WordPress – I got hacked, what do I do?

WordPress – I got hacked, what do I do?

Andy Holland

Do you think that your WordPress website has been hacked? Symptoms of a hacked website are the site being down, text and links not added by the admin showing up on the website, the homepage redirecting to a new page which says the site has been hacked, or phishing pages being added to the site.

First things first, don’t restore from your backups just yet, as you’ll hide the hacker’s tracks and may not be able to fix the problem, allowing them to come straight back and do it again.

  1. Local machine clean

Your admin or FTP logins could simply have been taken right from your local machine. Make sure that your computers connected with your site are secure at all times. This means you need to:

  • Keep your operating system up to date, whether Windows or iOs.
  • Use the latest web browser version.
  • Keep your anti-virus up-to-date and perform regular scans.
  • Only install trusted software onto your machines.
  • Don’t click dodgy links in emails.
  1. Sever security

Ask your hosting provider if any other sites have been compromised on the server. By identifying the files that have been compromised, you can track where the hack started.

  1. Change passwords

You’ll need to change:

  • FTP login credentials
  • WordPress logins for everyone
  • WordPress database login details
  • All application logins on the domain
  1. Secure WordPress
  • Change your WordPress encryption keys. Use a generator to make sure they are secure.
  • Keep WordPress up to date.
  • Use only the latest plugin versions.
  • Find plugins not in use and remove them.
  1. Ask Sucuri

Get Sucuri.net to scan the website for any malicious files. The cost covers one year of daily scans.

If you regularly carry out these steps, you will considerably reduce the chances of getting hacked.

Andy Holland

Author Andy Holland

More posts by Andy Holland