There is no call that strikes fear in the heart of a business owner quite
like the one where your friend calls and asks, "Um, have you looked at your
website recently? It looks like it might have been hacked." Ugh. What do you
do when you realize your website was hacked?
Website Hacked
Have backed up your site recently. Yes, I realize it is a bit odd to start
this list with an item in the present perfect tense. But, I am assuming most
of you reading this right now haven't been hacked yet. I have caught you in
time! Before it happens, get in the habit of backing up your site regularly.
Your options are much better and trust me, the pit in your stomach won't be
as deep if you know there is a recent backup of your site that exists in the
world. There are many good options for WordPress plugins that automatically
back up a WordPress site on a regular basis. One that Spring Insight uses
for its clients is ManageWP. This service allows us to run full site
backups; to manage updating WordPress Core, Themes, and Plugins; and to scan
our website for malware.
Take a deep breath. This is one of those moments where people tend to freak
out. Calm down so you can properly assess the situation. What is leading you
to think your site was hacked? Does the page now show a huge Viking with a
"HACKED BY BAD GUY" message? Is something funky going on with a feature? Is
your site full of ads for an "all-natural" Viagra alternative? Gather as
much information as you can.
Google what you know. I have found Google to be a great place to start. You
probably aren't the first person to experience what you are experiencing.
See what you can learn from others who have gone through the same process.
You will be surprised at what you can figure out from Googling a few simple
search terms. So start investigating.
Call your web host. You might not be the only one experiencing this. Many
times if you are on a shared server, whatever is impacting your site is
impacting others. It's worth checking to see if the hosting provider is
dealing with the issue or should be. Although the hosting provider usually
will not do the work of cleaning your website, they will provide assistance
in finding experts who will do that for you. Also, some WordPress hosting
providers, like WP Engine, offer daily full site backups as part of their
monthly service plan.
Call your friendly neighbourhood technology crew. Sometimes, you just need a
bit of help. If you don't have the right technical know-how on staff, your
best option is to call in support. IT people deal with hacking on a regular
basis. They know all the tricks of the trade and depending on the situation,
can talk you through finding and removing the hack or do it for you. They
can also help you to reinstall elements of your site. Reinstalling can be
very effective because installers often overwrite existing files and hacks
often work by adding new files to your website.
Secure user access. Once you are up and running again, you will want to look
at who has access to your website and make sure everyone has proper user
credentials. Yes, this means changing YOUR password to something complicated
that will be hard to remember. But, that isn't all it means. It also means
checking to make sure that only the people who should have access to your
website have access to your website. That temp you had two years ago? Make
sure her account has been deleted. For those users remaining, their
passwords will also need to change to be unpleasantly long and complicated.
Being hacked is not the end of the world. Yes, it's not fun. Yes, you feel
vulnerable. Yes, you will likely have to spend some time and money getting
everything working normally again. But you will recover from this. So, like
the song says, "don't fear the reaper…errr hacker."
my motto is "Keep it simple" and "don't leave anything for tomorrow that can
be done today."
Regards Gerald Crawford
Stellenbosch South Africa
E-mail: gerald@webcraft.ws
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
like the one where your friend calls and asks, "Um, have you looked at your
website recently? It looks like it might have been hacked." Ugh. What do you
do when you realize your website was hacked?
Website Hacked
Have backed up your site recently. Yes, I realize it is a bit odd to start
this list with an item in the present perfect tense. But, I am assuming most
of you reading this right now haven't been hacked yet. I have caught you in
time! Before it happens, get in the habit of backing up your site regularly.
Your options are much better and trust me, the pit in your stomach won't be
as deep if you know there is a recent backup of your site that exists in the
world. There are many good options for WordPress plugins that automatically
back up a WordPress site on a regular basis. One that Spring Insight uses
for its clients is ManageWP. This service allows us to run full site
backups; to manage updating WordPress Core, Themes, and Plugins; and to scan
our website for malware.
Take a deep breath. This is one of those moments where people tend to freak
out. Calm down so you can properly assess the situation. What is leading you
to think your site was hacked? Does the page now show a huge Viking with a
"HACKED BY BAD GUY" message? Is something funky going on with a feature? Is
your site full of ads for an "all-natural" Viagra alternative? Gather as
much information as you can.
Google what you know. I have found Google to be a great place to start. You
probably aren't the first person to experience what you are experiencing.
See what you can learn from others who have gone through the same process.
You will be surprised at what you can figure out from Googling a few simple
search terms. So start investigating.
Call your web host. You might not be the only one experiencing this. Many
times if you are on a shared server, whatever is impacting your site is
impacting others. It's worth checking to see if the hosting provider is
dealing with the issue or should be. Although the hosting provider usually
will not do the work of cleaning your website, they will provide assistance
in finding experts who will do that for you. Also, some WordPress hosting
providers, like WP Engine, offer daily full site backups as part of their
monthly service plan.
Call your friendly neighbourhood technology crew. Sometimes, you just need a
bit of help. If you don't have the right technical know-how on staff, your
best option is to call in support. IT people deal with hacking on a regular
basis. They know all the tricks of the trade and depending on the situation,
can talk you through finding and removing the hack or do it for you. They
can also help you to reinstall elements of your site. Reinstalling can be
very effective because installers often overwrite existing files and hacks
often work by adding new files to your website.
Secure user access. Once you are up and running again, you will want to look
at who has access to your website and make sure everyone has proper user
credentials. Yes, this means changing YOUR password to something complicated
that will be hard to remember. But, that isn't all it means. It also means
checking to make sure that only the people who should have access to your
website have access to your website. That temp you had two years ago? Make
sure her account has been deleted. For those users remaining, their
passwords will also need to change to be unpleasantly long and complicated.
Being hacked is not the end of the world. Yes, it's not fun. Yes, you feel
vulnerable. Yes, you will likely have to spend some time and money getting
everything working normally again. But you will recover from this. So, like
the song says, "don't fear the reaper…errr hacker."
my motto is "Keep it simple" and "don't leave anything for tomorrow that can
be done today."
Regards Gerald Crawford
Stellenbosch South Africa
E-mail: gerald@webcraft.ws
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Comments