You’ve put a lot of time and effort into your site. Then, one day, you load up your site in your browser, and find that it’s not there, or it redirects to a porn site, or your site is full of adverts for performance-enhancing drugs.
What do you do?
Here are some steps to take:
Don’t panic. You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes.
Scan your local machine. Sometimes the malware was introduced through a compromised desktop system. Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting anti-virus software and hiding from them. So maybe try a different one. This advice generally only applies to Windows systems.
Check with your hosting provider. The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example.
Change your passwords. Change passwords for the blog users, your FTP and MySQL users.
Backup. If your files and database are still there, consider backing them up so that you can investigate them later at leisure, or restore to them if your cleaning attempt fails. Be sure to label them as the hacked site backup.
Check your .htaccess file for hacks. Hackers can use your .htaccess to redirect to malicious sites from your URL.
Restore. Start a site restoration procedure. Even if only your database seemed to be exposed you may want to restore an old code base to ensure nothing was secretly modified.
Fix the problem. You need to find the security hole and plug it. Count on the hackers installing back door access to your site. Find that and remove it as well.
Change Your Passwords again. Remember, you need to change the passwords for your site after making sure your site is clean. So if you only changed them when you discovered the hack, change them again now, as well as potentially your personal email and other accounts if they were the same.
Strong passwords. There is no longer any reason to use the same password everywhere. There is no longer any excuse for using a password that doesn’t look like total gibberish.
With recent hacks making this sort of thing obvious, everybody should be using a password storage solution. Like Roboform or LastPass or 1Password.
This sort of thing is a requirement for secure computing, and everybody should be using something like it.
Secure your site. Now that you have successfully recovered your site, secure it by implementing some (if not all) of the recommended security measures. Hardening WordPress with htaccess, and making sure the computers you use are free of spyware, malware, and virus infections, FTP File Permissions etc.
Keep regular backups. Now that the nightmare is over, start keeping regular backups of your database and files. If this ever happens again, all you will need to do is restore from the last known clean backup and change your passwords and secret keys.
Need help? Contact Us today.
