
There’s nothing worse than realizing that your website has been hacked. It feels very personal, even though the attack is totally random.
Dealing with a hacked website can take up hours of your time talking to your hosting company, cleaning the site and dealing with any additional issues that might have popped up. That’s best case scenario. Worst case scenario: your entire website has vanished overnight.
The good news is, if you have been hacked, it’s not the end of the world. Use this guide to help prevent hacks, clean up your site and restore it if it has been hacked.
Why Did My Site Get Hacked?
If your website has been hacked, it’s most likely because there was a hole in your site’s security, leaving the door wide open for a hacker. When a website gets hacked, it is most often a crime of opportunity. It could be as simple as having an easy-to-guess password (“password”, anyone?) or as complicated as a plugin having a security hole.
When your website is hacked, it may not always be noticeable. Instead, changes might be made to files that you typically do not access, like your .htaccess and .php files. Even if you aren’t aware, often times, Google is aware.
Why Did Someone Hack My Site?
There is a variety of reasons websites are hacked, including money or information gain, web activism or the spread of viruses.
Many also don’t have a good reason to hack your website, similar to email spam. There’s no reason for it, but people are constantly affected by it.
What Can I Do to Prevent Hacking?
Hackers are smart, so there is nothing you can do to make sure your site is 100% protected, but these tips will help keep your site more secure.
- Keep WordPress, any plugins and other software up-to-date on a weekly basis (or more often).
- Be sure to change your password every few months and use a password generator to create a stronger password.
- Backup your website with an external plugin so you always have a copy of your site in case your entire site is lost.
- Install a free plugin like WordFence to run security scans of your site. It will detect any suspicious activity and alert you via email.
What to do if your site is hacked:
- Once you realize your site has been hacked, call your web hosting company and see if they offer any assistance.
- If they do not and you are unsure of how to remove any malware or hacker code, I recommend working with a third party service like Sucuri to clean your website.
- Once your website is clean, make sure software and plugins on your website are up-to-date.
- Change your website password.
- Schedule in-website maintenance for the next few months to keep your website safe.
Having your website hacked is a stressful time suck, so make sure to prevent it by keeping your website up-to-date and backed up. If you want help making sure your website is secure and up-to-date, book a website audit with me today!