WordPress is a software that I used to create websites. It is free and is used by millions. It is fairly easy to use and this makes it relatively easy to adapt to. However, sites on WordPress, just like any other, are often the subject of hacks, malicious or otherwise when this happens, a business or website owner will need to go through the recovery motions to get the website back up. There are several signs which indicate a possible hack on a WordPress website. The website might not be showing up, there could be text and links maliciously added or replaced on the website, or a blatant sign like the homepage redirecting to a site indicating that the website has been hacked. One might also find pharming or phasing websites installed. Before rushing to make that call to the hosting provider, follow the following steps to recover from the process.
Clean up the local computer
Many of the hacks on websites are as a result of the FTP login details or the administrator credentials being accessed right at the local computer through spyware, a virus or Trojan. The first step is to make sure all the workstations used to access the website are clean. To do this, stay current with the operating system and make sure the web browsers are up to date. Perform regular system full scans and make sure the antiviruses are up to date. Do not click on links on emails that are not expected, or install software from untrusted sources.
Secondly, confirm whether other sites on the same server are affected. One might need to contact the web hosting company to find this out. When on a shared server, it may be that the site was accessed through a different website on the same host. Identifying the files which were compromised helps determine what the source if the compromise was.
With a confirmed hack, do not assume anything. Work with the assumption that all passwords have been compromised and make sure to, at the minimum change the following passwords; the FTP login details, all passwords and log-in credentials with administrator level access and all database login credentials. It might be necessary to change other application logins in the domain.
The ease with which one can set up a website makes it easy for novices to work with. It has many plug-ins, which is useful, but equally dangerous given the number of known weaknesses and vulnerabilities. This tends to attract hackers. To secure WordPress, one needs to change their encryption key using the online generator, make sure the version is up to date, make sure all plug-ins are upgraded and reviewed. Here are the top 27 ways to secure a WordPress site
The final step involves the determination of the actual source of the hack. Contact sucuri.net and have them scan the website for any malicious files. For the price of this scan, one gets a yearlong daily scan.
Proactivity is better in protection, and considering all these steps mentioned during the initial set-up will go a long way in protecting the WordPress website.