backup will likely get the site back online, it may not completely remove the infected files and your site could be effected again in the future. To make the infected files are permanently eliminated, we would encourage you to have your blog cleaned. You may have your site back online but then it goes down again which is an indication that your site was not fully cleaned. You will need to request SFTP and SQL access to your site which the Showit support team will provide. While Showit cannot clean all the infected WordPress files, here are a few online services that can help you get things all fixed up!