The first thing to do if you feel your website has been hacked is not to panic, it can be resolved, we just need to go through a few steps to identify the issue and start to fix it.
One thing that is very important is that you deal with it straight away, do not delay as the faster its resolved the less damage will be done.
Once the website has been cleaned and is back up we make sure it doesn’t happen again tightening the security.
Why do people hack websites?
One of the questions I get asked a lot is “why do people hack websites?” what do they gain from it.
Some people will hack your website just for their own amusement, they like the challenge and wreaking havoc on those they perceive as less knowledgeable about coding than them.
They may be rookies and will be hacking to impress others in their community.
You may see a sign on your website saying “hacked by a hacker”. The world is full of those that are useful, and those that are not.
They may leave some nasty malware on your website files for you to find.
A lot of the issues come from bots crawling websites sent out by humans to access and infect websites.
Here are few more reasons people will spend time hacking websites.
1. Host their own content on your website
Hackers will use your website to their own pages and images of products with links i.e. Amazon affiliate links.
2. Host phishing pages on your website
Fake webpage will appear on your website with the sole purpose of phishing for personal data.
They may had a form on your website and ask for visitors to enter all their personal information.
3. Add harmful virus
Bots and humans upload malicious code and files to the File Manager with the sole purpose of stealing data from visitors and spreading the virus.
4. To break a website
If you are writing articles that are contentious i.e. writing about a vaccine that others don’t agree with they may just want to take the site down.
You maybe a successful business and others may want to harm your business.
5. Steal money
Hackers will seek vulnerabilities for the soul purpose of stealing money. This depends on the type of website you are running.
6 Steal data
Your website might have data that the hackers would like to use, so they attempt to steal it.
7. Steal server bandwidth
Server Bandwidth is when someone is stealing the bandwidth you are paying for to host and load images they have stolen to put on their website.
Some host providers have a cap on bandwidth so bandwidth can be pricey.
Websites use your images from your website with your url to publish on their website.
This practice is called hotlinking.
Tools to scan your website for malicious code
If you have access to login to the WordPress website then add the WordFence plug and run a scan.
WordFence has a tool that scans and repairs files at the click of a button.
There is a virus scanner in cPanel you can use to scan for the root and emails.
Have I been pawned?
Have I been pawned is a trusted website that has all the data of security breaches and those affected.
The search tool is a quick check to see if your email has been included in a security breach.
Sucuri Security Scanner
Sucuri is one of the top WordPress security plugins and offers a search tool to scan a website for any suspicious activity.
You can check your raw access logs for IP addresses and see if there are any banned IP’s accessing your WordPress files and check domains in your spam folder in AbuseIPDB.
Four website checks to make
You can run a quick website audit:
- Run through your website checking for speed and checking pages.
- Search your business in Google and check the meta data for Japanese writing or meta data unrelated to your business.
- Run website through Google safe browsing
- Check notification emails to see if you are getting unusual emails
Actions to take if your website has been hacked
Contact your host provider to see if they can assist you. Hosting services offer different services, some just offer the hosting and that’s it, others will be more proactive and give you advice.
- Change all passwords, website, emails and hosting emails.
- Restore backup
- If your host provider uses Jetpack you could restore the files from a date prior to the hack, so identify the date of the hack and restore files and database.
- Your host should be creating regular backups, if not you should manually backup the files and database.
- Upload fresh WordPress install – malicious files are usually on the WordPress files so replacing the WordPress files with new files may over ride the hacked files.
1.6 million WordPress websites were targeted by 16,000 IP address last year in a targeted attack on plug-in vulnerabilities and WordPress settings.
It was WordFence that picked up the the attack and has the data to show where the attacks were targeted.
It shows how the hackers are quick to spot a security gap in which to jump in and seize control. It is important when working with WordPress that you are fully aware of the security protocols or delegate this to someone.
All themes, plugins and WordPress versions need to be kept up to date and basic principles of not letting anyone register as a Administrator or having user names as admin must be followed.
If you need help fixing a hacked website then contact us.