For many business owners, a hacked website is their worst nightmare. If your WordPress website has been hacked, there are some steps you need to take right away. Here’s a guide to help you get started.
Did you know that the average cost of a data breach hovers around $3.6 million?
Companies of every size have a lot to lose by leaving their WordPress site open to abuse. Whether it’s through customers running for the hills, a damaged reputation, or through lawsuits, a data breach is costly.
If you’re dealing with having a hacked website, you have a lot of work ahead of you. Here are our top five tips to ensure you stay level-headed through it all.
1. Don’t Panic
Finding out your website was hacked can send you and everyone at your company into a panic.
While it’s understandable that you might be worried you’ve just lost everything, it might not be true. A data breach can be just some kids fooling around or a bot that found its way into your system.
A data breach might be an upsetting turn of events, but it doesn’t have to be the end of the world. In fact, it might not have done any harm at all.
Keep your data breach on a “need to know” basis. Deal with it ASAP, but don’t make a huge production out of it until you know more. A data breach will tank your trust with the public and could leave employees feeling uneasy.
The calmer you are about this situation, the calmer everyone else will be. Potentially losing your data can be an upsetting proposition. People who worked on a project for years could be driven to tears thinking about losing their work.
As long as you have a backup plan, everything will be fine. Take a deep breath and keep going.
2. Redirect Customers
For now, start redirecting customers to either a static page or an older version of your site. You can put up a splash page telling people you’re working on your site or that certain features won’t be available.
Don’t outwardly lie to your customers. This will damage your trust with them in the future. If you want to give them a line about technical difficulties, that’s understandable.
Most everyone on the internet understands that not everything is going to work 100% of the time. If you anticipate that this hack will take more than an afternoon to resolve, you should come up with a plan to keep customers safe and off your site.
Redirecting customers will only last for so long. It won’t be long before they start to speculate about you.
3. Back It Up
Backups are your greatest ally in the event of a hack.
If you’re not in the middle of a hack, go ahead and back up your system before you finish reading this article. Backing up will ensure that you’ll be able to restore a previous version of your system in case the worst happens.
Your backups need to be offsite, encrypted and secure, and frequent. You might even want to hire a company like EnsureWP to make sure your backups are taken care of.
Hosting your backups offsite means that if someone gets into your main system, they won’t have access to your backups. It means that your system and backups will be isolated from one another and protected. It also means that if there’s a fire or emergency at one location, it won’t feel like the sky is falling.
Backups need to have their own server and to be encrypted and secure. Your backups need to be secure in the sense that there’s a two-factor authentication system to get into them. They need to be encrypted every time one is created to ensure there’s no way an outsider could meddle with them.
You should be updating your backups hourly throughout the day and once at night when no one is working. Your backups should be kept on separate servers in case something happens to one (see above). Having one every hour means that if you realized you were hacked at 1 PM, you can revert to the noon version of your system without anyone noticing.
4. Scan Your Local Machines
Your local machines could be the start of a hack. Lots of hacks start with systems that are taken over by nefarious actors. Hacks that target a specific machine can do more harm than you might realize.
If they’ve got access to your email account or any other kinds of accounts, they could use the automatic login information. That means they could very easily pose as you, post strange things, or email your trusted clientele.
One of the reasons that operating systems need to be updated so often is that there are always “new security options.” While they may make no sense to the average user, they signal the fact that there is work being done all the time to breach systems.
Operating systems make it their work to anticipate these hacks and add new OS releases before something happens.
5. Reset All User Accounts
Your most important and nuclear option is to make every single user create a new password. You’ll have to kick everyone off the system to ensure this happens.
Here’s where you may have to reveal your cards. If it won’t cause extreme panic and you were able to contain the hack, you can announce that you were hacked. This could upset some of your WordPress users but, in the end, they’ll respect your decision.
New passwords are a new opportunity to buckle down security. Encourage your users to use two-factor authentication for everything if possible. Otherwise, make sure they create strong and unique passwords.
A Hacked Website Doesn’t Have to Be Catastrophic
A hacked website might not even be the end of your website as you know it.
It could end up being a teachable moment where you learn the strengths and weaknesses of your security. After your website is hacked, you surely won’t be leaving those vulnerabilities open to a hack in the future.
When you’re in the process of optimizing your WordPress site, be sure to take cybersecurity seriously.
One Response to “WordPress Troubleshooting: 5 Tips for Dealing with a Hacked Website”
Sarah
If you clean a lot of infected sites you will start noticing patterns in where malicious code is commonly found. One such place is the uploads directory in WordPress installations. The command below shows how to find all files in the uploads directory that are NOT image files. The output is saved in a log file called “uploads-non-binary.log” in your current directory.