Was your WordPress site hacked?! Don’t panic! It’s true, I know it’s difficult, but you can’t panic… believe me it can happen to everyone (it’s even happened to us!!!). We will help you!!!
First of all, are you sure that your WordPress site was actually hacked?
To begin with, it is a good idea to understand if your website has been hacked or if, for some reason, the problems you are having on the website have another origin. For example, one of the most common reasons why your website is acting less than normal could be that your server space has reached its limit!!! It’s true, something so simple… In addition, here are other common problems:
- Errors in website updates;
- Errors in plugins;
- Technical problems on the server;
- Or even a combination of all these factors.
Some of the “signs” that your website has been hacked are:
- Banners, popups or images not added by you with “strange” content and other visual changes appeared;
- Your website is redirecting users to other malicious pages;
- Your hosting management informs you that it has detected malicious access to your website.
There are many “signs” that will catch your attention, and you should always pay attention to everything that happens on your website.
I’m sure my WordPress site was hacked, now what?!
Firstly, we hope you have a recent backup of your website! For example, our websites have automatic backups scheduled 24/24 hours. And this factor is a key point in not losing information if you have to reset your website. It is important that you make regular backups of your website.
Therefore, if you have a recent backup of your website, we suggest that you restore that backup, to have your services restored as quickly as possible.
Note: If you have an IT department, you may want your system managers to try to find out how your site was attacked so you can more effectively prevent future attacks.
Secondly, you must ensure that you do not have any malware or viruses in your WordPress site files, and ensure that new attacks do not happen again. To do this, we suggest you use the Wordfence tool (you have a free version and a premium version).
Wordfence Free performs a deep analysis and cleaning of your WordPress site. For example, this software:
- Checks all WordPress core files and compares them with the original publicly available files, looking for differences between them;
- Searches for files associated with malicious domains commonly found in malware and virus files;
- Determine whether your website domain or IP was used to send spam;
- Between others.
Note: we suggest that you contact a professional to review your server’s security protocols, to ensure that the problem did not originate from a server security breach, and that it blocks any attacks.
After running Wordfence Free on your website, you must follow the instructions given to you, deleting and modifying any files that are identified as suspicious. Don’t forget that when you delete files, they disappear permanently, so it’s important that you have a backup of your website, in case you delete a file by mistake or if you need to recover a previous version of it.
I saved my website, but browsers continue to show malware warnings, what can I do?
If you quickly detect an attack on your WordPress site, this is very unlikely to happen. However, if this is happening, you will most likely be on Google’s Safe Browsing list. This is a list used by the main browsers and contains a database of sites that have malware, phishing, spam, etc.
In order for your website to be removed from this list, you will have to request a review. You can find the instructions for this request here.
What to do to prevent future attacks and infections?
Unfortunately, it is impossible to prevent your WordPress site from being attacked. What you can do is optimize its security as much as possible, as well as that of your web server. If you keep the system up to date, with regular backups, a properly configured firewall, and prevention and monitoring software that guarantees the security of all factors (such as Worfence), you will be able to block these attacks, without having to worry all the time.
Remember, make regular backups of your website, update your plugins and your WordPress installation. Use strong passwords, two-factor authentication and run frequent analyzes of your website.
You know, if you need help with the security of your website, or if you have questions about WordPress… send us a message. Don’t forget to follow our Social Networks: Facebook; YouTube; Instagram; LinkedIn.
See you soon…
Note: This article is strictly informative and does not, under any circumstances, dispense with a specific analysis of your specific case.