Losing access to your site or perhaps credibility due to a hack is one of the worst things that can happen to a website owner. Despite the fact that WordPress is generally quite safe, it’s also very popular among hackers because even a bit of knowledge in website management can provide a possible gateway for a hacker. And considering there are thousands of hacking attempts made daily, it’s only natural to worry about the safety of your site and the platform it’s on.
If you notice any of the following signs, you’d be best advised to run a thorough check as they usually mean you have been hacked:
- Unable to log in – This is one of the most common tell-tale signs that something fishy is going on; either you cannot log in at all, or your admin privileges have been stripped away.
- Content you did not upload or maybe even a message reading “you’re hacked” – In the latter scenario, the situation is pretty straightforward, but the former can be a real issue if you have multiple admins that upload content independently, then these hacks can be harder to pinpoint.
- Weird ads or pop-ups – Much like the previous scenario, these are ads you did not put up yourself, so if you have more than one admin, this is a great thing to keep an eye on.
- Google Chrome showing a warning – If even your browser is showing you different warnings, that probably means someone else has got access to your site.
- Unusual redirects – If your website is acting strange and keeps redirecting visitors or you to an unreliable site, that’s a red flag.
How to Fix a Hacked Site?
In case you started panicking, take a deep breath and relax; not all is lost. You can regain access to your site and protect it in the future. Not every hack is the same, and not all of them can be combated in the same way. Some pose a more significant threat than others and will require more effort, time, and maybe even money.
Now, we’ll list a few ways you can fix a site that has suffered an attack.
The Emergency Recovery Script
We all probably think we have everything under control, and all of our sites are as safe as houses, but unexpected problems or data breaches can always occur, and they’re mainly out of our control. But should anything happen to your website, ERS is here to save the day.
This single-file script works entirely independently from WordPress, and anyone can download it to save their site when in dire straits. If you cannot even log in or your user privileges have been whisked away, ERS can restore your information and help you regain control in as little as a few minutes. It will provide you with a set of powerful tools ready to do the heavy lifting and save your site.
Here’s what you have access to within ERS:
This tool provides a lot of general information regarding your entire WP installation, including database access details, site URLs, the WP version you’re running, and even wp-config.php file location. All of this info makes it easier to locate the problem and subsequently fix it as well.
On a similar note to the previous tool, this one displays important information about the server like MySQL and PHP versions. In addition, it also allows the user to access the phpinfo() function to get better acquainted with the PHP environment.
The Core Files tool checks every single core file and compares it to the master copy on wordpress.org. If it locates any changes, it reports on it and makes it easy to replace the file in question. It also takes note of anything that shouldn’t be in the core files folder and provides a way to remove it in the blink of an eye.
This tool is really powerful, so make sure not to use it lightly. When used, this tool wipes your entire database and returns it to the default settings. It doesn’t, however, delete any files, so your themes, plugins, and uploads are safe.
This provides access to database snapshots of your site, even if they are stored on a cloud. If you took one with WP Reset, good news, site restoration can be well underway with a single click.
Themes and Plugins
Instead of grappling with an FTP client, you can use the ERS to active or deactivate any theme or plugin that could have done damage to your site. An un-updated plugin or theme is a significant weak point on your site that could very well provide an entry point for someone with malicious intent.
User Privileges/Roles & Administrator Account
If your user privileges have been removed, and that’s why you cannot navigate the site properly, reset them with the User Privileges tool that not only resets them but also matches them up to the ones you had before. However, if you’re really down in the dumps and can’t even do that, the Administrator Account tool allows you to create a brand new admin account without having access to the WP dashboard at all.
If you find yourself in an unfortunate situation where both your site and home address have been changed, and now you’re in big trouble, you can quickly change both with this tool and worry no more.
This plugin is a step-up from the ERS as it contains it within the PRO package. WP Reset is one of the best choices you could make when it comes to the security of your site. It offers plenty of features, but the one you’ll be most interested in within this context is snapshots.
This feature takes automatic database snapshots and stores them on the cloud, so you can restore your site when and if the need should arise.
If something went wrong and now your site isn’t working anymore, or knowledge in design has granted access to a hacker, all you have to do is pull a snapshot taken prior to the detrimental changes and restore the website back to its previous working state. Along with this, WP Reset sports plenty of other functionalities you can use to save your site, such as being able to recover it without a backup or saving your entire database via multiple tools included.
Restore a Backup
As the title suggests, this can only be done if you do indeed have a backup stored somewhere, which we whole-heartedly recommend you create if you haven’t already. This way, you’ll still have access to everything stored on the website should any problems arise. If the hack happened after the backup was created, you can simply reach for the Backup and Restore option in the admin panel, or you can do it manually if you so desire, but this does take more time and requires some technical knowledge.
If, however, the site was breached before creating the backup, you’ll either have to try and remove the issues manually or reach for another option. To check if the hack happened before or after the backup, we recommend looking at when the infected files were last edited. If it was after the backup was created, you’re all set. But be wary of this and make sure you’re careful as more skilled hackers have been known to modify the edit dates.
Contact Your Hosting Provider
Many sites use shared hosting, and if this is also the case for yours, you should most certainly check in with your hosting provider as due to a shared server, the hack could have impacted more than just your site. If that’s the case, your provider will probably consult you on the next step you should take in combating the breach. In addition, your host manages your server even if you’re not using shared hosting, so they are more knowledgeable on the actions that should be taken in order to protect your site. In some cases, your host might even be the one notifying you of the hack.
Find a Professional to Fix It
Finding the right maintenance service to take care of your site isn’t easy. There are so many of them out there. Sure, you could always try and make sure your website is up-to-date and well taken care of, but this is a time-consuming and sometimes costly process. Most of the services you’ll come upon offer very similar services, but the prices may vary significantly.
When searching for a service to repair a broken site, you can opt for one of the two options. The first one is to hire a maintenance service that’ll look after your site generally, and for this, you’ll be looking at a monthly fee. Or you can hire someone to do a one-time fix; the prices for this usually start at around $80.
This is quite a broad topic, and we couldn’t possibly cover all of the necessities in this short paragraph, so for more information on services like these, as well as their prices, consult this link.
How to Prevent This From Happening Again?
Once your site is online again, and under your control, it is essential to make sure nothing like this can ever happen again. The first thing you can do is keep an eagle eye on themes and plugins, make sure they’re updated regularly, and if you see a message that reads “this plugin hasn’t been tested with the x last versions of WordPress” when browsing for plugins on the WordPress repository don’t download it.
Another step towards improving security is to monitor your user roles and passwords closely; if a role suddenly changes, check it out. Plus, it’s always good to use additional login practices like two-factor authentication, a password manager, or an expiring password – this is especially useful if you have plenty of temporary contributors.
However, the best thing you could do to boost your security is to get a plugin like WP Reset and choose a good hosting provider. WP Reset allows you to revert any mistake you make while messing around and trying new functionalities, so you can be 100% sure you’re never leaving anything up to chance or that some of your unintentional mistakes haven’t left a window open for anyone with a bit of programming knowledge. Choosing your hosting carefully is also an important step. Considering that your hosting is responsible for taking care of your server, if the server is poorly secured, that means that, by extension, so are you.
The last preventative measure is pretty self-explanatory, but it needs to be said. Use a well-rounded, comprehensive security plugin. These will safeguard your site and make sure it’s protected and safe from any data breaches. Now we’ll recommend a few tried and tested plugins that are sure to do just that.
WebARX prevents hacks from happening by using an easy-to-install firewall. In addition to that, you’ll have all of the information you need on a single dashboard, and you’ll be able to track activity logs and monitor results. Plus, there will be no need to check if anything on the site is out-of-date because WebARX will automatically notify you should that be the case.
Two other plugins we can recommend with a clean conscience are Security Ninja and Wordfence. Wordfence is a widely popular, free WordPress security plugin that offers a malware scanner that checks everything on your site for malware and vulnerabilities.
Security Ninja has been around for over ten years, and many people entrust their site’s security to this firewall and malware scanner. The free version alone performs over 50 security scans with a single click and allows you to prevent attacks from day one, as well as optimize and speed up your database. However, it doesn’t make any automatic changes; what you do is up to you.
How to Amp Up Your Site Security?
Unfortunately, way too many site owners put security on the sidelines, thinking, “what are the odds”? Well, the odds are a lot worse than most people think, and they are sadly not in your favor. That’s why it’s crucial to invest in and be mindful of your site security.
Let’s put it this way; if you were running an actual brick and mortar store, you wouldn’t leave the front door open at night, and the register unlocked, would you? The same applies to websites, especially if they’re your livelihood.
So, in order to truly amp up the security, you need to be mindful of your hosting, get a reliable security plugin, and get either just ERS or the whole package within WP Reset. Of course, we recommend that you get WP Reset, as it contains ERS and can do so much for you security-wise.
It’s time to start thinking about online safety seriously, so get on it, and make sure your site is impervious to any breaches.