Here’s a disturbing fact: stats show that almost one out of every six WordPress-powered sites are vulnerable to attacks. More than half a million WordPress sites were compromised by attackers in 2021. It’s no secret that hackers love to go after small business websites. They’ll use cyberattacks on smaller businesses because they believe there is less sophistication in the cybersecurity of a smaller company and their computer system, along with greater ease to take information or financial resources. Recovering from having your website hacked is painful and can be a real process. Learn what to do if your WordPress site gets hacked.

What can happen when your site is hacked

malicious filesIf someone has gained access to your website files without your permission, chances are, they are automated bots. Once they get access, they can wreak havoc. When a site is hacked, the following can happen:

  • Links to another website can be added, pulling your site traffic to another site
  • Personal information can get stolen
  • Malicious files can be added to gather information or otherwise corrupt the site
  • Malware can be added that may attack visitors to your site
  • The site is used to generate mass spam emails

It’s a real nightmare for website owners, and oftentimes website owners aren’t even aware that a site was hacked until after the damage is done. According to an Entrepreneur article, more than 150,000 U.S. small business websites could be infected with malware at any given moment. It’s important to know how to spot if your site has been hacked and what to do if it happens to you.

How can you tell if your WordPress site is hacked?

If you don’t have any malware software on your site to send you alerts, it’s difficult to determine if your site has been hacked. However, if you keep an eye on website stats or visit your website with any frequency, here are a few signs to look for:

  • A sudden, unexplained drop in website traffic for no apparent reason
  • Your home page or other pages shows strange content
  • Unusual links appear in your website content
  • You can’t log into the backend of your WordPress site
  • There are unrecognized users added to your website
  • Your website becomes slow or won’t load at all
  • How your site appears in SERPs is unusual (foreign languages)
  • Your website comes up for unrelated keywords (e.g., “gambling,” etc.)

A couple more clear indicators of a hack include:blacklisted website

  • The website is blacklisted by Google, Bing, etc.
  • Your web host has disabled your website
  • Readers complaining that their malware program is flagging your site
  • You’ve been contacted that your website is being used to attack other sites
  • You can visibly see that your site has been hacked when you open it in the browser

These are a few signs that stand out, but there are several other signs your website was possibly hacked. If you experience any of these, it’s time to get a handle on the issue quickly.

What to do if your website is under attach

While it might appear to be an utter disaster, you can recover from a hacked website. Depending on how familiar you are with WordPress, here are a few basic steps you can take (or have your webmaster handle for you):

  • Put your site in maintenance mode – This is an important first step! You’ll have to take your site offline while working on it. Do it to prevent further damage. You’re protecting your site’s visitors, and you’ll need to do this to troubleshoot what’s happening and how to fix it.
  • Reset ALL your passwords – depending on how someone accessed your site, weak passwords could have let hackers in. Change the password of all users to be sure. Be sure those passwords are strong and not easy to guess.
  • Check that all your plugins and themes are up to date
  • Remove any bad files you recognize as out of place (ONLY if you know what you’re doing!).
  • Remove any users you see that don’t belong.
  • Clean your sitemap
  • Reinstall WordPress core files (again, only do this if you’re familiar with the process; otherwise, have your web developer do this for you).

There are several sites that step you through how to recover your hacked site. Most are written for those who know their way around the WordPress platform, so if you only have an elementary knowledge of your WordPress site, it’s best to leave WordPress maintenance and website cleanups to a WordPress professional. They’ll know what to look for to see what was infected, how to get rid of it, and how to protect your site, so it doesn’t happen again.

How to avoid another hack

Hackers are getting more aggressive and sophisticated, but there are steps you can take to protect your site after it’s been cleaned or to protect from a hack in the first place.

  • Always back up your site regularly – if your site was hacked, you’d quickly see how critical it is to be able to restore a recent clean version of your site.
  • Install security software –The two popular security programs not only protect your site but alert you if anything is amiss: Wordfence and Sucuri. Both have a free and paid version.
  • Use strong passwords – please don’t use easily guessed words as your password or your company name as your username. It’s way too obvious to guess. Create complex usernames and passwords to access your site; WordPress has a feature that will auto-generate one for you and they are complicated. Use those!
  • Keep your plugins and themes updated – whether you update themes and plugins yourself, or use a service to do it, be diligent about keeping these updated on a regular basis to avoid gaps in coverage.
  • Add an SSL certificate to your site – SSL technology safeguards that the connection between website and browser is encrypted, which helps protect visitors to your website and ensure that you’re protecting those potential customers.

WordPress websiteWhile WordPress and other website platforms have become more user-friendly for small business owners to manage, they still must be monitored regularly to keep them safe. If you don’t have the time to commit to this, hire a small business marketing professional to oversee your site. Unfortunately, no site is ever perfectly secure. The sophistication of hackers continues to improve but putting these steps in place makes your website less attractive to would-be hackers. Keeping a clean, secure, efficient site with consistent oversite can go a long way to protect your site from hacking and is worth the effort.

Patty Hughes
Follow Us!