So, your WordPress website has been hacked. Welcome to this frustrating and overwhelming rite of passage. Not sure what to do? We’ve got your back. Go through our step-by-step guide on how to manage the crisis and clean the hack. You can also secure your WordPress site from future hacks with our checklist.
1. Don’t panic
There are 90,000 attacks on WordPress every minute. Getting hacked is frustrating, but you’re not alone. Remember that you’ll get through this – just follow the steps.
2. Put your site on maintenance mode
Resolving a WordPress hack may take time. If possible, switch your site to maintenance mode so that your customers don’t interact with the hack or use the site while you’re debugging it.
3. Update your customers on social media
We live in an immediate world and customers don’t like being in the dark. If your website has been hacked, update them on social media. You don’t need to give all the details. Just say the site is undertaking emergency maintenance and you’ll inform them when it’s restored.
4. Contact your hosting provider
If you have a top hosting provider, contact them. Often, they’ll help with site recovery. If your host provider isn’t helpful or perhaps the reason why the hack happened in the first place, it might be time to switch services.
5. Look up your latest website backup
If you’re diligent about backing up your website, it’s your moment to shine. Get your latest backup and use it to restore your website. If you don’t have one, or you think it might be compromised, skip the backup and go straight to the next step.
6. Use a security scanner to find and clean the hack
WordPress recommends the following security scanners:
- Cloaked Link Checker
Download your preferred tool and scan the hack. Once the hack is identified, most of these tools provide how to clean it – usually by removing malware from a plugin or theme.
7. Check your local computer too
Sometimes your local system may be compromised. You should also do a scan of your device to avoid leaving any open doors to hackers.
8. Remove vulnerabilities
Now that you’ve cleaned up the hack, it’s time to remove security flaws and vulnerabilities. You want to make sure your system is secured and that it’s not possible to hack it anytime soon. Use our checklist of must-dos to secure your WordPress site.
9. Update all your user access and passwords
Once you’ve cleaned the hack, be sure to update user access and passwords. It seems like a small thing, but thousands of hacks exploit weak passwords.
With our steps, we hope you’ve gotten rid of the hack, cleaned up your WordPress site and secured it from future attacks. You might also want to consider getting cyber insurance in order to avoid business losses during an attack.
Need some professional help to harden your security? Get in touch with our tech team.