What to do if your website has been hacked?

Why would someone hack my site?

Before I go into how to cure a hacked WordPress site, let’s talk about why someone would want to hack your website in the first place, especially if you’re a small business or a charity. Don’t be concerned because it isn’t you. Most likely you’ve not been targetted specifically. No one is seeking for you or has a grudge against you. There are often two reasons for this…

Sites are frequently hacked in bulk. Consider this scenario: a hacker uses a bot to find 100,000 websites that utilise a specific plugin. They’ll use a system that can launch millions of attacks each second. If he gets into five sites and places an ad for a performance-enhancing substance, he’ll be paid. The hacker may never have seen your website or heard of your business. Hackers are also interested in stealing identities.

Alternately, many hackers (mostly younger ones) hack for the sake of practice. The least secure websites are those created with WordPress, Joomla, Squarespace, and Wix (to mention a few).

How did my website get hacked?

Your website could have been hacked in a variety of ways. The most typical ways that most websites are hacked are as follows.

Brute force

As previously stated, hackers primarily use automation to target large groups of people. The “brute-force” technique is generally used in this automation. This means the hacker devised a method to guess as many username/password combinations as possible every second.

Weak Password/Username

Because these algorithms are based on probability, the more widely used your login or password is, the more probable your website will be hacked. Weak usernames include “admin” and your company name, for example.

Outdated Software

Consider this scenario: You construct a home but never repair the doors, walls, or roof. Alternatively, you may get a car but never change the oil. Intruders (people, rust, bugs, etc.) can get in through holes, no matter how good your locks are. It’s the same with software. Updates are today’s equivalents of “repairs” or “oil changes.” This is a reason regular maintenance is so important.

What do I do if my website has been hacked?

Move as quickly as you can. This isn’t the time to take it easy. Google doesn’t care in the slightest if you’re the world’s most selfless and generous person. If your website is hacked, Google will notice it, and your search engine optimization score will suffer.

Make contact with your service provider. Remember, this isn’t always the fault of your host. Remember that the leak was not caused by a plumber. Get in touch with them and ask for their opinion; they often have extremely effective solutions to this problem.

Were you blacklisted? Check Google Webmaster Tools and make sure you are blacklisted. If you were, get in touch with their support team to try to remove it ASAP.

How do I prevent my website from being hacked?

Let’s talk about how to prevent this from happening again now that you know what happened and how to clean up the mess. Use strong usernames & passwords. Check out our article on passwords. Software is updated usually weekly. Make a point to log in and update. Think of it as a weekly website oil change. Back up your site so that if something goes wrong, you’ll have a (recent) full backup that you can restore at any time. Block rogue IP addresses. You may notice that an IP address from another country visits your admin page hundreds (if not thousands) of times every day. Block it. So now you know why you were hacked, how it happened, and some tips to make sure it doesn’t happen again. Get to work! If this seems a little hard to understand or maybe you don’t have the time or inclination to do all this yourself? Check out our website maintenance plans.