Check out what to do to remove malware and clean a hacked WordPress
Before we start talking about how a WordPress site is hacked, let’s remember an important fact: a website is the main channel for acquiring business opportunities on the Internet, as we always say here at Rock Content.
We also emphasize that it is necessary to choose a CMS, being WordPress the most recommended because of its operational simplicity and functions focused on generating results and providing security.
So, think about your well-developed site, conquering more and more Google positions and even converting visitors into leads or customers.
This is the scenario that all companies seek to achieve, right? But, what if you suddenly find out that the worst has happened? Your site was hacked!
Whoever has been through this knows how hard it is. If you have never experienced it, imagine the following situation: someone breaks into your physical store and loots it. Terrible, isn’t it?
Right, that’s what could happen to your online business once a hacker invades it. Maybe your site gets slower, maybe some data is lost, or maybe all the files are stolen!
To instruct you on what to do in front of a situation like this and help you avoid this from happening, we have decided to write this article. We will discuss the issues below:
- How to know if my WordPress site was hacked?
- How to solve a hacked WordPress site?
- How to prevent my site from being hacked?
How to know if my WordPress site was hacked?
When a WordPress site is invaded, its administrator certainly goes through a lot of headaches. After all, the longer the site remains hacked, the more opportunities from possible new sales you will lose.
However, it is necessary to stay calm at this point and try to figure out the source of the hack. This is essential if we are to find the solution. After all, there is no way to build a solution without knowing beforehand how the problem came about, isn’t it true?
To do that, try to answer the following questions:
- Are your wp-admin login and password not working?
- Is your site redirecting to another (that has nothing to do with yours)?
- Does Google Analytics show access to unfamiliar content created on your website (most of it in other languages like Chinese)?
- Does Google Search Console point to your site as insecure?
If the answer to one or, in a worst-case scenario, all these questions is “yes”, it is a strong indication that your site was hacked. It is important to know this because, when contacting your hosting server, such information must be passed on.
What are the reasons that make a WordPress site hacked?
There are four points that justify what may have caused the invasion of a WordPress site.
1. Easy identification
WordPress is one of the most used CMS in the world, besides being easy to identify if a site is built on the platform.
Do you want to know how? Just access any site in Google Chrome, click on the three dots on the top right, choose “More Tools” and then “Developer Tools”.
If the site’s URL contains “wp-content”, it’s built on WordPress, and this can make it a potential “victim” if the proper precautions ― which we’ll talk about later ― are not taken.
The fact that WordPress is an open-source platform is very advantageous because it allows you to embed functionalities that meet your needs, such as plugins and widgets.
However, having the code change to anyone gives room to loopholes that are used by hackers to invade your site.
3. Theme and plugins
Anyone who knows programming can create a plugin and make it available on WordPress. Therefore, we stress the importance of installing only plugins that come from reliable sources. Some programs are created with the purpose of opening the path for invasion.
4. Manual updates
WordPress, as well as its themes and plugins, may not automatically perform updates, forcing the user to do it manually.
If your site does not receive the updates, it may become vulnerable to hacker attacks.
How to identify infected files?
Assuming your site has many files — including images, text, videos etc. — how do you know which ones have been infected by the malware? There are two ways to do so: checking the date and the log.
The data-check refers to looking at the history of your website when new files were added or modified.
For example: if the website was working normally on the 5th and you didn’t publish any files before the 10th, but on the 7th, some files were added or modified, it means that the invasion certainly happened on that day.
Another way to do this is through the log. It will pinpoint where the attack came from by identifying which IP was used to invade your site and make changes to it.
By knowing which path was taken, it becomes possible not only to restore the site, but also to protect it from future invasions coming from that same source.
How to solve a hacked WordPress site?
Now that you know how a WordPress site can be invaded, let’s see what should you do if it happens to you.
Contact the hosting company
Most companies that offer website hosting services are prepared to deal with such situations. After all, those who operate this type of service need to have a thorough knowledge of the subject so that they can help you solve such a serious problem.
Moreover, if your hosting is shared — that is, shared with other users who use the same server — the hack may also affect the other sites that use the same service.
For this reason, the customer support should be able to point out the origin of the invasion and, if necessary, to quarantine your site to avoid it from causing damage to the server and its users.
This kind of technical assistance is usually performed by chat or email. Many companies restrict themselves to inform the hack, being up to the client to solve the problem on their own, which can complicate the resolution.
That is why in Stage — a solution that Rock Content developed for creating WordPress sites focused on results — the support is dedicated not only to identify the root of the problem, but also to guide customers on how to solve it.
Create a backup
The backup is something that should happen on a daily, weekly, or two-weekly basis to preserve all the structure and contents of your site.
It is essential for blogs that post a lot of content, because have you ever imagined what a pity it would be to write articles that take so much work to simply lose them after the recovery of a backup?
So, when hiring a hosting server, remember to ask how often the backup is performed (in Rock Stage, for example, it’s weekly). You can also count on the help of backup plugins on WordPress to go back to the recovery point before the hack happened.
Restore the backup
Once you have built the backup, the next step is to restore it. We reinforce the alert that your site may have been hacked before you created the backup, that is, you will lose all posts, changes, and modifications made before the invasion.
If you have chosen to restore the backup via contact with the hosting server (which is the most recommended), the support team can do so, and your site will return to the settings it had prior to the hack.
Therefore, we suggest that you save your site’s textual content also externally — as in Google Drive — so that they are posted again if such a situation occurs.
After the restore is done, observe how your site performs and if the errors it was displaying are gone.
After all, in the same way that you can publish blog posts with retroactive date, hackers can also manipulate the date a file was modified. So the importance of making sure everything is ok.
Change your login and password
After following the steps above, it is also highly recommended that you change your login and password, especially if you have not been able to identify how the hacker has managed to break into your site.
For this reason, WordPress points out when a password is weak, medium, or strong, and you should always choose strong ones.
After all, some of these invasions occur after the hacker has programmed a bot to make several access attempts, making weak password sites more vulnerable to attacks.
How to prevent my site from being hacked?
If your site has never been hacked, this is great! However, that does not mean that you should be less careful. It can really happen to anyone. So, follow the steps below to improve the security of your website.
Keep your WordPress site updated
One of the safest processes on WordPress is to keep it always up to date; this applies to the CMS, themes, and plugins.
When a WordPress update is required, a message appears on your dashboard’s home screen. Since this is the screen you see every time you log in to the platform, you will certainly not forget to update it.
When it comes to the themes and plugins, you will probably need to check one by one in most cases. For this, just access “Appearance / Themes” or “Plugins / Installed Plugins” to check if you need to update any of them.
To give you an idea, around 35% of WordPress installations are outdated, so it’s important to check — even once a week — that all features are working properly.
Get an SSL certificate
The SSL certificate is used to transform non-secure (HTTP-initiated) sites into secure (whose URLs start with HTTPS). Currently, most servers offer this certificate for free, you just need to request it.
This is essential not only for visitors to know that your domain is secure, but also because virtual security is one of the criteria Google takes into account to position your site in search results.
Ensure that your system monitors firewalls
The firewall is a device whose purpose is to assign security to your site by controlling data traffic, allowing the transmission only of those who are authorized. Therefore, make sure that the hosting server provides this function.
Give preference to the WordPress platform
Although said that the CMS has security holes, they occur if you do not do what we have pointed out throughout this post: install the updates, do not get themes and plugins from questionable sources, among others.
After all, WordPress is one of the most secure platforms there is, starting with security features such as Really Simple SSL.
Count on two-factor authentication
Two-factor authentication is a process that makes your site login stronger. Through it, besides having to enter your username and password, it is also necessary to authenticate your entry via application, token, magnetic card, SMS, or email.
Of course, this makes the login process take longer, but on the other hand, it increases your website’s connection security, making any kind of invasion extremely unlikely to happen.
By following these tips, the chances of having your WordPress site hacked decrease dramatically. So, you can focus your attention on managing your digital strategies based on it.
WordPress is the most widely-used content management system (CMS) in the world. Creating a blog on the platform is the perfect way to structure and optimize your digital strategy. Check out this WordPress guide for corporate blogs and learn more!