You may have heard of the cyberattack that took down hospitals in the United Kingdom. Thousands of operations and appointments were cancelled because the malware, “WannaCry”, threatened to delete vital information unless a ransom of $300 to $600 were paid. This type of hacking is called “ransomware”, it holds your computer as a hostage until a random is paid. This is done by encrypting your files. Then a screen is displayed that demands the money to get your files back. There is usually a countdown and the ransom price increases over time until the clock reaches zero. When the countdown ends, your files are destroyed.
Technology is ever-changing, for good and for bad. It is important to make sure that your computer is protected from malware and viruses. Much like your computer, your website should be secured from hackers. We’ve compiled a list of things to do if your WordPress site has been hacked.
Sometimes a hack can go undetected. Fortunately, there are a few resources out there that can help you know if your website has been hacked.
The first resource is Google. When you do a search for your company on Google and see a note next to your listing that says “This site may be hacked” – that’s a good indication that your site might be hacked. You host may also suddenly disable your website. They may have detecting the malware and are protecting users who visit your site. If you website is behaving weird, it may be a sign there is malware as well.
Next, do a scan for malware on your website. Sites like Sucuri offer free scans. This will help you get a confirmation that your site has been attacked.
After your find out that your website is infected, the next thing to do is understand what’s going on.
If you’re site has just been hacked you are probably panicking and have a lot of concerns. The first step is to understand how and why this happened. Take a look at your website for any weak spots. Do you have any outdated plugins? Is your version of WordPress up to date? WordPress has a large user base, some of those users don’t always update their sites – which makes it an easy target for hackers.
Once you have an understanding about the attack, you can start securing your website. Make sure everything is up to date. Reinstall core files, if necessary. Sometimes a fresh install of WordPress is needed. Reset your passwords. Deleted and reinstall all your plugins – remove outdated ones. This may seem like a lot of work but if your site has been infected the malware can live anywhere. It’s important to get a clean install of all files to make sure the infected file or files have been removed.
4. Move Forward
After cleaning up your website, make sure you keep it updated. Immediately install new WordPress updates as they’re released (if they are not automatically installed). Run through all of your plugins to make sure they are compatible with your WordPress version and are being updated. These are the two most important things to do when you have a WordPress website. Hackers look for outdated versions of WordPress and WordPress plugins because they are less secure than the newer versions.
5. Get Help
This can seem like a daunting task but you don’t have to do it alone. KSH Marketing has a lot of experience cleaning up hacked sites. We can help you get a handle on the malware and get your website back to normal. Give us a call today if you think your website has been infected.