WordPress is one of the most popular platforms upon which to power websites of all shapes and sizes.
It’s an open source content management system, which is part of the reason it’s so insanely powerful—there’s an entire, global community constantly building on it and improve functionality.
But, the fact that it’s open source also means security vulnerabilities are a constant concern.
A report by security research company showed that nearly 17,000 WordPress websites had been hacked in 2016.
Sucuri also reported that 78% of reported hacked websites in the first quarter of 2017 were on powered by WordPress.
This is not to say that you should avoid WordPress at all costs when starting your website, if fact, you should seriously consider it
But you have to be aware that there are risks when customizing, by adding plugins and themes.
If you believe your WordPress website has been hacked it is important to remember there are many different things you can do to save your website.
Make sure you’re really dealing with a hacked WordPress
There are many clues that can tell you if your website has been breached by a hacker or is infected with malware.
We’ve come up with a checklist that will help you identify a hack:
Has Google or any other search engine blacklisted your website for being insecure (you can check this by going to Is My Website Penalized or Banned from Adsense to see your status)?
Do any illegitimate links or text appear on your website?
Are visitors being redirected to another website when they visit your WordPress website?
Does the “Red Screen of Death” appear warning visitors that your website has malware?
If you answered yes to any of these questions there is a good chance that your website has been compromised.
There are also many security plugins that you can use to scan your website for intrusions. Here are some of the best free plugins that we would recommend for your website:
All of these plugins give you the ability to scan your site for file changes and potential threats attacking your website. If you own multiple websites make sure to scan them all for malware, as one of the leading causes of reinfection is cross contamination.
If you find that your website has been hacked it is important to remove the malicious code as quickly as possible.
The longer your website is affected, the more your online credentials will be tarnished.
If you have a daily backup service then your work is going to be easy, just go back to a version of your website before it was hacked.
If you don’t have a backup, don’t worry there is still plenty you can do, but we do suggest getting some form of a backup service for any future issues.
Protecting your WordPress website
Once you’ve removed malicious code from your WordPress website you’ll want to ensure that your website is not hacked again.
The first step you will want to take is to update all of your plugins and other software, as out-of-date software is one of the leading causes of hacks.
Next, reset all of your passwords just in case the hacker found their way in through one of your old passwords.
Finally, if you can afford some extra security you may want to consider purchasing it or even upgrading to the premium version of a plugin you’ve installed.
Another thing everyone should have for their website is an automated backup.
An automated backup can make getting rid of a hacker much quicker by changing to a version you had before the hack.
Share it on Social Networks, or even better, write your own blog about it