Help! My Website Has Been Hacked!
If you are lucky, you do not know the sudden panic caused by realizing your company website has been hacked. Hopefully you already have things in place to proactively detect if your website has been compromised. Even better, you have a web team that is on call and ready to jump in when this occurs. Once it is cleaned up, how do you prevent your website from being hacked again in the future?
Who Hacked Me, What Do I Do Now?
Your company website has been hacked. 99.99% of the time this means a bot has found a vulnerability on your website and now they are placing spammy ads as blog posts or injecting your website with malware in hopes to infect other people’s computers. Most of the time when your website is hacked, it is not a hacker in a dark room targeting your website to take your company down. No, typically it is a bot that scans thousands of websites an hour looking for specific vulnerabilities that exist on the most amount of websites. This makes it a bit easier for a web company like us to get in fast and clean it up, we are typically finding the same thing over and over again.
Get proactive about detecting threats. We love a plugin called Sucuri. It allows you to be notified anytime a file is uploaded or modified. The notifications let developers knows if something suspicious happens and they can go check on it right away before customers are potentially exposed. It also keeps a log with time-stamps and usernames so you can see exactly what was changed, by who and when. It is a great tool for retroactive response to a hack.
How Do I Stop This From Happening Again?
If a bot is typically searching the web for the same common vulnerabilities, why can’t you stop it? We can! We can try to at least. Hackers and Web Developers are constantly in a game of cat and mouse. Hacker finds a vulnerability, developer creates and patch and releases it. In our case, with WordPress, this typically happens before hackers even realize there is a vulnerability. A great feature about WordPress, they have an amazing community of developers constantly fighting to stay ahead of hackers. Luckily when kept updated, WordPress is extremely safe and stable. The best way to stop a hack before it happens is to keep your WordPress core and Plugins up to date. The second best thing you can do is get on a secure hosting platform designed for WordPress. This allows the host to put rules in place that are designed for WordPress specifically that can help to stop the most common attacks. Better yet, find a WordPress host who offers a secure firewall, real-time threat detection AND automatic WordPress updates.
In the end, any website can be hacked. We see major companies with million dollar security teams compromised monthly in the news. Luckily your website probably isn’t a high value target for a hacker to target specifically. If your website is going to get hacked, it is likely by a bot scanning for a set list of specific vulnerabilities. When that is the case, a secure WordPress hosting provider can likely stop the attack before it even starts!