My Website Was Hacked (WordPress Edition) – What To Do
We have seen it happen several times in the last few years. We are contacted by a new potential client that has lost everything on their website due to a hack, exploit, virus or a back door that left their site vulnerable. Often, the hack results in the entire website being wiped out, except for a message on the home page by the hacker that says, “Hacked by XYZ Name”. If your WordPress website was hacked the following may help you remedy the problem.
This does not mean that your entire website is gone and in most cases it is not. In most cases the entire site may be overridden by one single file that penetrated the main directory where your site files are housed.
So usually, the first thing we try to determine is if the client made any backups of their site in the past. If backups are regularly performed, it is fairly easy to roll back to that backup to restore your site to before it was hacked. There are two types of backups, one is WordPress backups (database and files) and the other is cPanel backups. Ideally you want to have both and we’ll explain why.
Keep in mind that if you restore the site from a backup, not only does it guarantee the malicious files are not in the backed up copy, but you will lose any new changes you have made to the front end of the site since the backup was performed. That is why both types of backups should be performed regularly.
Sometimes, the hack is so bad that you cannot get into the Admin panel of WordPress in order to run a backup. In this case, your cPanel backup of your entire public_html folder can be restored in order restore the WordPress website. Unfortunately, very rarely does a client have WordPress backed up and if they do, it is a year or more old and the site changed a bunch over that year, rolling back may cost you hours of work to re-update the site.
What To Do To Remedy The WordPress Hack
The first thing you need to do is to access your file manager and look for malicious files that somehow made their way into the site directory through a back door. You should see a column of last modified dates in your file manager for each file, you will want to look for files the have a different date than the bulk of main site files (which should for the most part all be the same date). Those are usually the malicious files and they often have odd file names. Before you delete any malicious files trying to restore your site, make sure to run a full backup in cPanel. That way if you accidentally delete an actual core site file, you can restore a copy of it.
This is why you need WordPress Maintenance Services
WordPress sites require constant maintenance. Just updating your site content alone is not enough to keep your site secure, there is also a lot of back end admin maintenance. Whether it is updating plugins or updating to the newest version of WordPress, running backups, SEO optimizing, running malware scans or any other labor intensive WordPress upkeep task, you have your work cut out for you under the hood of your website. If none of these things get done regularly, your site is highly prone to being hacked in one way or another.
We offer Website Maintenance Services to ensure your WordPress Website is always up to date not only for security reasons but just as importantly for search engine exposure.