WordPress has lots of periodic updates and security patches which is one reason why it is one of the most secure content management systems. This notwithstanding, hackers are continually discovering new vulnerabilities to exploit so it is increasingly common to hear of websites getting hacked. The sad reality is every website can be hacked. Granted, there are some important WordPress best practices that you can adhere to while developing and managing your website to make your website safer but the threat is still real. Which begs the question, what would you do if your WordPress website got hacked?
What to do when your WordPress website gets hacked?
Restore your backup
As a best practice, you should always make backups of your website on a daily, weekly or monthly basis depending on how frequently you post new content or make site wide changes. If you get hacked, just go to your archives and use the most stable backup to restore your website. If you have an automated scheduled backup, use the backup files from the day /week /month before your website was hacked. In case you had not been proactive in taking backups, you can get in touch with your webhost and ask them for a backed up copy of your website. Most good webhosts usually take periodic updates of the websites they host.
So what if you do not have a backup? Don’t worry. All is not lost. Read on…
Ask for help from your webhost
This is probably the best way to restore your hacked WordPress website especially if you are not a techie. Most webhosts place websites on shared servers which often means that hackers target other websites on the server as well. For this reason, webhosts deal with hacked websites so regularly that they know exactly what to do in such scenarios. In addition, they usually have access to tools that they can use to scan your website to identify the vulnerabilities and suspicious code. A good webhost should be in a position to easily help you restore your website especially if the hack happened from the server side.
Update your plugins and themes
Research has established that 22% and 29% of all hacked websites are as a result of vulnerabilities in installed plugins and themes respectively. If you have access to your backend, login and update any outdated plugins and themes. As a rule of thumb, only install plugins that have been reviewed by the WordPress community. You may also want to check to see if you have the latest WordPress installed. If you have lost access to your backend, scroll down the article to see how you can recover your passwords.
Reinstall your WordPress website
Core files are more often than not the point of breach in most hacked websites. This is especially the case if your website was running on an outdated version of WordPress. Before you start reinstalling WordPress, you may want to take a backup of your website just in case you need to roll back. If you had uploaded any files using the media center, back them up so that you replace the folder in the new installation. As for the plugins and themes, you can re-upload them later from their original source. After backing up all files, follow the simple steps below to reinstall WordPress:
- download a fresh copy of WordPress from wordpress.org
- delete al the WordPress files from your server
- upload your new WordPress files to the root (or where you had installed the previous WordPress)
- Go to the backed up files and locate the wp-config file and use the database settings there to modify the new file
- Scan your i uploads folder and if you get not threats, re-upload it to /wp-content/uploads/
- Your WordPress should be working fine by now. The next step would be to manually install the plugins and themes.
Reset all passwords
If the breach came from the server, it is prudent to reset all the user passwords. The mistake most people make is to only reset the admin passwords but you should ensure to reset all passwords. There are two methods of resetting the passwords. The first method is going to the user manager in the dashboard of your WordPress installation and resetting the user passwords from there. Of course this can only work if the hacker did not deny you access. In case you cannot login to your dashboard; you can use the phpmyadmin method to reset the passwords.
How to reset the password using the phpmyadmin method?
- Login to cPanel. In case you do not know your cPanel login credentials, get in touch with your webhost and they will be happy to reset them for you
- Once in cPanel, click on the phpmyadmin icon and once phpmyadmin loads, locate your WordPress database and click on it. If have more than one database and you are not sure which one it is, just navigate to file manager and check your database name from the wp-config file
- After clicking on the database name, navigate to wp_users table
- You should see a list of all users with edit buttons. Click on the edit button and in the user_pass field, change your function to MD5, then enter your new password and click the go button.
- Repeat step 4 for all users.
Remember to use strong passwords. You can Google for a free online password generator to help you get strong passwords for all your users.
What is worse than having your website hacked? Well, how about getting hacked a second time moments after you restore your website? This can really be frustrating especially if your website has a shopping cart. That is why you may want to enforce a Secure Socket Layer (SSL). SSL encrypts sensitive data so that only the node that was meant to receive the data can decipher what it is all about. But apart from encryption, SSL will also help you ensure you are not sending the data to a hacker who is pretending to be someone else. The public key Infrastructure implemented by SSL ensures that the data your website sends on the internet is done securely. Most reputable webhosts provide SSL certificates so you can get in touch with them and they will help you enforce it on your website.
What next after recovery?
After you recover your website, it is a good idea to take precautionary steps to prevent this from happening again. Here are some simple steps you can take to ensure your WordPress website doesn’t get hacked again.
- Make sure your website is hosted with a reputable webhost
- Install a plugin that adds a two-factor authentication
- Use recaptcha on your forms to help prevent robots and SQL injections
- Only install plugins that have been reviewed with the WordPress user community.
- Use strong and unique passwords for all user accounts
- Set the correct file permissions. As a rule of thumb, your folders should be set to 0755 and the files to 0644
- Activate automatic WordPress updates to ensure you always have the most current WordPress installation. You can do this by adding define( ‘WP_AUTO_UPDATE_CORE’, true ); to the wp-config file
- Make sure all installed plugins are up to date and have been tested with your current version of WordPress