Oh, man! I know a guy who had his private hosting hacked. He had like 28 websites there and a hacker got into all of them. The cleanup took about 10 days. As soon as he’d clean up a bunch of sites, they’d start to get hacked again. It was tough to get ahead of the hackers.
He ended up taking down a lot of his websites and just went down to the 5 or so that really mattered. With those 5 that were left, he installed firewalls and scanners to help protect his websites. Running some commands and doing virus scanning on the server helped as well. He changed all passwords (users, database, etc.) And then setting up his .htaccess files to protect certain, core WordPress files also helped.
The combination of all those things drove the hackers away.
The truth is, most hackers are lazy. Think about it… something that has a lot of locks and is tightly locked is something that won’t be easy to get into – versus something that has an unlocked door and open windows.
His websites were not kept up to date. He hadn’t done that in a while. Having that many websites was just too much to handle, really. Going down to 5 and having good security in place will help… for sure.
How to Handle WordPress Hacks
Here are some steps to go through if your WordPress website has been hacked:
- If you do not have root access, get a hold of your host and let them know what’s going on. See what kind of help they can offer you.
- If you have a backup that’s clean, consider using that. Consider what content was added recently and make sure you save it. You may want to first take a backup of the hacked website before you go and restore a previous backup.
- You’ll have a much easier time doing cleanup if you can just lock down access to your website to your IP address while you’re working on things. You can do this in the .htaccess file.
- Change all passwords – user logins, the database and whatever else. Make sure no new users have been created (ones with Administrator roles).
- Upgrade all plugins and themes.
- Re-install WordPress.
- Install firewall and virus scanner plugins. Run those and follow their advice. Remove all the files and directories that shouldn’t be there.
- Ask your host to run a scan on all your files, looking for more files that should not be there (don’t just one 1-2 tools – use as many as you can because just one won’t do it).
- Lock down core WordPress files with directives in your .htaccess file. For example, protect your wp-config.php file and your .htaccess file.
- Change the WordPress salt keys in your wp-config.php file so that any logged in users will be logged out.
- Reboot the server or restart the web service if you can.
- Clean out the mail queue if it’s full of spam.
- Look through your main directories like the root folder, wp-content, etc. for any files you may have missed.
After you do this, open up access to the world and watch your access_log files. See if certain IP addresses are trying to run scripts that you removed and then block those IP addresses. Keep an eye on things for a while. You have to make sure you’ve made them move on. If they still have some files on your website, they may still have control and they may start everything over again.
Remember This About Hacks
It’s usually not personal. I’ve maybe only seen this once. If it is personal, they’re stupid because there’s a much higher chance they’ll get caught. It’s usually an automated script that found a hole in your website. This hole was found because you didn’t keep up with upgrades, most likely. So, it’s really more your fault, unfortunately.
Hacking websites is computer fraud and you can actually get the police involved. You’ll have a greater chance of success catching someone if they’re in your own country, so going after the Chinese or Russians trying to get in is not likely going to be successful.
Need More Help?
Did what I list here not make much sense to you? Well, that’s fine. There’s only a small part of the population that is made up of website programmers and system administrators. The skills they have are really what you need to get the job done right.
If you do need more help, then contact us here at Webstix. We’ve cleaned up hundreds of hacked websites and we have the knowledge, experience and expertise to help you get your website cleaned up and back to how it was.