That was me last week. Again. Admittedly it was a few years since one of my sites was last hacked. This time it was two.
It’s no fun.
Even less fun is the support you may not get from your host. Mine was no help. Needless to say I had already done what I could to remove the malicious code. Still, the care factor was marginally above zero.
Fortunately the attack was more for pride and vanity than to destroy any content or pillage (so far as I could tell).
It’s a horrid feeling to realise your site has been attacked. Definitely pays to be checking your sites regularly. I know there are some I don’t access very often.
So, what do you do when it happens?
Here’s Google’s handy tips to follow:
- https://support.google.com/webmasters/answer/163634?hl=en
Then there is also some good practical advice from another blogger who learned the hard way;
- http://thestyleconfessions.com/2011/04/16/a-few-things-you-can-do-to-avoid-being-hacked/
Jeff Goins handled it this way:
- http://goinswriter.com/site-hacked/
And this is great advice to follow:
- http://hackrepair.com/my-web-site-was-hacked-now-what-do-i-do
What Did I Do?
- Changed not just my admin password but I created a new Admin User with a fresh password. I logged back in under the new Admin User and deleted the previous Admin user.
- Changed my ftp passwords with my host.
- Checked I had pre-hack backups saved off my server (I mail them to a special email address automatically)
- Ran my site through Sucuri, identified the malicious code files and deleted or replaced them
- Updated all software on my site
- Checked whether my security software was adequate and installed a better one if not.
- Reviewed the advices above and locked down my sites as much as possible for future protection.
Luckily I noticed the hack within 24 hours of it happening and took remedial action straight away. That meant that my site was not picked up by Google as having been hacked and so was not blocked. The other advantage I had was the time zone difference. My site was hacked overnight so I got to work on it in the wee hours before business hours kicked in locally. Sleep? Not when your site is hacked!
What bemused and annoyed me was that by chance I found my site had been listed as hacked on a hacker’s forum – along with hundreds of others that day. Seems my hacker is trying to up his/her status in hackerdom by competing for the number of sites hacked. I have no idea if said hacker had a political message – I just took the thing down!
If you have a website that you self-manage the chances are that you will be subject to attack at some point. Be on guard and make sure you keep your site software updated, keep backups and have good security software and protocols installed.
Finally, don’t let the hackers get you down!
This came at a good time as there has been a spree of website hacks these past few weeks. Thank you for the article. As a new website owner it is very helpful.
Kind regards and may these hackers find something else to do,
Daniel
Glad it was helpful for you, Daniel. Good to see you here.
Glad you got back up and running without too much trouble Mel 🙂
Just a quick one to add to your “what to do” checklist. Edit the wp-config file and change the security keys. This will automatically log out everyone from your WP site.
Another one learnt the hard way… Rather than updating, delete and re-install. Updating updates true WP and plugin files, but as you probably noticed, these guys add extra files too. Much easier than hoping you’ve caught them all and deleted!
Hadn’t thought about the wp-config fix – good idea. This was a relatively easy hack fix but definitely a delete and reinstall with a clean backup is easier than poring through files!
It can’t be easy fixing a hacked blog, but I’m glad you were able to get things back in order before it got worse.
I’m wondering how you initially setup your blog?
Did you do it manually (through FTP) or did you do it through the CPANEL of your hosting account?
The reason I ask is because setting it up through CPANEL is less secure than doing it manually.
– Bonnie
Good tip, Bonnie. I usually set mine up manually through FTP and these blogs would have been done that way. I’m fortunate it was just a defacement hack. Great reminder to ensure you have regular backups so you can restore to an earlier point.
Comments are closed.