What to do if your WordPress website gets hacked
Articles,  Blog

What to do if your WordPress website gets hacked


Hey y’all, welcome to another WordPress Wednesday. My name is Kori Ashton, here at WebTegrity
in San Antonio, Texas and we are your weekly WordPress nerds. Every single Wednesday we’re producing some
sort of video that’s going to help you improve your online marketing specifically in the
world of WordPress. Today we’re looking at Uh oh, the scary though of
what do you do if you fee like your WordPress website has been
hacked? We’ve got three simple steps. First of all, take a deep breath. We’re okay, hopefully, we can do
this together. It is a scary thing thinking that your site is
being hacked. Especially if you can’t even gain access
to the dashboard or you can’t see your website at all to the point that your
website is completely down. So certainly a concern there. The first step, I would say, if you cannot
get access to your website… If you cannot see it or if you cannot
click to log into your website with the forward slash “wp” dash “admin”. If you cannot see that area, first thing
you need to do is contact your hosting company. Ask them if they can get you access. Ask them if you had a backup in place, hopefully. You might be able to click to restore to a
clean version of your website and then somehow get access to your website. If you want to be a nerd and go a little bit more
advanced, there’s a little bit more advanced instruction inside of WP Codex and I’ll
give you a link to that here momentarily. Overall just know that this should help
you regain access. I also have another video that if you
have the white screen of death (meaning your literally cannot see anything) I have a video that walks you through
how to regain access to your website through FTP, so I’ll put the
link to that video in the description box below so you can check that out. But, let’s get into the few steps of what
to do if you think that your website has in fact been hacked. So, first step, is I want you to try and see
if the point of hack basically… I want you to find the point of hack. Now that could be on your actual computer
itself. So, on your PC. If you can run McAfee or some kind of a
scan on your computer and see if there is any sort of malware inside of
your own computer. You actually can feed that to your website
all through your computer. The next thing you want to do is
figure out, on your website, was the point of hack through your theme? Is it out of date? Was the point of hack through the core
WordPress files? Was the point of hack through some sort
of a plugin? How do you even know that? One of the things you can do easily is
go ahead and log in your dashboard. We’re gonna go into plugins and we’re gonna
“Add New”. This is a free option and free is always in the
budget. We talk about that a lot here on our YouTube
channel. Free is in the budget. Work with us on
following these steps. You’re gonna go do a search for
“Sucuri”. It’s this one right here that we’re looking for. You can see right away that it has over
two hundred thousand active installs. It’s got fantastic reviews, it’s been updated
recently and it’s compatible with our version. So, we’re going to go ahead and
“Install Now” and we’re going to ‘Activate”. So, this is the first step in figuring out
where’s the point of hack. Is my site actually hacked? So, what I want you to do is, come over here
once that’s been installed. You can go to the dashboard of the Sucuri
area and there is a tab right here that says
“Malware Scan”. You can go ahead and click scan and
scan your website. It’s going to read through all of your files. Let you know if it’s clean or not. Let you know if something has been hacked. This is really important to do, simply for
your own knowledge of What area was infected? So, thankfully our site is clean. If in fact you had been hacked
this would have basically this red color here. It would say infected or let you know that
there was a point that needs to be given attention to. If that is in fact the case, you need to go ahead
and connect with Sucuri. It shows you basically how to get over here and
protect your website today. This is not a completely free option. You will end up, if in fact your website has
been hacked, you will have to pay a little bit. In the grand scheme of things it’s completely
worth it, verses starting all over and losing all of your content. This should get you access to a nice cleaned up
date base. They should be able to remove any
malware or anything infected for around $300; but, then that
protects your website throughout the entire year. So, that’s pretty spectacular. The other thing I want you to do is connect
with your hosting company. Because, the point of hack could
actually be through your… dare I say it… inexpensive or cheap hosting company. If you’re sharing a server with another website
out there that has been the point of hack, then they can actually get to your website
through your hosting company. That’s why it’s seriously important that you
have a strong, secure, great hosting company and I know that some of you are out there
on a tight, tight budget and really
GoDaddy or HostGator or one of those
less expensive hosting companies are kind of your choice; because, it’s
$50 for a year. But, again, in the long scheme of things, you might
want to invest in some premium hosting. Of course, you guys know here on our channel, we highly recommend wpengine.com and
this is who we have our secure servers with, so check out their support plans
and I’ll put a link in the description box below. You can get great hosting with them. Great support. They’re just an awesome company to have
helping you out. Alright, what if at this point, you say Kori
I can’t get access to my dashboard that’s gonna be probably hiring a pro. You can certainly go directly to
Sucuri and let them know, “Hey I can’t even get into my website”. So, again, I’ll put the link to these guys in
the description box below and you can connect with them. Ask them for help. I’d also recommend wpfixit.com. They’re a little less expensive. It’s a one time cost. But, they don’t stay with your website the
entire year long. It will remove all infected files and do a
nice clean up, though. I definitely recommend these guys. I’ve heard some awesome reviews on
them. So, heres the deal, now that you’ve done
these two things, we’ve tried to find out if we have a backup
to roll back the website to a previously good saved version. If that didn’t work, then you want to scan your
website to be sure that you know exactly what files were infected and then have
Sucuri remove them. Then, the next thing is to seriously tighten up
security on the whole website. This is step number three.
I need you guys to go change all your
passwords. That mean passwords for your hosting account. So, go over to wherever you’re hosting and be
sure to change that password. Make note of what the new password is. I want you to go change your password on
your WordPress dashboard. All of your users for that matter should
probably change their password. You should notify your users and let
them know, being very transparent is going to be key to this process. Especially if you’re a WooCommerce
website or accepting donations or some sort of a payment. These people’s information have been
compromised and you need to go ahead and send out an alert asking them to
please come back to the website and make changes to their password
for security purposes. You also want to change your password
on your email account, believe that or not. That can be an issue and it’s always good
to change those things anyway. Another thing you want to do is if there
are any users set up inside of your hosting account for FTP access. You either want to remove those users or
change their passwords. Again, that’s a point of access to seriously
important files on your website. Another thing you have to do to tighten up
that security is change your secret key. This is interesting because you might say “I don’t even know what that means, Kori”. I’ll put a link to this in the description box
below. It’s over in the Codex for WordPress. Down here toward the bottom it’s gonna give you
a little bit of instruction on how to change your secret keys. The reason why this is important is because
if a hacker has come into your website and left any cookies behind, even removing
the infected files, there could still be a wormhole basically. An opening to these hackers because
of files that they left behind. So, it’s very important that you make this
change as well. Now Sucuri will help you do this or if you
want to be the one that does this manually you can jump in there, as well. You certainly want to consider taking on
this step. Ok, you can also add in an extra security
plugin. If you say to me, “Kori there is no way I
can afford higher end hosting company that would provide all this for me.” Bummer, first of all, because WPEngine gives
you daily backup, so you know that you’ve got a backup in place and one click restore button. Just in case something does go wonky or weird,
your one button up and running. So, in the amount of time that you’ve already
watched this video, you probably could have clicked that one button and had your
website right back up and running without any issues whatsoever. Again, I can’t stress enough the importance of
partnering with your hosting company. Especially if you website is your livelihood or
your entire entity of writing if you’re a blogger. You certainly want to be sure that you have
a backup in place for your website. If you say to me, “No, again, I can’t afford
something like that.” This security plugin is a great option to put
into your website. This is a free plugin to limit login attempts. This is basically if a robot comes to your website
and continuously is trying to fill out the user name and password, trying to crack your codes. This will limit it and you set how many
(maybe four times). It will lock down the website and not allow
someone to get access. It’ll alert you, as well, saying “Hey, you’ve had
maybe 30 attempts in the last two minutes on your website.” and you know that the hacker is back at your
door step. Alright, again, notify any of your users. I want you to take note again of WP Fix It and Sucuri. Either one is a great option. I highly recommend either one for you. You know, if it comes down to it and you
just need a pro to help you, you can always reach out to us, as well;
but, typically, if you’re reaching out to any sort of a WordPress web design firm,
we’re going to these guys. So, cut out the middle man. Jump over to Sucuri. Jump over to WP Fix It and see
if they can help you restore your website. Stay calm. It’s going to be possible. You’re going to get it figured out. I hope you all are having a great one. I will see you next WordPress Wednesday. Bye, y’all.

16 Comments

  • Cori Leigh

    Love your videos Kori! Everyone using WordPress needs this information! Getting hacked is not a pretty thing for sure! Awesome plugin suggestion! Interesting about Hosting Companies! Thanks for your great videos!

  • Mario Silva

    You mentioned a robot trying to brute force into a wp site and recommended Limit Login but is it possible to nip it in the bud and change the urls so that the robots can't find them?

    For example, I was looking at maybe hiding the urls or changing them with the Hide My Wp plugin but I don't know if that would create all kinds of chaos with other plugins or assets.

    This is the plugin: https://codecanyon.net/item/hide-my-wp-amazing-security-plugin-for-wordpress/4177158

    Thanks, Kori! 😀

  • zahi renawi

    hello. i have wordpress.org. i try to setup some plugin. but i cant find them. i try to search aliplugin. and ebayaliimport. but when i try to find them by searching. there is no result found

  • Jair Klarfeld

    Hi Kory – I have learned a great deal from your videos – Thank you for doing them!! I know that you use WPEngine for your hosting.

    If I went with them as my host – would I be in a shared hosting plan or what? Do they have their own servers or are they using other providers for their servers.

    Thanks again!

  • Robert Reid

    just updated to SSL using a force redirect to https…but not sure how the edit .htacces file.. and with what code.. could you make a video on this please.

  • **SeeYourStar**

    sorry fi cross posting, but im still havin gissue of 40+ failed login attempts succuri isn ow teleign me, siteground (hosting company) said edited txt file so stil serachable but will stop the "bots"? but im ver nervous why this is happenign so soon and what to do about it, hasn't been hacked yet but someobody or bot or wathever is constanly trying what to do?

  • Stacy Tavassoli

    I'm so confused right now. I downloaded an ithemes security plugin a few days ago and noticed file changes are happening every day, even on days I haven't even logged in and visited my site. I assumed I'd been hacked, but when I run a sucuri scan it says everything looks good and there's no malicious viruses and everything is working good.

    However just today I can no longer see the changelog that was showing me what files had been added or changed, now I'm just automatically directed to a 404 page not found!!!! Do you know what's going on? and how I can fix it?

  • Ronnie Savini

    Hi, Kori I have a question about websites that have been hacked.  Can a website that shows "this site may have be hacked" in the Google serps be reused if you purchased the domain and put it on brand new hosting?  With brand new fresh install of wordpress?

  • Rao T

    Hi Kori
    Nice tutorial
    please share me how to hide source code in word press web site
    how to hide word press plug in details
    Thanks

  • Khalid Kobe Ikram

    Really good video Kori. I see you are using Sucuri. As you may know im a newbee! And i want to install a plugin or secure my WP site. I have been recommened Hide My WP. How would you compare "Sucuri" to "Hide my WP"? Which is the better? 😉

  • Udit Antil

    Hello mam, this is Udit Singh I am from India. I own a website on fitness and fashion as lifefitnessfashion.com and someone hacked it. If u visit it you will see it takes you to some other site than taking you to my fashion and fitness blog. When we visit the site the domain name is same but wedsite which opens is different. So, please help me tell me how to get my site back. Please please please I really need your help.

Leave a Reply

Your email address will not be published. Required fields are marked *