Yes, that’s possible. You may wake up one day, and your site just won’t be there. Everything that’s left after will be a text message or an email telling you that the proverbial windy day has arrived, and you have no control of your mongrel out there. What could you possibly do?
The first logical reactions are anger and panic, and that’s good because it shows that you’re up for reaction, and you’re ready to attack the hacker back. Obviously, try to stay on the safe side and don’t let yourself get to the point of a mental breakdown: it’s still up to you to stand up on your feet and to fix the damage.
How does it happen?
WordPress is a relatively resistant platform, in fact, more resistant than most of the platforms out there, but that doesn’t make it absolutely safe.
There are a few strategies you can use to ‘mask’ your website in front of hackers. The first thing you should do to stay safe of hacks is to keep your WordPress version updated and to avoid installing plugins which can have harmful effects and make the site more susceptible to attacks.
There many things that may cause WordPress’s proneness to hack attacks: themes, plugins, extensions, etc. Here are the most common types of attacks:
- Backdoor attacks: Hackers love weakly-coded plugins and themes, as well as outdated WordPress versions because those give them a shortcut to your website. Backdoor attacks count as the most serious ones since the first thing hackers will attack is the administration area, where they can cause severe damage, or even inject a malicious code. If you’re being attacked through backdoors, it means that you’re dealing with a smart hacker who can find a way to re-access your website even after the exploited plugin has been removed (how to safely remove plugins, by the way);
- Redirect attacks: During a redirect attack, hackers are trying to reroute traffic from your website to another one that is malicious. We can only wonder what type of website it may be, but it will be more likely installing viruses on visitor’s systems or stealing their personal info. Obviously, redirect and backdoor attacks are interconnected, since hacker attack backdoors first to scan the software for vulnerabilities, and then to complete the redirect.
- Script injections: Hackers use the code vulnerabilities to allow forms to withdraw personal information for login forms, and send it to their database. Once they’ve achieved this, they try to install software on visitors’ machines and use spoofing to pretend that they are running a legitimate application. The most recognizable feature is an apparently ‘friendly’ pop up that informs you that the device is infected and you have to scan it.
Consult the hosting company
One of the benefits you get from paying to a reliable hosting provider is that you get help when your system is infected. Most of the time, there will be an experienced team to take over the situation, or at least to provide guidance that can improve hosting services. Therefore, contact the host and follow its instructions.
It’s not rare for the hack to attack more than your website, especially when working on a shared hosting. This is also a great opportunity to consult the host and to ask about the attack, mostly because you need to know how the hack originated.
If you’re lucky enough, you can even find a host that will completely handle the situation. Check out some of the best hosting companies in the market.
Take the site down right away
You can do this by renaming your index.php file in the root directory, not by simply putting an index.html page, but by halting traffic entirely on whatever blog page. While replacing your index.php page, upload a simple file saying that the site is offline due to maintenance issues and it will be on shortly.
The reason why you have to do this is that most hacks are automatic, instead of manual, and they’re being performed with malicious codes attaching themselves to writable installation files. That basically makes it possible even for a random visitor to re-infect files that you’ve already considered repairing.
Copy the site that has been hacked, and access the log files
You must do this, don’t even think of skipping it. The hacked website must be backed up (how to backup in the right way, check our post), and all log files must be accessed for you to estimate the malicious codes and to find out how hackers made it to your database.
Backing up your website should be easy, either with a specific tool or SSH access and the following commands:
mysqldump -uUSER -pPASSWORD DB_NAME > your-site-folder/DB_NAME.sql tarzcvf backup.tar.gz your-site-folder
Restore the site from a point prior to the hacking
Unless the site hasn’t been backed up, you can go and restore it from a point where it wasn’t. If you can do it, you’re safe, and there is nothing to worry about.
If it’s a blog that changes content day-to-day, restoring can mean losing posts, comments, and feedback, and you have to evaluate whether is more worth to you to restore the old version or to try and find another way to deal with the problem.
In the worst case, namely, not having backed up the site (or being hacked quite a while before you’ve noticed), you can preserve content by removing a hack manually.
Get rid of the malicious code
An alternative way to clean and save the site is to locate all affected files/database tables and to remove the malicious code manually. It could be either simple or very complex, depending on the nature of the hack.
Both cases require experience and Bash/Perl efficiency, so that you can test the files and replace the strings, and remove the malicious code from all files at once. In case this is not your cup of tea, ask for professional help.
The most comfortable option is to ask the host to do it, especially if you’re using paid hosting. If this option is not on the table, browse for security companies that provide this type of services, namely detecting and cleaning malware.
Still, if the service is automated, don’t rely on it too much. There is no software that can detect evolved infections as good as the human eye, so don’t expect it to remove the malicious code completely. Therefore, even after the cleaning is done, review the files manually, and check whether everything is fine.
Screen archived logs and attack records
Even once your website is completely clean, you’re not done. You have to inspect the reason why this happened and to discover the tactics of your attackers in order to keep the site safe in future.
This information is usually kept on the access log files, including FTP, SSH, control panel, and the file manager. There are a variety of ways to perform a hack, so your system is more vulnerable than you thought. Worst of all, there is no possible way for you to know the structure of their access, but you should at least try.
Update your antivirus software regularly
Using the latest version of your antivirus software is essential for your security because it contains the most recent virus-definition files.
Keep the site secure in every possible way
Unfortunately, most of us understand the importance of keeping a website safe after it has been attacked. Ever since we try to make the impossible to protect our website from all prospective compromises.
The reason why you have that website is that it contributes to your business, and that makes it quite important to protect and maintain. Your website security should be your number one concern.
If you can’t afford the time to deal with WordPress every day, consider some type of protection like Sucuri – the plugin monitors hacks and viruses and helps to fix installs.
There are many other programs you could use, so don’t worry if you have no time or no technical skills to take care of your website’s security.
Usually, people start to think about website security only after an incident or an attack already occurred, but in most cases, the consequences of such events are irreversible. This is why keeping your WordPress website safe is an essential step. If you have some personal protection tips, feel free to share them with us through a comment.