When error messages come up, it’s never a good feeling, especially when it comes to your business. In the unfortunate circumstance this happens to you, we have compiled the top 11 tips on what to do if you suspect your website has been hacked.
1. Stay Calm! There is no need to freak out. It’s just the web, and things can be fixed. This is not the end of the world, so take a deep breath and remain calm.
2. Check in with your hosting provider before doing anything else. This could be a larger issue that’s not just related to your site. If so, the hosting provider may be able to help you with the issue. It could be a full WordPress vulnerability, which would require a patch created to fix the problem and would be provided by WordPress. They will be able to tell you if this is a hack or not. If the website is down, it could be other things wrong with the host (such as maintenance), and might not be a hack on your specific website.
3. If you have a backup of your website, restore this version of your site. If not, then proceed to the next step.
4. If your site has potential to do harm to any visitors or damage your business reputation, it’s best to take the website offline while you resolve the issue. In the meantime, you can put up a temporary “under maintenance” or business splash page so that customers are not confused or concerned when they visit.
5. Review any and all logins and accounts related to the site. Start with any admin or user accounts in the content management system (CMS) and remove any unnecessary accounts. Then, reset all passwords. A large majority of hacking is through brute force attacks, so it could be due to a weak password. Make sure that any passwords related to anything linked to the website are also updated, such as hosting account password, email, FTP and database passwords. As a standard practice, we suggest keeping the number of admins to a minimum — who is actually using this actively? Maintain only active accounts, which are there to ensure things are taken care of efficiently.
What makes a good password? A great password should utilize a combination of upper case and lower case characters, numbers and symbols with a good length. Any names or words related to the business is really easy for brute force bots to figure out.
6. Use a security service to scan all files and directories in your site. If you are a CMS like WordPress, you can scan them against the known good versions and they can restore those based on what it knows to be the right versions. Then, locate any additional files that have been added that contain potentially malicious code and remove all of these areas if needed.
7. Make sure that your CMS, and all installed plugins and themes have been updated to the most recent versions. Sometimes this isn’t enough, as themes or plugins are no longer supported by the developer and haven’t been updated in a year or two. If it is no longer supported, it is best to change to a theme/plugin that is being supported with frequent updates. We have had clients in the past with plugins with major security vulnerabilities, while they were not hacked, it does make them more susceptible to be exploited for access.
8. Check with Google and any other blacklists that your site may have been put on to inform them that your site has been rectified and repaired, and request that it be removed from the blacklist. Google’s big red screen with a “proceed at your own risk” warning comes up when clients attempt to access your website; hence, why it’s so imperative to ensure you are removed from this blacklist.
9. Have an anti-virus on your actual machine that you are utilizing to manage your website. It is unlikely, but possible, that a hacker has accessed your machine and can read keystrokes to regain access.
10. Once all is cleaned up, ensure your site has some sort of security plugin or monitoring. It’s a good idea to have a site plugin or external service that conducts regular site scans.
11. Some additional measures you can take include:
- Review your content delivery network
- Utilize a two-factor authentication
- Ensure your firewall is operating properly
- Whitelist your IP address so that your IP is the only one allowed to access the site’s back-end
We take the right measures to ensure that your site is as safe and secure as possible. Our methodical procedures help protect you and your business. As a result of these practices, we haven’t had any actively monitored websites hacked in years. We conduct daily backups, regular scanning, and limit administrator users and passwords.
If any of this is confusing, or you need more support, please contact us or another web service professional to assist you in this area.