WordPress security - have you been hacked?

Do you need to consider WordPress security?

WordPress powers nearly 30% of sites on the internet. WordPress security should not be an afterthought to a web project. How much income would you lose due to a hacked site? If you’re a business that depends on your website, a few days offline while you fix things can mean losing vast amounts of money. Moreover, the downtime will cause severe damage to your reputation and brand.

We invest a lot of time with our clients, explaining and educating them as to the importance of WordPress security. Most of all, having experienced WordPress developers on hand to help with WordPress support and maintenance, pays for itself. Getting hacked can happen to anyone. Luckily most hackers tend to go for the low-hanging fruit. A well set up WordPress site whose creators have taken WordPress security seriously from the outset is a lot less likely to be hacked than a poorly managed WordPress. As long as you set things up correctly, the WordPress platform is a real challenge for hackers to get into and damage. Most agencies offer WordPress support and maintenance as an on-going service, and this reduces the risk still further.

We’ve picked up some significant, long-term clients after they approached us because they feared their existing WordPress site was hacked. We know that vigilance and prevention sit at the heart of good WordPress security and every website we create. We’ve created some WordPress support and maintenance plans to help deal with the vital security side of our ongoing client relationships. Here’s some insight into common WordPress security measures to tackle if your site gets hacked.

How do you know your WordPress site is hacked?

First of all, if Google has blacklisted your website out of the blue, either trashing your search visibility, sandboxing you or de-indexing your pages altogether, contact your WordPress developers. The same goes if your entry in the Google search result pages carries a warning message: ‘This site may be hacked’. If your host disables your website, it could signify an intruder. And if your site is behaving strangely, doing weird and unexpected things or generating strange error messages, it could mean it has a WordPress security issue.

Having said all that, it probably isn’t always easy to tell. Knowing the signs helps enormously, but you can also harness a variety of tools to help you find out, including the SiteCheck Scanner and the Unmaskparasites Security Scanner.

Once you know for sure you’ve been hacked; there are plenty of things you can do to recover and prevent it happening again. In addition, if you have a WordPress support and maintenance agreement in place with the agency that built your site, they should have been taking backups of your site.

7 ways to deal with a WordPress site hack

It’s a WordPress security thing. To prevent hacks, it helps if you’re reasonably security-savvy and have the time and inclination to keep your knowledge up to date. If you’ve let things slide and suffered a hack, here’s how to get back to normal.

1. Security keys

If you have the right know-how, it’s vital to generate new WordPress security keys in the wp-config.php file. If not, it’s best left to someone who knows what they’re doing – probably contact your WordPress developers.

2. Predictability

Most of all, reset all of your user passwords. Never use ‘admin’ as your username. It’s the first stop for hackers and makes their lives horribly easy. Use an obscure username and a suitably long, random and complicated password. Then maybe use a password manager to store the new passwords safely, so you don’t forget them and therefore share them securely.

3. Remove and re-install WordPress

Again, this is something you don’t want to tackle unless you know your WordPress security. Never use the update/reinstall feature in the dashboard. You need to do it via an FTP/SFTP client and replace every file manually. If that sounds like Greek to you, don’t go anywhere near it! Again contact your WordPress developers and ask for their help.

4. Plugin management

Out-of-date plugins can have an enormous impact on any WordPress security issue. Remove and re-install all of your plugins to make sure there’s no malicious code left lurking in them. If you have old deactivated plugins hanging around, remove them altogether rather than leaving them there – they’re also vulnerable.

5. Software updates

Update all your software once you have cleaned the website, so you have the latest and most secure versions of everything. WordPress security depends on you or your developers updating WordPress and your theme to the latest version available on a regular basis.

6. Backups

Restore your backups, store them off-site and test them regularly to make sure they’re working properly. A secure backup is crucial for quickly restoring a WorPress site post-hack.

7. Take WordPress security seriously

If you don’t understand WordPress security, leave it to an expert. Just keeping your site up to date works wonders. It’s enough to put many hackers off and sends hack bots scurrying away to look for less well-protected sites. Always update plugins whenever a new version becomes available, and do the same with WordPress platform upgrades. The longer you leave it, the less secure your site will be since hackers consciously target vulnerabilities in older versions.

WordPress support and maintenance pays for itself

While we consider ourselves WordPress security experts, we’re very aware of the risks. That’s one of the reasons we created our WordPress support and maintenance plans, a service our clients genuinely appreciate. Take on a support plan, and your WordPress security matters are taken care of as they arise. Most decent WordPress agencies will offer them and be happy to talk to you. The on-going peace of mind means you can relax and get on with generating a healthy bottom line.

All our clients get the chance to buy into their WordPress security. If you want to join them, let’s talk about our WordPress support and maintenance plans and help you avoid any costly mistakes.