Help My Website Has Been Hacked! – What Can I Do?
Help My Website Has Been Hacked!
Those are the six words - Help My Website Has Been Hacked! - that all website owners dread saying. But what does it mean, what does a hack entail, and how can you prevent them happening?
Hacking Problems - What Is The Problem?
Hacking is increasing and no-one is immune from hackers attacking their website. In fact, Forbes magazine estimate that nearly 30,000 websites get infected with some type of malware every single day. We’ve heard of the well-publicised large companies that have been hacked.
However, in reality most businesses affected by hackers are small businesses that don’t have sufficient protection against hacking. These include blogs and small company websites. So the question is, what are the problems, and what can you do about them?
A hack is simply someone gaining access to your website and then using it for their own purposes. They may change pages or delete whole sections of your website.
There Are Many Forms of Hack
There are, regrettably, many ways that a hacker can compromise your website. For example, hackers can try common usernames and passwords over and over until they get access. This method is called a brute-force attack.
Others use more sophisticated means – cross-site scripting, or attacking known vulnerabilities in the code on your system.
Once a hacker accesses your site, they often deface it. Defacement, a common hacking technique, is where a hacker puts up a banner or page supporting their political or financial aims. Alternatively, they could redirect your site to a porn site, or to a site selling Viagra or other merchandise.
Reinstating your site can be a costly and time-consuming set of activities. That is if it’s even possible. I have seen hacks recently where hackers have removed every single file on a site. Without backups, you will need to recreate your site from scratch.
So hackers can redirect your site to an undesirable site, or remove it all together. The question is, what can you do to counter these problems?
First Step: Detection - Free Malware Scanner
The security firm Sucuri have a useful free scanner that you can use to check the status of your website. The scan will show whether you have succumbed to many of the common hacks. And it can tell you if the biggest search engines currently blacklist your site.
My Suggested Preventative Solutions
You may be looking for a one-shot solution to prevent hacking. Unfortunately the situation is a little more complex than that. You need to protect your site against the most common problems that attract hackers. And at present, this involves selecting a number of different tools. Here are my biggest recommendations to prevent the hacking of a WordPress site.
1. Have A Robust Backup Regime
The most fundamental thing to have is a good, reliable automatic backup regime. Have one that backs up to at least one place away from your site. The disadvantage of keeping your backups on your site is that if you lose your site totally, your backups go as well.
I used to use my own backup system, but I now recommend VaultPress in preference. Why?
- VaultPress has several options, but I recommend their service that is just $9 per month.
- It's easy to set up and it’s very easy to restore a backup – one click and your site is back.
- VaultPress comes from Automattic – the creators of WordPress.
Their interface is clean and fast to use. It works, and it’s the best I’ve seen. You can sign up at http://vaultpress.com
2. Implement WordFence
WordFence is a free security plugin that protects your site in several ways. It prevents hacking attacks like brute force login attacks by locking out hackers. WordFence detects when someone (eg a hacker) changes core WordPress files, theme files or plugins from their issued versions. It then prompts you to restore the currently issued code from its database.
The free version now comes with a firewall that increases the level of protection you have. And I strongly recommend you implement their firewall.
WordFence will lock out hackers who try to guess your password to get into the WordPress backend.
WordFence is available via the WordPress plugin directory for free.
3. Use SiteLock
SiteLock has several features that you can select to protect your site. I like its SMART tool that automatically scans your site for malware, and, if it finds any, repairs it and sends you a message of confirmation.
If you bear in mind that manual malware cleanup can be very time consuming and expensive, SiteLock is like having insurance against malware attacks. It keeps your site running. Contact me here if you'd like to benefit from the services that SiteLock offer.
4. Purchase WordPress Maintenance
Many people don’t understand the vital importance of keeping the code on your site up to date. This means keeping your WordPress version, your theme and all your plugins updated to the latest version.
The main reason programmers update code is to repair recently uncovered vulnerabilities that could lead to hackers gaining access.
Recent WordPress versions auto-update to the latest version, but you have to update themes and plugins manually. Out of date plugins in particular are an issue. Most WordPress sites use several plugins to provide functionality. The problem is magnified by plugin authors releasing the nature of the problems fixed in a new version. A hacker encountering a previous version then knows what vulnerabilities exist in it.
I can provide you a service where I scan your site every day for out of date code.
http://alunloves.it/wordpressmaintenance
Summary
If you don't want to hear yourself uttering the words "Help My Website Has Been Hacked!" there are steps you can take to avoid hacking. They are:
- Have a robust backup plan
- Use the WordFence plugin
- Use SiteLock
- Buy WordPress Maintenance
It's important to note that nothing will make you completely hack-proof. The most determined hacker will probably get into any site. But it you make it hard for him, like any burglar, he will probably look at easier targets.
Contact me here for a no-obligation chat about WordPress security.
