from our blog

Your WordPress Website Hacked? Here's What To Do

Posted by Simranjeet Singh

WordPress, web development, security, security threat

Glossy features and out-of-the-box functionalities come second to the security of your website. A couple of decades ago, the digital world only had pages with text on them. Today, we can even transfer money from one bank account to another. This digital evolution also raised some security concerns for all of us. Money is the root cause of the hacking attacks. Some hackers ask it via ransomware by literally abducting your website, while some earn it by selling your data on the black market.  

Data is the new oil – anonymous.  

The more you have it, the more you are prone to cyber-attacks. Or you have a criminal-minded competitor who is hell-bent on taking your business down, he/she can't do it in the usual way. So, hiring a hacker seems to be the solution.  

The world's widely used Content Management System WordPress is easy to use and easy to crack as well.   

Hackers try every possible move to get on your website and have control of your data. Hackers don't stop trying, neither should we stop protecting our websites.  

The recent attack on Godaddy user accounts put thousands of websites at risk. The part that is even scarier is that the attack was initiated in October 2019, and GoDaddy came to know about it in April 2020. In that period, 28,000 accounts were compromised.  

How to know that your WordPress website has been hacked? – to save it on time

Bad links are being constantly added to your website  

Google loves high-quality backlinks. It is an important ranking factor. Backlinks from high DA (Domain Authority) and high PA (Page Authority) websites have more weight. So, hackers always try their hands to break into a high DA/PA website to paste their backlinks to look good in Google's eyes and steal some ranking points. Now, if your website has good Domain Authority and Page Authority, be careful as one hacker or the other might be trying to get into your website as you are reading this.  

You will notice these once you start seeing unwanted ads on your website. If the hacker's purpose is not the ads, then he/she will put the links in your WordPress files, theme, or plugins. Developers have to check manually for the files. Otherwise, you can use the plugins available to scan for website malware. WordFence, MalCare, Cerber Security, Sucuri are a few good options.  

Worst Case Scenario: The file cannot be deleted means the hacker placed a repeated attack. The file appears again after deleting it.  

Hackers Changed the Password

Bold hackers attack right from the front gate. SQL injections injected in the contact forms and logins forms are Coronavirus for websites. Multiple tries and multiple versions of the SQL injections by a trained hacker, and you lose control of your WordPress account. The new cases of such attacks are coming up probably because the users don't take necessary precautions.  

Password changing cases usually happen on websites that haven't installed an SSL certificate. They are still running on HTTP. The user has set a weak password, and it doesn't have a double authentication for login. All these measures are to keep your account safe, and if these are not placed, you are making it too easy for the hackers. So, if you haven't installed an SSL certificate yet, do it now. Set strong passwords, and have double authentication for more safety.  

A Suspicious User Account  

In case the hacker knows your login and password but doesn't wish to change it because it will draw attention to his actions. He/she can then create a suspicious user account at the backend, which means the hacker can change admin roles, upload content, promote their own content as long as you don't notice the changes. Or, they can do something worse. They can delete the whole website. You might not notice the new user account created. It will come to your notice only when major changes and revisions are done (if you check that regularly).  

Website Down or a Sudden Drop in Traffic  

Website traffic is a huge asset to any business showcasing online. It's the first and top-level in the funnel. More relevant traffic means more chances of getting business. And the competitors would love to see your traffic going down. So, top dollar is given to the hackers to take your website traffic down.  

If you keep a closer look at your website's performance, you probably have installed Google Analytics or any other analytical tool. Assuming that you already have a tool, you might see a sudden drop in your website traffic someday. That's when the hackers took down your website and made it go kaput from the search engines. No website – no traffic. The hackers redirect the whole website to a bogus website, so the users are afraid to visit next time as well. In all the cases, you are losing a lot of customers/visitors/business.  

Slow Loading Website  

Designers and developers spend several days designing a website giving the best user-experience to your website visitor because the user experience is one of the top priorities. Hackers know it, and they attack right at it by showing unwanted ads on your website using bad links, discussed earlier. Another area they attack is the speed of the website.  

Speed is also a crucial ranking factor in Google ranking. A shorter page loading time means a better user experience, which ultimately means better ranking. The hackers make your website super slow that even if a user opens up your website, it keeps on loading till the time user is pissed and leaves.  

A random hacker would only have ransom money in mind from this kind of hacking. But, there's a huge probability that your competitors want the visitors to leave your website and get to theirs.  

What To Do When Your WordPress Website is Hacked?

Find the Problem  

The initial step is to get yourself together and carefully locate the areas where the problem is. See what kind of problem it is;  

  • Are you able to login to your WordPress website?   
  • Do you see a suspicious account?  
  • Is your website getting redirected to another website?  
  • Are there any unwanted ads, URLs on your website?  
  • Is it a server-side issue or the website code itself?  
  • Is it taking too much time to load?  

And think of what was the last thing you did. Did you install a third-party plugin? Did you click on a spammy link? Did you download software from an untrusted source? Did you connect your system to an unsecured network? You will funnel down the potential areas from where the issue might have initiated.  

Run a Diagnosis  

If you can't find the source of the problem, run the malware removal services that will likely remove any malware installed within your website. You must have installed the below plugins for that.  

As a standard practice, a security plugin should have been installed initially. And, scan not only your website but also your computer/laptop/tab for any malicious software installation that might have caused the issue.  

Contact Your Hosting Provider  

If there's anything on the server-side, then your hosting service provider's professionals can help you better. There might be other websites on the same server that got affected, or there might not be an actual attack. Something could be wrong with their service part. It is always better to cross-check with them.  

Update/Change All the Passwords  

Yes, an important and significant step is to change/update all the passwords. Not just your website's login password, but also the FTP/SFTP, cPanel, wp-admin, and any other login associated with your website. Apply two-factor authentication for login, such as Google Authenticator 

Update the Plugins and Themes  

Running older versions of the plugins and themes makes your website vulnerable to virus attacks. Update every plugin or theme or anything that is out of date. But, if the source of the attack is not the plugin or theme, then the attack will still affect the new version of the plugins and themes.  

Remove Suspicious Accounts  

If you notice an unrecognized admin account added to your website, remove them. Ask all users if they have made any changes to their respective accounts or who worked on the website last and what work was done.  

Blacklist Warnings  

If your sitemap.xml is hacked, then your website can be blacklisted by the search engines such as Google. In this case, regenerate your sitemap using the SEO Plugins such as Yoast SEO, All in One Scheme Rich Snippets, SEO SquirrlySEOPress, among others. Then resubmit the website in search engines.  

WordPress Community  

WordPress community needs no introduction. Whatever query and doubt you have, the WordPress community can resolve it. For hacking issues, you have to reach out to the community members of the WordPress.org/hacked forum or Malware forum.

Computan WordPress Developers can help in bringing your WordPress website back to normal. Get in touch today to keep your website safe.

 

Simranjeet Singh

Written by Simranjeet Singh

Writer | HubSpot Certified Inbound Marketer and Content Marketer