What to do if hacked and how to minimize the risk.

13. July 2013 Posted by Jimmy Sigenstrøm

After been hacked I figure that I’m the perfect candidate to tell what not to do if you don’t wanna be hacked, because I can’t blame anyone but my own lazy a** for the problem.!  :wink:
So first here’s what not to do.!

What not to do
1: Don’t keep your WordPress version updated at all time
2: Download plugins from other sites that WordPress and other major sites.
3: Allow everybody to create profiles and don’t admin them, it’s a waste of time…
4: Use poor passwords on the blog, ftp and mail..
5: Nevr backup your blog, it’s only for weak..

So what to do
1: Always keep your WordPress updated.
2: Only download plugins from major sites and WordPress.
3: If your blog is open to guest posters, then delete/remove the ones that aren’t used.(better yet have them contact you so that you create the profile.)
4: use good strong passwords this means passwords that contains letters, numbers and specials letters and so on.
5: Setup an automated backup software, that makes backups of the database and files and uploads it to somewhere else i.e. dropbox.

If you follow the todo list, then the fix is fairly easy.

  1. Check Google Webmaster Tools to see which pages Google has spotted with malware and so on..
    Then check the urls on this websites: http://aw-snap.info/file-viewer/ to see where the malware has been placed i.e. theme, post and so on.
    Because if it’s in a post you need to use the right backup from before you got infected, delete the theme if it’s one of those that is infected.
  2. Check the urls up against these sites also
    http://sitecheck.sucuri.net/scanner/

    http://www.rexswain.com/ - HTTP Viewer
    http://urlquery.net/ - Checks among other things your standing on Yandex, SiteAdvisor, Google, Opera and Norton Safe Web
    http://wepawet.cs.ucsb.edu/ - Checks scripts
  3. Change the passwords, delete everything from the web host and start with a fresh WordPress and update it with your clean database backup.

If you don’t have a backup and didn’t do as you should, then you need follow the same steps but you also need to go through all the posts to ensure that there is nothing malware here.
When all that’s done and the blog is clean, resubmit it the networks to get a clean bill of health.!

 

Have your blog ever been hacked and if yes what did you do.?


About Jimmy Sigenstrøm

I am a qualified multimedia designer but has worked mostly with systems development in C # and search engine optimization, link building. Besides this I have my blog about whiplash and my SEO blog that is in connection with my link directory / article database

70 Responses to What to do if hacked and how to minimize the risk.

  1. Michael says:

    These are great tips. Being hacked would be my worst nightmare. Do you have any suggestions for backup tools other than using dropbox?

    • Hi

      To be honest I haven’t been looking into other tools, because I’ve been using Dropbox for a long time.

    • Kulwinder Singh says:

      There are many Backup plugins, but you can use BackWPUP, it very simple and useful plugin which will keep all your WP data safe.

    • Ron says:

      Great tips and I hope people take them to heart! I have been hacked several times and the hardest part is when you have personalized a WordPress site and if you update when there are new updates you lose the work you have done personalizing it. I started a business online over 12 years ago and back then it was just HTML which I taught myself. WordPress is a GREAT program but when you need to tweek it so it will work for what you are doing you just can’t randomly update it without losing certain things you have changed without having to start all over again.

  2. AKLAPOTHIK says:

    so hackers can access the server only by knowing the password right? without knowing the pass can they modify the server files? if so how? cos only site owner or server admin can modify server files as far as i know. so keeping the pass supersafe will totally prevent out site getting compromised?

    • Hi

      If a hacker have access to the blog, they can edit the online files though the in-WP editor they don’t need the server password to do that.
      But they can replace files with new files contaning some sort of malware, of course only the files that have been upload on WP

      • Sahil khan says:

        So is there no way to prevent hackers from from editing files in WP editor? I mean can we password protect it? ?

  3. Betty says:

    Fortunately haven’t had my wordpress hacked but I have had my twitter account hacked. Poor password was the most likely culprit. Good tips though

  4. Darek says:

    Great tips Jimmy,

    Our web security is the number 1 priority and should not be ignored.

    For WordPress users I’d strongly recommend the Better WP Security plugin as it really gets gives you a better protection agains hackers or any other bots and stuff.

  5. Muneeb Ahsan says:

    Worth reading and really informative article. writer made a complete list of those thing which a person needs to do after being hacked and he also mentioned things which a person needs to avoid. I’m totally new to blogging and this article helps me a lot.I’ll follow all the guidelines that listed here. Thanks jimmy for sharing such a wonderful knowledge with us.

  6. Gagandeep says:

    To protect your website from getting hacked you can use various plugins like Better WP Security. It will surely lower the risk of hacking to your blog

  7. Davetiye says:

    Thank you Jimmy thanks for this check list, i will implement these tips on my blogs.

  8. Thejas Kamath says:

    Thank you for sharing tips. I’ll follow this if any of my sites gets hacked.

  9. Jake says:

    Hey Jimmy, great post. first of all one consideration: the backup suggestion. it’s more than great, it’s huge. i backup daily automaticly and also manually every week into my PC hd.

    in the past i had a bad experience, founding my web space totally deleted for a tecnician error of the provider. thanks god i was having the backup, but what happens when your last backup is 30 days old or.. you don’t have it at all??

  10. Josh Brancek says:

    Thanks a lot for these tips!!! I have experience with my sites being hacked so I hope this will make it harder to hack them in the future!!!

  11. etskamlesh says:

    I think that this site contains lot of info about my desired information which is must for all like me. I like it. Your site is also informative. I enjoy your article. Your exclusive article & effective services are more necessary for me. So thanks I’m happy to read it.

    http://www.Magadhpackers.com/packers-movers-in-hyderabad.html

  12. James says:

    :) PHP is a vulnerable anyway! you need to be careful with a open source language, but WordPress is pretty safe, they try to keep it safe, as long as you don’t add anything weird to it…

  13. Leysan Shagalieva says:

    I use this wordpress plugins – Better WP Security, Login LockDown, thank you for advises!

  14. Mike Dernerk says:

    I installed bunch of plugins to harden the security of my WP site and so far so good!!!

    • Muneeb Ahsan says:

      and that’s a way to enhance WordPress blog security but install only those plugins which has not any kind of malicious code in it. mean to say download plugins after reviewing it, how’s the developer of this plugin and how much rating it has and most importantly from where you are downloading your plugin.

  15. Aarti says:

    Quite good stuff Jimmy!
    thanks for sharing very informative! we’ll surely be working on it.

  16. Pasha says:

    I was hacked twice on a Joomla site, once I had a current backup and the last time I didn’t. Not gonna lie, I cried. The site was hacked via a vulnerable script. So now all my sites are on WordPress but one site was hacked through a vulnerable theme using timthumb. My biggest lesson: backup regularly and keep updated about software vulnerabilities. And of course everything else you’ve said in this post.

  17. Joseph Rodrigues says:

    I Once had 20 sites hacked all at once on my white label hosting account. I ended up spending a whole week recovering the sites. It would have taken me only one day if I was taking proper backups. Lesson learned. Now I back up everyday. I also do all the things you talk about in this articles. WordPress sites get hacked all the time so it’s best to take backups and follow all the steps you mentioned to stay protected.

  18. Suzi Smith says:

    Somebody told me to install security plugin to safeguard WP blog.
    My wp blog once was hacked and I had to reinstalled the files :(

  19. Nishant Srivastava says:

    Hackers are very smart these days, but we can prevent our blogs and website from hackers by using some methods, always try to reduce any kind of bugs on your website or blog, bugs can allow a hacker to hack your blog easily.

  20. Jems lopez says:

    I observed that WordPress One click installation is very much insecure for a wordpress website. Would like to say wp-admin, wp-login and database page very much danger if we don’t use security plugins and codes. I read out this article and perceived that every step is very much essential for wordpress security. Thanks and hope you will write more article about security.

    • Hi

      Security on wordpress is not an area where I’m strong, but it’s something that I need to have a closer look at because the blogs status.
      But if it’s an area you know a lot about, then you are more than welcome to write a guest post.!

  21. Alex says:

    very good tips ,
    but there are other tips which i knew them :
    1- Don’t choose admin for your username
    1- Keep wp-admin directory secure by set up another username and password ( set up this in Cpanel )
    2- change table prefix ( i think there is plugin to do this )

  22. James says:

    Thanks for the info. I realized I need to go backup my blog more…. I’m bad about that :/. Another method I’ve heard is to have a username different than “admin” – because the hackers usually guess passwords for that username. Anyway, thanks for the helpful tips.

  23. Vinay says:

    Hi,
    Nice post. I am using dropbox for backups. Interesting article and informative too. Thanks for sharing.

  24. James says:

    One important thing is to change your administrator name fro admin to something else.

    Just to make things a little bit more difficult.

    If you leave admin they have it 50% easier to hack you.

  25. Anis Chity says:

    The worst nighmare ever is to get your website Hacked
    thanks for sharing this powerful tips to deacrease the risks have an awesome day ahead :)

  26. Siddharth Goyal says:

    Whenever we got hacked, (and yes it has happened several times), it was mostly due to not updating wordpress.
    More than proper hacks, it was content hack which has bothered us a lot (spam links inside the content).
    I always do a sucuri scan and get things fixed. I have to say that WordPress is a highly vulnerable piece of framework.

  27. Muhd Hanis says:

    Password is the most important things, always use combination of alphabetical char + upper case + lower case + symbol..and write them on your brain!

  28. We need to make sure, we have regular backups of our database and files not only in our cpanel but also in our personal cloud storage, in case if our cpanel also gets hacked.

  29. Charan Pammi says:

    Thanks for sharing. Once a time My Facebook hacked by someone. Immediately I changed all the details and password. Beware of Hackers !

    Thanks for sharing

  30. Steven says:

    Using secure server and secure CMS is the best way to avoid such kind of hacking activities. Today many CMS are developed to protect the websites. Always keep in mind, you need to keep your CMS updated. E.g. WordPress update their CMS in every 2 months and you will see a yellow string popping at the top of the admin page. The other way to securing your server is changing the file permission. You can take help of developer regarding this.

    • Sound advice and can’t stress it too much keep it updated or you will end up like me, the worst part of it is that my own CMS that are used by others I always keep up to date so that they don’t get hacked but my own WP blog I didn’t…. :-/

  31. John says:

    Hey great tips man.

    I have also been a victim of hacking and in my case it was the password that got them through so after doing a little research I took these tips to generate my new passwords. Here are some quick password tips:

    Do not use your name, your pet’s names or your kid’s names in your passwords.
    There’s just too much information available publicly to do that safely anymore.
    Mix up letters, numbers, capital letters, and special characters, if they are allowed.
    The longer, the more secure; most apps require at least 8 digits.
    Change passwords quarterly to be on the safe side.

    I hope that helps anyone create their password securely!

  32. Samantha Vermillion says:

    Keeping automated backups is extremely important for many reasons. Either if your blog gets messed for some experimenting with settings or if it gets compromised. And thanks for the awesome tips to prevent getting websites hacked.

  33. gielo says:

    I got, a 6 blogs and don’t haved a problems with blogs, but i thank you very much for this article – Great tips Thanx!

  34. Arjun Mishra says:

    However, these are some common do’s and don’t plus some basic website health monitoring and all that but I really think,, You had to be hacked to learn all this ?? :P

  35. himanshu says:

    My year old site get hacked and i lost all control , i was even unable to delete or remove the malicious virus but then i was helped from goole webmasters which helped me to regain control to my site and again start working.

    • MaddyAcca says:

      In the past I have faced the same problem. My WP blog got infected by malware and all my traffic goes down. I failed to remove malware from my WP files, how did you do that with webmaster tools?

  36. Leon Shivamber says:

    Jimmy, I use Better WP Security on my wordpress site and have followed many of their best practice suggestions. I am especially pleased with the IP blocking feature that picks up brute force attacks. Other suggestions such as hiding the version and changing the userids are all there. You can pick and choose which ones you want to implement. Works well for me.

  37. Kelsey B says:

    Yikes, being the victim of a website hacking is serious business. Along with being technologically prepared, you also need to make sure that you’re prepared with a crisis PR plan of sorts to help alleviate the damage if a hacking ever occurs (which, fingers crossed, won’t be the case again). Hopefully all is well!

    • I can guarantee you I was on it as soon as I found out, removing it, contacting, Google, Opera, Avg and so on to get them to remove the blog from their blacklists.!!

  38. BerryRipe says:

    I can help you with adsense, feel free to reach out.

  39. Nina says:

    HI Jimmy,
    i`m from germany and i have a small shop with a wordpress blog. I have had this problem a few days ago. Now i will take your very good tipps to improve and save my blog. Thank you very much from germany

    Greetings Nina

  40. Nermeen says:

    Getting hacked is a blogger worst nightmare. Thanks for the tips, I hope these would help us from hackers.

  41. Jenny says:

    Jimmy,

    Thanks for the article, especially your tips no backups. I had a question on using backups…

    I read the comments and you mentioned you use BackWPup. How do you restore your wordpress blog using the file that the plugin sends you?

    Is it difficult?

  42. Stephen Bailey says:

    My site was hacked earlier this year – I was using a shared hosting package, so my host company closed me down almost immediately, with no notice at all. Devastating. However, by forming a decent (personal) relationship with the account managers, I was able, with their help, to get back up and running.
    Nobody knew how it had happened, I was running all the usual safeguards – the only thing I was NOT doing was backing up. IT IS ESSENTIAL! Do it – that way, even if the worst were to happen, for whatever reason, you can get back up again. It’s a no-brainer – pity I didn’t think so at the time…

  43. Jake Westergreen says:

    I suggest you guys use LASTPASS to create very secure passwords. I once use a rather weak password for my ftp and someone hacked and inserted malware on my blog. That cause the “This site contains malware” warning in google and I lost a lot of traffic. I have to install wordpress and my database all over again. Good thing I always keep a backup!

  44. Laszlo Bekesi says:

    Great tips Jimmy!
    By reading your posts, everybody should do daily backups. Not just for the MySQL database, but for the site files too, including the images and PHP files. You can choose from a huge range of free and open source softwares to achieve daily backups.

    Personally I’m using a shell script which automatically sending me an email after every backups. The email also contains a backup file in a tar.gz format.

  45. Martin says:

    I have luckily never had the issue of having my blog hacked to this current date but the tips you have shared can be put into practise to prevent and limit the chances of it ever happening to me. I know people have tried to access certain parts of the site before that they should not be able to access but luckily they were unable to get in.

  46. Lars says:

    I’ve seen a great amount of brute force attacks on my WordPress blogs. I think it is very disturbing that you need to take such security measures. Btw I use this plugin to keep me a bit safer: http://wordpress.org/plugins/limit-login-attempts/

    It simply blocks the access to WordPress if someone has tries to login with wrong credentials too many times. You can get an alert by mail when ever a lockout is activated. I started doing that but had to turn it off after receiving 50-100 mails a day.
    Also the first admin user usually has userid 1. Hackers know that. Therefore I always create a new adminuser after installing wordpress, and deleting the first one.

  47. Nikhil says:

    More often it is the glitches in the themes and plugins from untrusted sources [i.e. source other than the official wordpress site] that puts the user into trouble making his site vulnerable. Either use paid/premium stuff or use materials from the wordpress site to keep hackers at bay.