Last week we looked at whether your WordPress website was prepared for a cyber-attack. Now we’re going to focus on what to do if you find you have fallen victim to cyber-crime.
With a hacker attack occurring every 39 seconds, it’s likely this will happen to you at some point in the near future if you don’t take the necessary WordPress security precautions. After the initial panic, swearing, strong cup of coffee and pleas to the Cyber Gods, here’s what to do next.
1. Redirect your site to another location
If you realise your website has been hacked, the first thing to think about is protecting your site’s visitors. Immediately put a redirect in place and block users from going to the hacked site.
This will make sure you’re not leaving your visitors at risk, but it also saves your reputation. Hackers often put up pornographic or spam material that you don’t want to be associated with your business name.
To set up a redirect, use a site on a different IP and create a page that lets users know you’re currently experiencing some technical difficulties. It’s best not to mention anything about being hacked at this stage as this can cause unnecessary worry to customers.
Redirect your entire domain to the new IP via your control panel so that they stay clear from the hacked site. If you’re unsure of how to do this, you can work with your hosting provider or get in touch with us.
2. Find the vulnerability
Once you have put the necessary protections in place for your site visitors, you need to find the vulnerability. The best way to do this is to ask your hosting provider for activity logs.
Once you have identified how the hackers got into your site, you can focus on improving that security risk or hire someone to fix it for you.
GDPR requires businesses to inform users of any breaches of data. If your any information has been compromised, you must notify your subscribers about the hack and the steps you’ve taken in rectify the situation.
3. Block the IP
It may sound obvious, but make sure you block the IP that hacked into your site. Although this will keep you protected from that one hacker, you should be aware that hackers often access website’s from multiple IP addresses, so merely blocking them won’t stop the hacking.
You need to fix the vulnerabilities that allowed them in initially.
4. Clean up your site
At the stage, we’re hoping you’ve regularly been backing up your site as you’ll now need to clean up your whole site, including your databases.
The most effective way to do this is to delete all files and restore them from your backup just before the hack. If you’ve backed up daily or weekly, then you shouldn’t lose much information by doing this.
If you haven’t been regularly backing up your site, you’re best speaking to an expert on how to move forward.
5. WordPress security
The final step is to secure your site. Find out where your current vulnerabilities are and work through the list in fixing them. Take a look at these simple ways to protect your WordPress website and act fast. A good hosting provider will work with you on security, or to really knuckle down on how to keep your site safe, get expert help from a provider who will continuously work on and maintain your WordPress website.
At WP Tech Support, we focus on WordPress security. We’ve developed a premium quality support and maintenance service for all WordPress website owners that delivers total peace of mind. From emergency fixes, offsite backups and daily security scans, our monthly maintenance plans can keep you safe from being hacked.