Recovering your website after you’ve been hacked

CW_Hacked_Website_B

Hopefully this will never happen to you. But for lots of creatives who run their own websites, one day they went to their website and instead of seeing their homepage, they saw this big scary screen.

Google_malware_screen

That happened to me a couple weeks ago. And yes, if you can see this screen, everyone who visits your website can see it too. That’s not the welcome you want.

This wasn’t the first time I’ve had to deal with a website that’s been hacked. During my years as a freelancer cleaning up a hacked website came with the territory. I was prepared to deal with the problem, only to find that the scary warning screen had been replaced with this:

account_suspended

Yup…my website had been so badly hacked that my web host shut it down. That all happened before I had my morning Frappucino.

So…

Hacked website…no access to fix it…what do?

Don’t Panic!

That’s much easier said than done. If you see a big screen warning you that your site is too dangerous to enter of course the first thing you want to do is panic. Or throw something. I wanted to do the latter. I hadn’t had my Frappuncino yet after all…

But it’s not the end of the world though. If you act quickly and calmly you may be able to get your website back online fairly quickly. So, take a deep breath and keep reading.

So what’s a website hack anyway?

It’s always good to know what you may be dealing with. Website hacks can come in several forms, such as:

Brute force attack– One of the most common ways a hacker will gain access to continually log int your site until they crack your password.

Malicious code– The hacker gets into your website or the database that runs your website and inserts some pretty nasty code that can potentially suck up private information from the people that visit your website, spread spam or viruses to other computers, or gain access to the computers of the people visiting your website.

Pharmaceutical hacks– This type of hack allows the hacker to hide links to spammy pharmaceutical sites or websites that sell knockoff items like designer watches and accessories. These links are often hidden in the body of your web pages or blog posts or sometimes in the header of your website.

pharma_hack

Malicious redirects– In this type of hack, the hacker uses your website to redirect your visitors to another site. The diabolical thing is that the basic shell of the website may look like yours, but the content within it is not.

Lock outs– In this type of attack a hacker gains access to your login credentials and completely shuts you out of your website. Which also gives them the power to pretty much do what they want with your website.

Backdoor exploits– These attacks can be pretty hard to track down and resolve because it involves a hacker creating a “backdoor”, that is a hidden entry into your website that allows them to access it whenever they want. Because backdoors are meant to be hidden and hard to get rid of the hack can reappear even after you think you’ve cleaned it off.

So why my website?

So why did someone hack your website? Well, simply because they could. In most cases, it’s usually because your site was left vulnerable in some way and the hacker exploited that weakness. Maybe had a really weak password that you haven’t changed it in the past 5 years. Perhaps the security on your computer was weak and the hacker entered your website through an insecure internet connection. Or maybe the hacker came though a security hole in an old version of WordPress or an old theme or plugin.

Most website hacks are usually due to poor security and simply not keeping on top of updates and maintenance. Which is partially good news, because there are some things you can do to prevent these types of attacks (more on that later).

So why did someone hack your website? Because they could. Click To Tweet

I’ve been hacked…what do I do?

So, what if one day you open up your website and see the Google red screen of death? Here are some steps to take immediately.

  1. Contact your web host– The first thing you need to do is contact your web host and let them know what’s going on. Take a screenshot of that big scary message you saw on your website and include it with your support ticket. If your web host shut down your website, contacting them will let them know that you’re aware of the problem and that you’re trying to resolve it. They may even give you some pointers as to how you can start the clean up.

  2. Check the date of your latest backup– Ever wonder why backing up your website is so important? This is why. If you have a recent backup of your website that you’re fairly sure happened before the attack, then you can revert your website back to it’s pre-hacked state fairly quickly.

  3. Do a scan of your website– Sucuri has a free website scanning service that can find and pinpoint hacks, spam, and malicious code. So instead of poking about completely blind, you’ll have some idea of what you’re looking for.

    Securi_Scan

  4. Remove the hacked code– Once you’ve scanned your website and have an idea of where the trouble is you can go in and remove it. To do this you need to be fairly comfortable with using FTP, building htaccess files, and with messing about in WordPress (or whichever platform you’re using for your website). If what you just read gave you a case of hives, you need to find someone who has some experience with doing this or alternately you can pay a service like Sucuri to do this for you.

    If you have a recent backup of your website that you’re fairly sure hasn’t been hacked, you can restore your website using the backup file…which is much easier than going file by file and seeking the hack out. If you don’t know how to do this contact your web host’s support department and they should be able to step you through it or they may do it for you.

    If you don’t have a recent, clean backup and there is a lot of damage to your website you can also try completely reinstalling WordPress. You also want to try this on websites that didn’t have a lot of customizations to the theme you’re using.

    Because the hack that crippled my site was so extensive, I decided to wipe everything out and start fresh. This is how I went about it.

A recent, clean backup of your website is one of the quickest ways to recover from a hack Click To Tweet

A quick and dirty guide to reinstalling your WordPress website

This is just a quick rundown of how to rebuild your website with a fresh installation of WordPress. Remember, if you’re not comfortable with doing this, get someone with more WordPress savvy to do it for you.

  1. First backup all of your website files and databases. Why? You want something to go back to in case things go sideways…even if it’s your website in it’s currently hacked state. Then change your passwords before you proceed.

  2. Gather fresh copies of your theme and all your plugins. Don’t get them from your website files, download the most recent versions directly from plugin or theme developer’s website.

  3. Take a deep breath…then delete all of your WordPress files on your website. If you installed WordPress through cPanel or some other automated method, uninstall it that way.

  4. Reinstall WordPress. Then install the fresh copies of your plugins and theme.

  5. Check your website to make sure that images and links are acting as they should.

  6. Run Sucuri’s website scan to make sure that all of the malicious code is gone.

  7. Once you get the all clear…backup your website…immediately.

  8. Change your passwords. Yes, you’ve already done this…do it again now that you’ve cleaned your site.

If your password is your pet's name, birthday, or 'password1234' you're begging to get hacked Click To Tweet

Keeping your website hack free…

…or a least close to it. Even the most secure websites can still be hacked…especially if a hacker is determined to get into it. Fortunately, many of the most common hacks are of the fairly lazy type that can be deterred with a bit of basic maintenance and caution.

  1. Backup…regularly and often– The quickest way to recover from a website hack is by restoring it with a recent backup, which means that you need to back up your website regularly and frequently. At bare minimum, you should be backing up your website on a monthly basis. If you have a blog or you’re making frequent updates to your website you should be backing up weekly, perhaps even daily.

    If your website is run on cPanel, using the manual backup feature is a pretty simple matter. You just need to schedule a regular time to do it. If you want the security of automatic weekly or even daily backups you can use a service like VaultPress or Manage WP for as little as $5 per month.

    full_backup

  2. Keep your website updated– Making sure that you’re running the latest version of WordPress as well as the most recent versions of your plugins and themes is generally painless…and necessary. Like keeping a backup you have to make time to do it. The hack that caused all of my website drama was due to a security hole in my website theme. A security hole that had been fixed in the latest version…which I hadn’t gotten around to installing yet. So lesson learned the hard way.

  3. Log into your site on a regular basis to see if anything needs to be updated. Updates usually take less than a minute. Even better, you can sign up with a service like ManageWP which will automatically update your plugins and themes.

  4. Remove unused themes and plugins– If you’ve had your WordPress website for some time, you may have some deactivated themes and plugins hanging around that you don’t use. This is dangerous because a theme or plugin doesn’t have to be activated for a hacker to exploit any security holes. They just have to be on your website. And if any of them hadn’t been updated to the latest version you’re pretty much laying out the welcome mat for a hack. Take a few moments to deactivate and delete any themes and plugins you aren’t using. You can always reinstall them if you need them later.

  5. Use a good web host– While spending $4 per month on web hosting can be kind to your wallet, it’s not worth it when your website is crawling with malicious code and you can’t get a hold of support to help you out. Cheap hosting is cheap is because they often save money by scrimping on support, security, and regular maintenance. If you can afford it, you can use a hosting service that specializes in hosting WordPress websites like WP-Engine. Features like automatic security updates and backups, and WordPress sites optimized for speed may eliminate a lot of headaches for you…especially if you don’t want to deal with the day to day maintenance chores.

  6. Harden WordPress– WordPress is great for running a website or a blog but it’s not hacker-proof right out of the box. There are a number of things you can do to “harden” or make your WordPress website more secure. Again you’ll need to be comfortable with poking about WordPress, so if you’re not find someone who is.

    The WordPress website has a good basic article on what WordPress hardening is. You can also check out the 12 Ways to Secure Your WordPress Site You’ve Probably Overlooked article on the wpmudev website. Lots of good practical tips there as well.

  7. Choose strong passwords and change them regularly– If the password to your WordPress website is your pet’s name, your street address, your birthday, the name of your favorite Star Wars character, or password1234 you’re begging to get hacked. The best passwords contain a mixture of numbers, letters, and symbols in both upper and lower case and are typically at least 7 characters long. The less your password looks like a name or the date of something the better…and the longer the better. If you’re having a hard time coming up with a secure password, you can try using Norton’s Password Generator.

    And you should have different passwords for your cPanel or FTP and for your WordPress login. After finished cleaning up my website, I changed the passwords for both my cPanel and my WordPress login to randomized passwords, because I don’t intend for anyone to guess what they are. You should also make sure that you change your passwords on a regular basis as well. A good rule of thumb is to change your password every 6 months to 90 days.

    Is it a pain to keep up with such long complex passwords? Yes, a bit. Is it a pain to change your passwords every 90 days? Sure. But it’s a bigger pain to clean up a hacked website…trust me, I know. One way to make it less of a pain is to store your passwords in a password keeper like LastPass or 1Password. These applications can store all of your passwords for you, automatically log you into your website and other accounts and they can generate super secure passwords for you.

  8. Install a security plugin– A good security plugin can do several things. One, it can make your website harder to hack by automatically securing common entry points for hackers. And two, it can help you stop a potential hack in it’s tracks by notifying you when there are unauthorized changes to your website. The Securi Security plugin includes website scanning, WordPress hardening, and a monitor that can help you detect unauthorized activity on your website. Another plugin named Wordfence offers similar features. To prevent brute force attacks you can try a plugin named Login Lockdown which limits the number of login attempts someone can make to your website.

  9. Use a firewall on your computer– Sometimes the culprit isn’t a security hole in your website, but a security hole on your own computer. Hackers can access your computer through an insecure internet connection where they can find out how to access your website by using a keystroke logger or some other method. Good firewall software like Norton Internet Security or Zone Alarm can help keep hackers from gaining access your computer with an unauthorized internet connection. Make sure you install the firewall before you change any passwords to your site. This will help shut out the hacker from your computer and keep them from seeing your new log in information and using it to regain access to your site.

  10. Keep your log in information safe– Sometimes all a hacker needs to gain entry into a website is some good old fashioned negligence on your part. Don’t leave your log in information lying around. Be very careful of who you’re sharing your log in information with. If you have to give someone else access to your website, create their own log in credentials so they don’t have easy access to yours and only give them the minimal amount of access possible. And avoid using a public computer to log onto your website.

Running your own website can give you a lot of creative freedom, but with that freedom comes the responsibility of keeping it secure. A website hack can happen without warning. Acting quickly can help minimize the impact of the attack. And with a bit of knowledge and the right precautions you can help keep your website hack free.

Join the newsletter

Creativetoolbox_250

Subscribe to get our latest content by email.

Powered by ConvertKit

, ,

No comments yet.

Leave a Reply