What to do if Your Site Has Been Hacked

Just over a week ago, I looked at my site through another laptop that had javascript turned off.  I found a lot of spam content in the header part of SEO Jo Blogs.  It was visible in the code as well and  did not look pretty.  As the site had been built via wordpress, I went into my header.php section and removed the spam content.  However, there was also a problem with the theme and now I can no longer use that – hence the fact I have changed the theme back to its original version when I launched in February 2009.

If your site has been hacked, here are a few tips on what to do:

Love My PC

1) Don’t Panic

The first and most important thing to do, is do not panic.  It is easier said than done as you can also be very angry and scared about what has happened to your site.  If you are a good webmaster, you should have nothing to worry about.

2) Always Keep Your Themes Updated

When there is a new wordpress theme to be updated, make sure you update it. You may think there are too many updates and you feel like you are constantly updating your site, but by using the latest version of wordpress you will minimise the chances of your site being hacked into.

3) Back up

Always back up your site.  It is important to have a copy of your site offline.  In case anything happens to your site, you can upload the back up files without losing any images or content.  Imagine losing all the content on your site just because you have not backed up, it does not bear thinking about.

4) Check the plugins

WordPress is an open source software and the plugins are developed by third party developers.  Sometimes it is the plugins that can cause errors on your site which you may be suspecting as being hacked.  Deactivate your plugins, refresh your page and check if this has resolved the issue.

5) Keep your sites on different hosting packages

If you have one site with a hosting package and you buy another domain, make sure it sits on a different hosting package.  This way if one site is compromised, there is less chance the other site will as well.

6) Do not use the “admin” login

You may have set up your wordpress site a few years ago and are now more internet savy.  If you set up your site with “admin” as the yser name, amend this.  Go into wordpress, add a new user – which will be you.  Pick a username that is not your name and make sure you are the admin user.  Then with the original admin user change their settings so they are just a contributor.

7) Change your passwords

Make sure you change the passwords on your wordpress site when you login. Go to Users, My Profile and enter a new password at the bottom of the page. It is also worth changing your ftp details.  This you will need to do via the hosting company for your site.  Make sure your passwords contain at least a couple of numbers, a capital letter and characters such as #%!.

 8)Review your hosting package

If you have been hacked into several times in a short period, it may be worth speaking to your hosting provider and finding out what additional support they can provide.  Review the package you currently have with them and research a more secure one.  If your hosting provider does not have one, it may be worth looking for a new one.  WhoisHostingThis.com is a hosting review website which I have been reading to research into new hosting providers.

Have you had your site hacked?  Get in touch with me on Twitter or on my Facebook page if you need help with your site.


Leave a Reply

Your email address will not be published. Required fields are marked *