Fortify your website! What should you do in case of a hacker attack?


What is the difference between a regular brick and mortar store and a website? One may say, “you can’t rob a webshop, as well burn on it or do some harm to the cashier”. But, are the websites really that safe?

You have all the chances to avoid security problems. There are tons of information on security measures, different preventive plans and case descriptions… ignored by the website owners. Which often leads to hacker attacks. Not only hacks represent the danger for the website owners, but they cause the most destructive aftermath. We won’t tell you, that hacks are inevitable until there are websites that were never hacked. But we will suggest you follow all the possible security measures until the number of yearly hacks remains enormous.

Let’s start with myth-busting

Debating about the WordPress, adversaries claim, that WordPress is insecure. That opinion is based on the accident of 2012 when over 117 000 WordPress installations were hacked. The primary factor is WordPress 3.6 update, that contained security issues, which were solved in the next version 3.6.1. You may find a lot of statistic data according to the accident, that explains the reasons for such a high hack rate. The main and most notable are those related to outdated versions of WordPress, non-existing versions and weak passwords.

The situation doesn’t change much over the six years, WordPress is still a sweet spot for the hacker attacks. WordPress popularity has grown to power over 30% of all web at 2018. Security updates amount to tens. But, it still has vulnerabilities, and you have to keep it in mind to be safe:

The tagline “Just another WordPress site” is all about that. Every day about 600 WordPress websites are created, and we hope at least 10 of them are made by professionals. So that approximate 590 websites are made by amateurs not following any rules. WordPress itself for the present moment is fully capable to stand the hacker attacks if used properly.

What the hack?

It is 10 times better to prevent the hack than saving all that left after it happened. But, nobody is 100% secure. Owning a website is like moving a caravan of gold through the bandit-infested desert.

Most of the hacker attacks are fully automated and made only because it is possible. For the owners of small sites, it is also important to know, that it is not about the size of your resource. To reflect the logic of the hack, I will give a vivid analogy: imagine that an owner of a small shop left the door to his shop open for a night. More than that, he left the light on and the cash inside as well. The same goes to the billions of the WordPress websites (and not only WordPress) which use simplistic login credentials ADMIN and 12345678, install thousands of plugins, using standard database table “wp” prefix or keep the WordPress without updates for years.

But why?

Having a small web shop, you should be aware, that software that hackers use doesn’t differentiate between large websites and the small ones. So you may ask, what is the profit for them? Well, the answer is, unlike the brick and mortar store, your website can be used to:

  • Redirects — hackers often use the websites to drive the traffic to another site. Whether it is an internet casino, a porn website or something else, it has an impact on your credibility.
  • Downloads — your website may be used as a dispenser of different sorts of viruses, key trackers, ransomware and others.
  • Resources — your server may be used to send spam or as a mining platform for the cryptocurrency.

And guess what? If you notice that something has gone wrong after the Google did, penalties or even ban are guaranteed.

How do I understand I was hacked?

  • You are unable to log in — the most popular way to hack a website is to get the password from the admin area.
  • The browser sends you a warning — browsers detect malware on the website and warn the visitor.
  • The web host got your website offline — web hosts often have automatic tools to detect hacked websites, or receive the notifications from the users.
  • Your security plugin sends you a warning — perhaps using a security plugin is the only method, to get the immediate answer and start to act.
  • The website got some strange links — you may get notifications or notice it by yourself, that some suspicious links appeared on your landing or any other page.
  • Google marks your site as an insecure — perhaps it is a bad marker because when you get bad rankings from Google, it is pretty late.

Now what?

The plan of actions may be different, considering what exactly you have spotted wrong on the website. First of all, stay calm. The panic won’t help.

Then you should make sure, that it is a hack. Try to login to admin area one more time. If the hack is obvious, follow these steps:

  1. Start with the login and password change. If you able to log in the admin area, you should change the broken password there. Every place where you use the same passwords is about it as well. If you can’t log in, you may restore the credentials with the help of the email. It is possible that email was changed. In that case you won’t get any notifications. To fix it, you need a root access to the database. Firstly, make a backup of your MySQL database, after what assign your email address.
  2. Backup! You might think, that a backup should have been done before. But, remember that you are saving files like images and other media from deletion by hackers or by the host. Web hosts sometimes make an automatic deletion of compromised websites. That is why it is a smart step to save what you left with. The backup can be done manually, but, there also a lot of ready-made solutions.
  3. Scan your local machine for viruses to reduce the chance to be hacked.
  4. Contact your host as soon as possible. Experienced web hosts are prepared for the siege, moreover, they have technical specialists that can help you to restore after the hack.
  5. Contact a trusted technical specialist. This guide serves for the average user’s purpose, that is why this item is also present.
  6. Delete any present inactive plugins or themes. The thing is, one of the most popular ways to catch a malware, is to instal a plugin or a theme containing one. Try to isolate your website from them to prevent the hack, but also in case of the hack.
  7. If you are able to find the compromised files by yourself, replace them with the originals.
  8. Check user permissions. It doesn’t matter whether you have returned the control over the admin area or not. Admin permissions should be only on your account. After the hack, it is vital to check if other user permissions weren’t changed.
  9. Change the login and password to the admin area one more time.

Breath out!

Breath out, but be ready. Several days after the hack, it is better to monitor the traffic and look up at the Google recommendations. Perhaps you weren’t so lucky to close the backdoor on your website, that is the additional caution is needed.

Nobody is ready for the hack, it always happens very sudden. That is why keep secure your own computer and check what happens in your admin area more often. Also, read our article about the general security measures you should implement. The website can be restored from the automated hack. Keep in mind, mostly only really big corporations become the victims of the non-automated hacker attack, that may cause more serious consequence. But, you don’t have such enemies, right?:)