Picture if you will… You're enjoying a nice snow day with your family and all of a sudden your assistant, or friend, or family member sends you a text message saying something like this, "Is your website down? It's not loading!" Or the dreaded word, "Oh my goodness. I think your website has been hacked!!!" I'm sure that the following happens…
WHAT? NOOOOO!!! CRAP. WHAT DO I DO?
Even the "so-called" pro's run into issues similar to this. It's a common problem that anyone who owns a website might face, so here are a few simple tips on how to prevent your WordPress website from being hacked and/or having tricky plug-in issues. Plus, see a few tips on what to do when your website does go down.
Steps to Website Hacker Prevention
Step 1. Is Your Computer Protected?
First and foremost, make sure that the computer you're working on is protected and it's one you regularly use (and you know what's been downloaded on it). If you're on a Mac, you're better off but not safe. PC users, please make sure you have the most up-to-date anti-virus software installed.
Step 2. Download Bulletproof Security Plugin from WordPress
This plugin protects your website against pesky hackers who place unwanted code onto your website. To prevent it from happening, download this plugin and change your passwords often!
Step 3. Change Your Password
If you've had the same login for your site since it launched a year ago, you should change it. Many experts say that hackers today are more clever than ever, making frequent password changes even more important. But The National Institute of Standards and Technology (NIST) says that password expiration policies are "irrelevant for mitigating cracking," because hackers may be able to crack any passwords we put in place, but let's go ahead and update it – if anything, for peace of mind.
Step 4. Downloading Plugins
Be careful when downloading plugins. Not all plugins are created equal. Check the review, how many downloads the plugin has received, and make sure you have the latest version installed! To do this, always visit the website of the Plugin developer before you download.
Step 5. Comments Manually Moderated
Better to be safe than sorry. Make sure to moderate each comment that comes onto your website.
Now, onto the "Fun" part…
I Got Hacked! Now What?
Don't panic! Take a deep breath, grab some coffee or tea, get your phone and get to work!
You need to remove the malicious/hacked code files from your website via your FTP Manager or client on your host server (i.e. GoDaddy.com or another provider like Dot5Hosting.com). In order to know which files were affected, contact your Host provider. If you don't contact them, and request for them to do a scan of the malicious/hacked files, you or your developer will spend all day trying to figure things out on your own – and that's time and money you probably don’t want to waste!
When your site is hacked your service provider may temporarily suspend your service — meaning, no one will be able to see your website and you won't be able to make any updates to it.
Once the malicious/hacked files have been removed from your website (if this is applicable to you) your host provider will lift the suspension of your website. Here's where you will either be happy or more pissed off. Navigate to your website. Does it look OK? If yes, then great! You can stop reading. If NO, then continue on…
In removing the malicious/hacked files, other files can be affected. Each case is different but consider the following:
If homepage features (gallery slider, right rail modules, etc) don't show up, re-install your website theme.
If the footer widgets are missing, you'll need to rebuild your footer. This shouldn't take long. Simply, go into your WordPress website, navigate to Appearance > Widgets > and see if the original footer information is there. If not, then recreate it.
If your Blog posts are missing, restore your files via your web host automated backups. If you don't have this in place, check with your host provider (i.e. GoDaddy, etc) to confirm you have automated backup set up configured. Make sure you're backing up your WordPress files and your mySQL database.
Once the malicious files have been removed, you might have to do some work on the site to get it looking "right" again. Download the WordPress plugin – Easy Coming Soon – for a simple to use "Under Construction" homepage. There are many choices out there for similar plugins, but we like this one.
Was this helpful to you? Share this article with others. If you've been in this situation, tell us about it! Any tips you'd offer up that we didn't cover?