What to do if hacked and how to minimize the risk.

13. July 2013 Posted by Jimmy Sigenstrøm

After been hacked I figure that I’m the perfect candidate to tell what not to do if you don’t wanna be hacked, because I can’t blame anyone but my own lazy a** for the problem.!  :wink:
So first here’s what not to do.!

What not to do
1: Don’t keep your WordPress version updated at all time
2: Download plugins from other sites that WordPress and other major sites.
3: Allow everybody to create profiles and don’t admin them, it’s a waste of time…
4: Use poor passwords on the blog, ftp and mail..
5: Nevr backup your blog, it’s only for weak..

So what to do
1: Always keep your WordPress updated.
2: Only download plugins from major sites and WordPress.
3: If your blog is open to guest posters, then delete/remove the ones that aren’t used.(better yet have them contact you so that you create the profile.)
4: use good strong passwords this means passwords that contains letters, numbers and specials letters and so on.
5: Setup an automated backup software, that makes backups of the database and files and uploads it to somewhere else i.e. dropbox.

If you follow the todo list, then the fix is fairly easy.

  1. Check Google Webmaster Tools to see which pages Google has spotted with malware and so on..
    Then check the urls on this websites: http://aw-snap.info/file-viewer/ to see where the malware has been placed i.e. theme, post and so on.
    Because if it’s in a post you need to use the right backup from before you got infected, delete the theme if it’s one of those that is infected.
  2. Check the urls up against these sites also

    http://www.rexswain.com/ - HTTP Viewer
    http://urlquery.net/ - Checks among other things your standing on Yandex, SiteAdvisor, Google, Opera and Norton Safe Web
    http://wepawet.cs.ucsb.edu/ - Checks scripts
  3. Change the passwords, delete everything from the web host and start with a fresh WordPress and update it with your clean database backup.

If you don’t have a backup and didn’t do as you should, then you need follow the same steps but you also need to go through all the posts to ensure that there is nothing malware here.
When all that’s done and the blog is clean, resubmit it the networks to get a clean bill of health.!


Have your blog ever been hacked and if yes what did you do.?

About Jimmy Sigenstrøm

I am a qualified multimedia designer but has worked mostly with systems development in C # and search engine optimization, link building. Besides this I have my blog about whiplash and my SEO blog that is in connection with my link directory / article database

10 Responses to What to do if hacked and how to minimize the risk.

  1. Michael says:

    These are great tips. Being hacked would be my worst nightmare. Do you have any suggestions for backup tools other than using dropbox?

  2. AKLAPOTHIK says:

    so hackers can access the server only by knowing the password right? without knowing the pass can they modify the server files? if so how? cos only site owner or server admin can modify server files as far as i know. so keeping the pass supersafe will totally prevent out site getting compromised?

  3. Betty says:

    Fortunately haven’t had my wordpress hacked but I have had my twitter account hacked. Poor password was the most likely culprit. Good tips though

  4. Darek says:

    Great tips Jimmy,

    Our web security is the number 1 priority and should not be ignored.

    For WordPress users I’d strongly recommend the Better WP Security plugin as it really gets gives you a better protection agains hackers or any other bots and stuff.

  5. Muneeb Ahsan says:

    Worth reading and really informative article. writer made a complete list of those thing which a person needs to do after being hacked and he also mentioned things which a person needs to avoid. I’m totally new to blogging and this article helps me a lot.I’ll follow all the guidelines that listed here. Thanks jimmy for sharing such a wonderful knowledge with us.

  6. Gagandeep says:

    To protect your website from getting hacked you can use various plugins like Better WP Security. It will surely lower the risk of hacking to your blog

  7. Davetiye says:

    Thank you Jimmy thanks for this check list, i will implement these tips on my blogs.

  8. Thejas Kamath says:

    Thank you for sharing tips. I’ll follow this if any of my sites gets hacked.

  9. Jake says:

    Hey Jimmy, great post. first of all one consideration: the backup suggestion. it’s more than great, it’s huge. i backup daily automaticly and also manually every week into my PC hd.

    in the past i had a bad experience, founding my web space totally deleted for a tecnician error of the provider. thanks god i was having the backup, but what happens when your last backup is 30 days old or.. you don’t have it at all??

  10. Josh Brancek says:

    Thanks a lot for these tips!!! I have experience with my sites being hacked so I hope this will make it harder to hack them in the future!!!