It’s no secret that hackers love to go after small business websites. Hackers will often use cyberattacks on smaller businesses because they believe there is less sophistication in the cybersecurity of and smaller company and its computer system, along with greater ease to take information or financial resources. Learn what to do if your WordPress site gets hacked.
What does it mean to get “hacked”?
When a website is “hacked,” it means that someone has gained access to your website files without your permission. Chances are, they are automated bots that searched online to find a website with vulnerabilities. Once they find these sites, they get access and can wreak havoc. When a site is hacked, the following can happen:
- Links to another website can be added, pulling your site traffic to another site
- Personal information can get stolen
- Malicious files can be added to gather information or otherwise corrupt the site
- Malware can be added that may attack visitors to your site
- The site is used to generate mass spam emails
Those are just a few samples of what can happen when a site is hacked. It’s a real nightmare for website owners, and oftentimes, business owners aren’t even aware that a site was hacked until after the damage is done. According to an Entrepreneur article, more than 150,000 U.S. small business websites could be infected with malware at any given moment. A good portion of those could be WordPress sites considering WordPress is one of the most popular website platforms around. It’s important to know how to spot if your site has been hacked and what to do if it happens to you.
How can you tell if your WordPress site is hacked?
If you don’t have any malware software on your site to send you alerts (more on that later), it’s often difficult to tell your site has been hacked, but here are a few telltale signs to look for:
- A sudden, unexplained drop in website traffic
- Your home page or other pages shows strange content
- Unusual links appear in your website content
- You can’t log into the backend of your WordPress site
- There are unrecognized users added to your website
- Your website becomes very slow or won’t load at all
- How your site appears in SERPs is unusual (foreign languages)
These are a few signs that stand out, but there are several other signs your website was possibly hacked. If you experience any of these, it’s time to get a handle on the issue quickly.
What to do if your WordPress website is hacked
While it might appear to be an unmitigated disaster, you can recover from a hacked website. Depending on how familiar you are with WordPress, here are a few basic steps:
- Put your site in maintenance mode – you’ll likely have to take your site offline while working on it. First, you should do it to prevent further damage. Second, you’re protecting your site’s visitors, and third, you’ll need to do this to troubleshoot what’s happening.
- Reset your passwords – depending on how someone accessed your site, weak passwords could have let hackers in. Change the password of all users to be sure.
- Check that all your plugins and themes are up to date
- Remove any bad files you recognize as out of place (ONLY if you know what you’re doing!)
- Remove any users you see that don’t belong
- Clean your sitemap
- Reinstall WordPress core files
These are a few fundamentals. Several sites walk you through how to recover your hacked WordPress site. Most are written for those who know their way around the WordPress platform. If you only have basic knowledge of your WordPress site, it’s best to leave WordPress maintenance and website cleanups to a WordPress professional. They’ll know what to look for to see what was infected, how to get rid of it, and how to protect your site, so it doesn’t happen again.
After being hacked (or to avoid it), here’s what you should do
Hackers are getting more aggressive and sophisticated, but there are steps you can take to protect your site after it’s been cleaned or to protect a hack in the first place.
- Always back up your site regularly – if your site was hacked, you’d quickly see how critical it is to be able to restore a recent clean version of your site.
- Install security software – there are several programs out there that can help protect your site and alert you if you have an issue. The two popular ones are Wordfence and Sucuri. Both have a free and paid version.
- Use strong passwords – please don’t use “password” as your password or your company name as your username. It’s way too obvious to guess. Create complex usernames and passwords to access your site.
- Keep your plugins and themes updated – whether you update themes and plugins yourself, or use a service to do it, be diligent about keeping these updated.
- Add an SSL certificate to your site – SSL technology ensures that the connection between website and browser is encrypted, which helps protect visitors to your website and ensure that you’re protecting those potential customers.
While WordPress and other website platforms have become more user-friendly for small business owners to manage, they still must be monitored regularly to keep them safe. If you don’t have the time to commit to this, hire a small business marketing professional to oversee your site. Will these steps 100% guarantee that your site is safe from hacking? Unfortunately, no site is ever perfectly secure. The sophistication of hackers continues to improve but having these steps in place makes your website less attractive to would-be hackers. Keeping a clean, secure, efficient site with consistent oversite can go a long way to protect your site from hacking and is worth the effort.