My WordPress Site Was Hacked! Now what?
We are living in a time where website owners must take a proactive approach to protecting their website. Just as you have a security system in place for your home, you must take security seriously for your website.
In the following article, we will answer some common questions we receive from our clients in regards to hacking.
Why Was my Website Targeted?
Many people are surprised to find out that their website has been compromised. A question we often hear is,
”What would hackers want with my website? It’s not like we store credit card information or anything a criminal would want to get their hands on.”
Even if you are not storing any personal or financial information on your site, it still can be appealing to hackers. Why?
You are basically renting space on the web. Hackers need a place to do their illegal activity and remain anonymous. For example, a hacker may set up a phishing site under your hosting plan. Phishing is attempting to steal sensitive information such as passwords and credit card numbers. So unbeknownst to you, your website is being used to steal people’s personal information.
My Website Looks Fine. How can it be Hacked?
There are times when your website is noticeably hacked. Perhaps typing in your domain name takes you to a completely different website or you may see one or more error messages on your screen.
However, there are times when your website will remain intact and you will have no clue that a hacker has compromised your site. As we mentioned earlier, sometimes the motivation is to use your hosting to set up a phishing site which can be achieved without defacing your site.
This is why scanning your site on a regular basis is crucial. Security scanning software can detect suspicious behavior and alert you before a hacker can cause significant damage.
What Precautions Can I Take to Avoid Future Hacking?
No website is 100% safe from hackers but there are things that you can do to decrease the odds.
Keep WordPress Core, themes and plugins up to date.
WordPress, plugins and themes are constantly coming out with updates. Some of these updates are to improve functionality and some updates are to address a security issue. For example, a hacker found a “back door” though one of your plugins so the plugin developer comes out with an update to patch this hole so to speak. So you are putting your site at risk every time you ignore updates. You should log into your site at a minimum of once a month to check for updates.
Delete themes and plugins you are not using.
Try to keep all plugins and themes to a minimum. We are not saying that the plugins and themes themselves are bad, but the more that you have, the more items there are that can potentially be compromised. If there is a theme or plugin that you no longer have use for, get rid of it.
Also, if there is a plugin that you do use but the developer stopped coming out with updates, it might be a good idea to find a replacement.
Choose a strong password and avoid the username, admin.
This should go without saying but do not create easy passwords such as “password123”.
In fact, we recommend a minimum of 8 characters with a combination of letters, numbers and special characters. Hackers run sophisticated scripts to crack passcodes. The script will run through various character combinations until the password is cracked.
To tighten things up even further, avoid generic usernames such as ”webmaster” or the default WordPress username, “admin”
Install a plugin to scan your site for malware regularly.
You will want to be proactive and install a plugin to monitor and scan your site on a regular basis. This way if a hacker finds his way into your site, you will be alerted and can clean any malware before it gets out of hand.
Sign up for our Maintenance Program.
Following these instructions above will significantly tighten up the security of your site.
If you are not comfortable with making regular updates, or simply do not have the time or resources to monitor your site, we offer a yearly maintenance program at Spyder Byte Media. Our maintenance program includes us logging into your site on a monthly basis to update WordPress and plugins and we also update your theme every 6 months. If your site is hacked, we remove the malware at no additional cost.
Contact our Michigan SEO Company for More Information
Spyder Byte Media is a Michigan SEO Company located in Shelby Twp. We have helped hundreds of clients outrank their competitors on Google and receive more exposure online.
If you would like more information about our yearly Maintenance Program or Internet Marketing services, contact Spyder Byte Media today at: 586-260-1344.