It's the nightmare of every business: you find out that your website has been hacked. Suddenly, the private and financial information of your entire customer base is at imminent risk. You need to act quickly to ensure the vulnerability is fixed sustainably. Here's what you should do when your WordPress site is hacked.
1) Take Your Website Offline
Don't take any unnecessary risks by assuming the breach was a one-time issue. Your hacker may still have access to your system and backend, and will be able to get in and out as they please while your website is online. The only possible solution to prevent the problem from becoming worse is taking your website offline.
You may be hesitant to do that. While your website is offline, links to it will be temporarily broken and potential customers may not be able to find you until your online presence comes back to life. But is that really worse than the potential of a major data breach? Whether you use your site to generate leads, conduct e-commerce, or simply maintain your brand, the answer is a clear no.
2) Assess the Damage
Once your website is offline, it's time to find out what exactly happened to it. What did your hacker(s) try to achieve? Where they looking for personal data, or looking for control of your site for other reasons? They may use it to send spam on your behalf, significantly damaging your brand image as a result.
You can find potential breaches and their purpose by checking your server logs for suspicious activities. Hackers may have tried and failed to log in or created user accounts you may not know about. From there, you can follow the new users' activities to see their actions. Modified or uploaded files that don't belong on your server are another indication of a hack.
3) Repair the Site
Once you've found the vulnerability, it's time to repair your site. Here, you can go granular in fixing the exact changes you notice in your server log and removing new or unusual files on your server. Alternatively, you can go for a full-scale reboot that is sure to remove any vulnerabilities.
A reboot, of course, requires significant setup to get your site back to where it used to be. There are several ways to restore a backup to your WordPress site to help reduce the amount of work necessary, but it will not get back to the exact point before it got hacked. At the same time, a full reboot offers the most comprehensive fix for any potential hacks.
4) Run a Post-Scan
Finally, WordPress recommends that even after you think you have fixed the hack, you should run a post-scan that helps to ensure all traces of it are gone. By the time you get your website back online, you want to be absolutely sure that the hacker (or others) cannot get access as they did before.
You can use a number of WordPress plugins that help you detect any traces of a hack or malware. These plugins can be used both for an initial scan (Step 2) and a post-scan, helping you find the issue and ensure that it's gone.
If you are a frequent reader of this space, you may have noticed that we tend to advocate against WordPress as your CMS solution. Its open platform nature means that your site may be vulnerable to hacks and security breaches, the nightmare of any business using its website to collect personal and financial information.
Hopefully, this post gives you some insight on how to handle an attack on your site if it occurs. If you are currently using a WordPress CMS, make sure you do your research and learn how to protect yourself from attacks. Consider alternative options to WordPress like a custom CMS as another preventative measure.