We guess, no one is surprised by hacker attacks nowadays. Today’s web is a quite dangerous place to surf. Attackers can steal your credentials or account, infect your computer with malicious software and perform other nasty unwanted actions. But not only users, but website owners are also in danger.
Furthermore, they take greater risks while running and maintaining websites. Hackers can shut down the site with a DDoS (Distributed Denial of Service) attack, steal users accounts, break into a database and sniff clients’ personal information or completely intersect admin rights and basically become new website owners. All these situations are really dangerous. They can lead to severe financial and time loses; compromise your website and the entire brand.
WordPress is the CMS (Content Management System) at the highest risk nowadays. In 2018, WordPress took 60.1% of the entire CMS market share. Basically, every second CMS runs on WordPress. Nearly every third website in the world uses the WordPress core. This statistics means that you are in greater danger than, for example, Joomla or Drupal users. In the most pessimistic scenario, your website will be hacked and lost. But don’t panic! You have not lost your website permanently and can still regain your admin rights. Just follow our little guide where we’ll cover 5 basic steps to restore your hacked WordPress website.
1. Identify your enemy
First of all, find out what type of hack occurred and how it managed to break through the defense of your website. It’s an essential step – you need to determine the circumstances of breach to create a proper strategy to fight back the website. Furthermore, it’ll help you to uncover the weaknesses that hackers can use against you.
The future strategy will depend on a hack type and severity – you may just need to remove a single part of the code and everything will be fine, or you may be forced to restore the entire website from the backup. The best way to find out the hack severity and identify infected parts of the website is to use special scanner plugins like Sucuri Security or Wordfence. They will determine the plugin or a part of a code that was damaged or altered by hackers so you can remove it and restore your website.
2. Contact your hosting provider
If the website was hacked, your hosting provider may help you to resolve this situation. Usually, they have professional staff who can help you to locate the hack origin, find out possible backdoors, advise you about some handy tips to clean up your hacked website, and strengthen its defense to prevent future attacks and exploits.
In some cases, your hosting provider may supply additional software to speed up this process or even manually remove malicious code for you. Besides, some hacks may affect not only your site but a bunch of websites that use this hosting. In those cases, hosting provider will coordinate the collective efforts to clean up the entire cluster from malicious intrusion and you’ll restore the access to your website.
3. Consider restoring your website from backup
If your website is severely infected by various malicious blocks, consider restoring the whole website from a backup. The biggest disadvantage of this step is the fact that you can actually lose some of your data. Posts or comments in the blog, fresh updates, the most recent minor changes, etc. On the other hand, everything should be fine if you’re constantly making backups after each change.
Of course, this step won’t work if you don’t have any backups at all or the last backup was so long time ago that restoring this version doesn’t make any sense. In those cases, your only chance is to manually clean up your website.
4. Clean up your website
You need to remove all the malicious code from your website. In some ways, you can just delete the single block of code or reinstall the infected plugin. In other cases, you may need to manually clean up a lot of code and manage, basically, the entire website. Defense plugins can help you. Sucuri Security and Wordfence have their own firewalls to help you block the suspicious traffic.
5. Check and alternate your website credentials
After all the malicious code has been removed, you need to make sure that attackers haven’t left any backdoors. Check your user permissions and ensure that no one other than trusted team members can change your website’s content, settings, or plugins. Don’t forget to change all your passwords. Some of them may be stolen.
Your security keys can also be compromised. They encrypt all your password so it’s better to be a little bit paranoid about them. Furthermore, hackers can steal your credentials and still be logged into the site because their cookies are valid. Generate new security keys and salts to invalidate all cookies in a different way to protect the website from such unpleasant accidents.
Final thoughts
Cybercrimes become a daily routine nowadays. There’s no perfect protection from hackers and DDoS attacks, account sniffing and malicious intrusion attempts. Since almost half of the websites throughout the web are WordPress-powered, this CMS becomes a “delicious” target for various cybercriminals. Your WordPress website can be compromised or crashed due to hacker actions. The first thing you should do if this happens: don’t panic. Keep your mind clean, take a deep breath and start to recover your website and regain the full access from the hackers’ criminal hands.