You may have spent a lot of money to have a website built for your business in WordPress.
Or you have invested a lot of time yourself to set up a website with WordPress.
And then.. your WordPress website is suddenly hacked
How is that possible?
- Is the WordPress website not well made?
- Is someone targeting your website?
- Has the credentials been leaked?
These are programs that test and hack thousands of websites at the same time. Without even one person involved.
Is WordPress that leaky then?
No, WordPress is not the problem.
The problem is the plugins that are used.
The plugins are not always updated and the programmers do not always keep the plugins secure.
Plugins are often the cause of your hacked WordPress website
Hackers can download many plugins for free and test them for security vulnerabilities.
When hackers have found a security vulnerability in the plugin, they write a script that checks large numbers of WordPress websites every day for the presence of those plugins, after which an injection or command takes place through that plugin.
Viruses can perform injections and commands via plugins (Technical)
Those are the terms that describe how a virus, script or piece of malware works.
Via the leaky plugin, all unwanted data is injected into your database or on the server in one go.
It only takes a virus 1 second to put advertising in ALL your pages and posts – hence the injection.
A virus can give commands to the server via a leaky plugin. In this way, various files containing malware can be placed.
Think of malware that encourages your server to spam other websites or email addresses of people.
My WordPress website has simply been hacked, what can I do?
You must reverse the consequences of a hack, then you must secure the WordPress website so that it cannot happen again.
We do this 7 days a week, we remove the hacks and secure WordPress websites for a fixed affordable rate.
With warranty. Click here if you want your website quickly repaired and secured by WordPress professionals.
Repair your hacked WordPress website yourself
The step-by-step plan to restore your hacked WordPress website:
- Determine the date your website was hacked
When was the aforementioned injection or command executed?
You can see this from the modification date of files on the server, if that is not clear you can use your own insight.
- Restore a backup of at least 1 week before the hack took place
You may be able to restore a backup from when your website has not yet been hacked.
Some web hosts store backups of your website, sometimes 1 week but sometimes 1-2 -3 months.
Keep in mind that a backup is a step back in time, so news items, users, woocommerce purchases and the like are NOT up-to-date with the old backup. Therefore, make a backup of this moment before you restore 1.
- Check the website for suspicious files and activities & back doors
– Check which files are on the server, whether they belong there.
– Check which users have administrative rights and whether this is correct.
– Remove back doors.
Backdoors are regularly installed, even before a hack actually becomes visible. That backdoor is literally an open door for the malware to be able to execute the injection and commands again.
- Update your WordPress, plugins and theme
Make sure everything is up to date.
TIP: We often completely replace the plugins and WordPress completely on the server for new downloads, so you can be sure that there are no unwanted files or lines of code on the server.
- Submit your website to Google webmaster tools
In Google’s webmaster tools, go to the security center and see if the website is not known as hacked there.
- Check your website for free at Sucuri
Scan your website with the Sucuri Malware Scanner
Is your hacked WordPress website now hack-free?
If your hacked website is now hack-free and you are sure that hacking bots cannot access your website, the protection begins.
- Check your plugins for security vulnerabilities
On wpvulndb.com is a search tool that can help you find out if your plugins are currently leaking. Or that they have often been hacked in the past. If a plugin is unsafe, choose an alternative.
- Install and configure a security plugin
A security plugin stops many hacking bots. It is important to set it up properly, so take your time.
- Monitor your website weekly or at least once a month
Check the security logs of the server regularly to see if everything is still going well.
Don’t have time to check your website?
To read the logs? To do Google webmaster tools or other scans?
Leave that to us! We take care of your WordPress website for an affordable monthly rate.
We work with WordPress 7 days a week, for more than 10 years.
Choose convenience and security: Let us secure your WordPress website.