What to do if your WordPress website gets hacked? Here are 3 steps to fixing your website.

Full Video Transcript

Hey y’all, welcome to another WordPress Wednesday. My name is Kori Ashton, here at WebTegrity in San Antonio, Texas and we are your weekly WordPress nerds. Every single Wednesday we’re producing some sort of video that’s going to help you improve your online marketing specifically in the world of WordPress.

Today we’re looking at- Uh oh, the scary thought of what do you do if you feed like your WordPress website has been hacked? We’ve got three simple steps.

First of all, take a deep breath. We’re okay, hopefully, we can do this together. It is a scary thing thinking that your site is being hacked. Especially if you can’t even gain access to the dashboard or you can’t see your website at all to the point that your website is completely down. So certainly a concern there.

The first step, I would say, if you cannot get access to your website…If you cannot see it or if you cannot click to log into your website with the forward slash “wp” dash “admin”. If you cannot see that area, first thing you need to do is contact your hosting company. Ask them if they can get you access. Ask them if you had a backup in place, hopefully. You might be able to click to restore to a clean version of your website and then somehow get access to your website. If you want to be a nerd and go a little bit more advanced, there’s a little bit more advanced instruction inside of WP Codex and I’ll give you a link to that here momentarily. Overall just know that this should help you regain access. I also have another video that if you have the white screen of death (meaning your literally cannot see anything) I have a video that walks you through how to regain access to your website through FTP, so I’ll put the link to that video in the description box below so you can check that out. But, let’s get into the few steps of what to do if you think that your website has in fact been hacked.

So, first step, is I want you to try and see if the point of hack basically…I want you to find the point of hack. Now that could be on your actual computer itself. So, on your PC. If you can run McAfee or some kind of a scan on your computer and see if there is any sort of malware inside of your own computer. You actually can feed that to your website all through your computer.

The next thing you want to do is figure out, on your website, was the point of hack through your theme? Is it out of date? Was the point of hack through the core WordPress files? Was the point of hack through some sort of a plugin? How do you even know that?

One of the things you can do easily is go ahead and log in your dashboard. We’re gonna go into plugins and we’re gonna “Add New”. This is a free option and free is always in the budget. We talk about that a lot here on our YouTube channel. Free is in the budget. Work with us on following these steps. You’re gonna go do a search for “Sucuri”. It’s this one right here that we’re looking for. You can see right away that it has over two hundred thousand active installs. It’s got fantastic reviews, it’s been updated recently and it’s compatible with our version. So, we’re going to go ahead and “Install Now” and we’re going to ‘Activate”. So, this is the first step in figuring out where’s the point of hack. Is my site actually hacked? So, what I want you to do is, come over here once that’s been installed. You can go to the dashboard of the Sucuri area and there is a tab right here that says “Malware Scan”. You can go ahead and click scan and scan your website. It’s going to read through all of your files. Let you know if it’s clean or not. Let you know if something has been hacked. This is really important to do, simply for your own knowledge.

What area was infected? So, thankfully our site is clean. If in fact you had been hacked this would have basically this red color here. It would say infected or let you know that there was a point that needs to be given attention to. If that is in fact the case, you need to go ahead and connect with Sucuri. It shows you basically how to get over here and protect your website today. This is not a completely free option. You will end up, if in fact your website has been hacked, you will have to pay a little bit.

In the grand scheme of things it’s completely worth it, verses starting all over and losing all of your content. This should get you access to a nice cleaned update base. They should be able to remove any malware or anything infected for around $300; but, then that protects your website throughout the entire year. So, that’s pretty spectacular.

The other thing I want you to do is connect with your hosting company. Because, the point of hack could actually be through your…dare I say it…inexpensive or cheap hosting company. If you’re sharing a server with another website out there that has been the point of hack, then they can actually get to your website through your hosting company. That’s why it’s seriously important that you have a strong, secure, great hosting company and I know that some of you are out there on a tight, tight budget and really GoDaddy or HostGator or one of those less expensive hosting companies are kind of your choice; because, it’s $50 for a year. But, again, in the long scheme of things, you might want to invest in some premium hosting. Of course, you guys know here on our channel, we highly recommend wpengine.com and this is who we have our secure servers with, so check out their support plans and I’ll put a link in the description
box below. You can get great hosting with them. Great support. They’re just an awesome company to have helping you out.

Alright, what if at this point, you say Kori I can’t get access to my dashboard that’s gonna be probably hiring a pro. You can certainly go directly to Sucuri and let them know, “Hey I can’t even get into my website”. So, again, I’ll put the link to these guys in the description box below and you can connect with them. Ask them for help. I’d also recommend wpfixit.com. They’re a little less expensive. It’s a one time cost. But, they don’t stay with your website the entire year long. It will remove all infected files and do a nice cleanup, though. I definitely recommend these guys. I’ve heard some awesome reviews on them. So, here’s the deal, now that you’ve done these two things, we’ve tried to find out if we have a backup to roll back the website to a previously good saved version. If that didn’t work, then you want to scan your website to be sure that you know exactly what files were infected and then have Sucuri remove them. Then, the next thing is to seriously tighten up security on the whole website.

This is step number three. I need you guys to go change all your passwords. That mean passwords for your hosting account. So, go over to wherever you’re hosting and be sure to change that password. Make note of what the new password is. I want you to go change your password on your WordPress dashboard. All of your users for that matter should probably change their password. You should notify your users and let them know, being very transparent is going to be key to this process. Especially if you’re a WooCommerce website or accepting donations or some sort of a payment. These people’s information has been compromised and you need to go ahead and send out an alert asking them to please come back to the website
and make changes to their password for security purposes. You also want to change your password on your email account, believe that or not. That can be an issue and it’s always good to change those things anyway. Another thing you want to do is if there are any users set up inside of your hosting account for FTP access. You either want to remove those users or change their passwords. Again, that’s a point of access to seriously important files on your website. Another thing you have to do to tighten up that security is to change your secret key. This is interesting because you might say “I don’t even know what that means, Kori”. I’ll put a link to this in the description box below. It’s over in the Codex for WordPress. Down here toward the bottom it’s gonna give you a little bit of instruction on how to change your secret keys. The reason why this is important is because if a hacker has come into your website and left any cookies behind, even removing the infected files, there could still be a wormhole basically. An opening to these hackers because of files that they left behind. So, it’s very important that you make this change as well.

Now Sucuri will help you do this or if you want to be the one that does this manually you can jump in there, as well. You certainly want to consider taking on this step. Ok, you can also add in an extra security plugin. If you say to me, “Kori there is no way I can afford higher end hosting company that would provide all this for me.” Bummer, first of all, because WPEngine gives you daily backup, so you know that you’ve got a backup in place and one-click restore button. Just in case something does go wonky or weird, your one button up and running. So, in the amount of time that you’ve already watched this video, you probably could have clicked that one button and had your website right back up and running without any issues whatsoever. Again, I can’t stress enough the importance of partnering with your hosting company. Especially if your website is your livelihood or your entire entity of writing if you’re a blogger. You certainly want to be sure that you have a backup in place for your website. If you say to me, “No, again, I can’t afford something like that.” This security plugin is a great option to put into your website. This is a free plugin to limit login attempts. This is basically if a robot comes to your website and continuously is trying to fill out the username and password, trying to crack your codes. This will limit it and you set how many(maybe four times). It will lock down the website and not allow someone to get access. It’ll alert you, as well, saying “Hey, you’ve had maybe 30 attempts in the last two minutes on your website.” and you know that the hacker is back at your doorstep. Alright, again, notify any of your users. I want you to take note again of WP Fix It and Sucuri.

Either one is a great option. I highly recommend either one for you. You know, if it comes down to it and you just need a pro to help you, you can always reach out to us, as well; but, typically, if you’re reaching out to any sort of a WordPress web design firm, we’re going to these guys. So, cut out the middleman. Jump over to Sucuri. Jump over to WP Fix It and see if they can help you restore your website.

Stay calm. It’s going to be possible. You’re going to get it figured out. I hope you all are having a great one. I will see you next WordPress Wednesday. Bye, y’all.

WP Engine –  (Affiliate Link)


WP Fix It –  (Affiliate Link)

Codex Advanced Instructions

Limit Login Attempts Plugin

White Screen of Death – Accessing your WordPress website through FTP