It’s a nightmare scenario. You go to your website and then find a nasty message from a hacker bragging about hacking your website. And nothing else. As far as you can tell your articles is gone and you also can’t even discover a way to log into your WordPress dashboard.
Would your organization survive your website being turn off, even temporarily?
It Happens
That’s exactly the situation that my pal of mine found herself in recently.
Fortunately we were able to help her out, rescue (the majority of) her files and get her back ready to go relatively quickly. But that isn’t always the case.
Turns out she could have done some what to better protect herself. Fortunately she learned her lesson well and she’s in far better shape today than she was before the attack.
PERHAPS YOU HAVE Really Been Hacked?
A lot of times people arrived at me saying, “My site’s been hacked,” when it certainly hasn’t. With WordPress sometimes plugin conflicts could cause issues that seem to the user just like a hacker has messed with something. That is most common when upgrading to a fresh version of WordPress in case a plugin hasn’t been made compatible with the brand new version yet.
While that can cause your site to crash, it’s not caused by hackers.
Not just that, but a lot of the sites I’ve seen that have been hacked weren’t just removed by them. Most of the malicious hacks I’ve seen involved injecting some code in to the site, usually with the finish goal to redirect site traffic to another website.
The Symptoms
Without going into the gory details, my friend’s case was just a little different. Her site actually showed an all white screen having an error message along the lines that a plugin conflict might produce and the hacker just wished to crash her site. Turns out he was into stealing something else.
When Repair hacked wordpress website did some troubleshooting I was able to get her site back ready to go in fairly short order. In her words:
I must add here, that it only took Chris 45 minutes to decipher and fix what was a fairly sophisticated hack!
While I’d never promise to be able to recover a hacked site that quickly, I really do have a good background recovering hacked WordPress sites.
Protecting Yourself
Here are some actions you can take to minimize the probabilities you’ll end up receiving hacked and maximize the probabilities to totally recover quickly when your site crash (for reasons uknown).
1. Use Strong Passwords.
I honestly think this is my friend’s biggest mistake. Again in her words,
This is what got me – I simply used numbers and letters and the password was – well – kinda obvious.
Make your passwords not only hard to guess, but make sure they are more difficult for sophisticated hackers to break as well. Randomly mix in special characters (found on the number keys with the shift button) along with numbers and upper and lower case letters. Strong passwords make a huge difference.
Both WordPress and cPanel will tell you how strong your password is. Stronger passwords offer better protection.
The trouble is, having strong passwords also makes them harder to type in. That’s why I take advantage of 1Password to manage my passwords on my Macs. I could use really strong passwords and I don’t have to remember them or type them in. 1Password will auto fill web forms for me. It’s the best of both worlds: good security & user-friendly.
2. Keep Your WordPress Updated.
Probably one of the most common ways WordPress websites get hacked is because their owners don’t keep their software up-to-date. What happens is that older versions of WordPress can have known security weaknesses. These weaknesses are fixed by newer releases of the software.
But if you don’t update your software, you leave yourself exposed.
This also is true with plugins and themes. Besides, the newer versions of WordPress make keeping everything updated remarkably easy. There’s not much of an excuse to help keep you from updating things.
3. Backup Regularly and frequently.
An excellent backup can cover for a ton of other issues by making it possible to revert back to how things were before your website crashed. When it comes to WordPress it is advisable to back up your
Database
Theme Files
Plugins
Media Uploads
There are many different plugins and services to handle backups of your WordPress site.
But the point is backup early and backup often!
Bottom Line
I don’t think any site is completely “hack proof.” A determined hacker with enough resources can break into most anything. Just watch an episode of NCIS!
But should you choose these three things you’ll greatly reduce your risk of being hacked and ensure it is much easier to recuperate if you do come across a problem.