What to Do if Your Site has been Hacked

What if you uploaded a blog, committed to backups, installed all the right plugins (like a firewall) and kept WordPress up to date and still get hacked? In this article, Linda explains how to handle that situation.

Read these Articles

Although this article is from 2008, it contains some key information that you might need for future protection. Several point to take note about include updating your WP files, making sure that your backups are done as often as you need them and to make sure that no "backdoors" or malicious code are left on your system.

heck with your hosting provider.

If you discover you are hacked, make backups of your databases if they still are there, but be sure to label them as a "hacked" site backup. You may need to resort to a previous backup (but, even then you might check that backup).

Oh, and I'm sure you want to know how to completely clean your hacked WP installation, right? Just follow the advice in this article. Another article, Removing Malware from a WordPress Blog (2010), also explains in detail some steps you may need to take. Those articles are too detailed to include here, but they have been up for several years (even the one from 2010 has been up and updated).

You also want to check your .htaccess file for hacks, as hackers can use that file to redirect to malicious sites from your URL. Once your site is recovered, check your site logs to see if you can discover how the hack took place. Open source tools like OSSEC can analyse your logs and point you where/how the attack happened.

What's Next?

If you can restore your databases, then consider wiping the current WP files off your server and reinstalling WP from a freshly downloaded .zip file. Before you restore you databases (if you can restore them), check to make sure you have installed the latest version of WP.

If you can restore known, clean backups of your WP database, do so now. Be sure to replace your plugin and theme files (fresh applications, rather than ones that have been stored on your computer might be a wise idea).

Be careful about uploading backup files, as you may not know how long your site has carried this hack. Check all backups thoroughly before you upload them again. You may need to go back a week, a month or several months (hopefully not) before you find clean files. But, if those backups can keep you from losing your entire site, then you might realize how valuable those backups are to you.

About Passwords and Key Generators

When you upload a new version of WP, change your password. In fact, you and other users at your Web site should change passwords every week at least. Truly paranoid people might change their passwords twice per week.

Also, if hackers have stolen your password and are logged into your blog, they will remain logged in evern if you change your password. This is possible, because their cookies remain valid. To disable those cookies, you need to create a new set of secret keys.

The way to change your keys is to first visit the WP key generator to obtain a new random set of keys. Then, overwrite the values in your wp-config.php file with the new keys. Another article that might help you with understanding the key generator for your wp-config.php file is "Your WordPress Site Can Get Hacked If You Don't Have This."

Finally, if you are changing passwords on a regular basis, change them for your FTP, MySQL and at your online bank while you're at it.