Has your WordPress website been hacked?
In most cases, website hacks are not done directly by hackers, but through automated scripts – robots programmed to crawl the web, looking for vulnerabilities to exploit.
But don’t panic, this article will show you how to fix your hacked WordPress website.
Do You Need Help Now?
We are Sydney based, web security experts with 14 years of experience in cyber security.
We’ve seen just about every hack imaginable and fixed them all.
We’ll make sure to fix your website ASAP and take cyber security measures to prevent future attacks…
You’ll be able to sleep with peace of mind!
What To Do When Your Website Has Been Hacked:
#1. Document Everything That Has Happened In Detail
The first thing to do is document everything that has happened in detail, before, during and after the website hack has occurred.
This is so a team of malware experts can later handle the situation more effectively if you cannot solve it yourself.
The more details you can provide them, the faster they will be able to help you.
Here are some examples of what to note down:
- Are there visible signs that your website has been hacked?
- Are search engines like Google / Bing blacklisting your website? (i.e. giving a warning message when trying to click through from the search results).
- Have any users reported unusual / suspicious activity on your website? Make copies of the emails / correspondence.
- Have you been contacted with a ransom email? Make note of the sender and the details of this correspondence.
- Have there been any unauthorised new accounts created? (your user list can be viewed at www.yourdomain.com/wp-admin/users.php, or in the “Users” sidebar in your WordPress Dashboard)
- At what time did this hack occur (or when did you notice it?)
- What actions have you taken recently before and after the hack?
- Have you installed any new plugins recently?
- Did you make any changes to your themes?
- Has any website code been edited recently?
Annotate these notes with as much detail as you can.
This material will prove invaluable for your incident report.
#2. Scan Your Website With Anti-Malware Software
Next, scan your WordPress Website using anti-malware software.
There are many potential ways your website could get hacked.
From outdated plugins / WordPress versions, software installed from an infected source, brute-force password attempts and more.
Among these potential causes, malware can be detected using software.
You can use either a plugin or an external (remote based) scanners. For best results, we recommend using both.
Run scans using the software mentioned below and take note of the results.
If the cause can be pinpointed to a specific reason (like an infected plugin, outdated WordPress version etc.), remedy this immediately.
Examples of anti-malware WordPress plugins:
Examples of external scanners:
#3. Scan Your Computer or Laptop
Sometimes malware can creep into your website through your own computer or laptop.
To check if this is the case, run a malware scan on all the devices you have accessed your website with.
There are many free anti-virus programs that can scan your system for you:
Some sophisticated viruses can detect specific anti-virus programs and hide from them. We recommend trying at least 2 different scanners to make sure this isn’t the case.
#4. Contact Your Hosting Provider
If you are using a shared hosting service, the hack may extend to more than just your website (and vice versa).
Contact your hosting provider and let them know what has happened so they can take the appropriate steps.
In some cases, it is the hosting provider that gets hacked and therefore the websites on the hacked server also get affected.
#5. Get In Touch With A Web Security Expert
Hopefully the steps above have detected the malware that is affecting your website and you have been able to remove the source of the problem.
However, even if you were able to remove the malware, it may have left a “backdoor.”
This backdoor allows the script to gain entrance back to your website without your knowledge.
This happens more often than not, and we have had clients who came to us because the issue would keep coming back, over and over.
Even if you have an in-house web developer, they will unlikely to be able to resolve this issue completely as Web Security is a completely separate field of expertise.
At best, they may be able to remove the malware but unable to remove the backdoor.
(Locating the source of the backdoor is a very technical topic and beyond the scope of this article).
This is why we highly recommend getting in touch with a Web Security expert to patch up any backdoors the malware may have left behind and prevent future problems.
On the other hand, if you have not been able to detect the source of the problem, get in touch with us and we will fix it for you.
Our team consists of Web Security experts with 14+ years of experience in cyber attacks, network vulnerabilities and more.
Other Useful Resources:
Here are some other web security related articles that may be useful to you: