By Ann Smarty
From the time my blog became a regular part of my life and started to gain popularity, I have had a reoccurring nightmare. One of the regular contributors to the site calls me in the middle of the night, waking me up.
They are noticeably upset as they tell me that the blog has been hacked, and the posts have disappeared. In their place is a very not-safe-for-work animation that is causing all my readers to flood my Facebook and Twitter profiles in shock and anger.
I usually wake up in a cold sweat and can’t get back to sleep until I have fired up the laptop and checked that everything is alright. Can you blame me for my fear? After all, this isn’t some random paranoia. Hacks happen all the time, and some are much worse than others. While I could take a DDoS attack in stride, having my blog actually taken over is terrifying enough to make me jittery just thinking about it.
The sad truth is that we will all have to deal with a hack of some description (or at least an attempt) at some point. When you become a more popular site your chances increase significantly. Prevention is good, but it isn’t enough. Here is a checklist of what to do when you have been hacked.
Before the Hack
First, make sure your hosting is secure. WP Beginner has an awesome resource of best WordPress hosting services. There’s also a good guide into choosing secure web hosting. Also, avoid free hosting unless you are using for personal branding.
Then, you should from this moment on make sure you are backing up your posts, files and data. Each platform will have its own way of doing this, so just check with the FAQ’s to find out how to do a proper backup.
You should also do regular system checks on your desktop. Viruses and malware can be introduced through your local files, then accidentally uploaded through things like photos onto your blog. Just run regular scans using your chosen protective software. I use a combinations of Microsoft Security Essentials and AVG.
Of course, there’s much more to talk about pro-active tactics for WordPress Security but if you landed here to find the answer to the main question (which is in the topic), the hack may have happened already, so let’s quickly list what to do.
After The Hack
The first thing you should do is change your password. That way you know that there won’t be anyone working against your fix while you take care of the problems on the blog. Be sure it is a strong password that has nothing in common with the last one you were using (Tool: strong password generator).
If you are using WordPress, you also have to change your secret keys so they cannot remain logged into the account. Once you have all that done, log out, clear cache and cookies and log back in.
Next, put the site in maintenance mode. That way you won’t have visitors facing the problems you have encountered while you fix them. This is especially important if you are experiencing a redirect that takes readers to a third party site. Or if you have ads showing up that contain malware and users might accidentally click on.
Identify the backdoor. Backdoor is a method of bypassing normal WordPress authentication. Here’s an awesome guide on fixing a backdoor in a hacked WordPress site, again, courtesy of WP Beginner.
Finally, it is time to take care of the blog itself. Your best bet is to delete everything. Including the core files if you are using WordPress. Yes, this is a major hassle. But it is the only way to be absolutely certain that you get every bit of malicious code. Just going through all files manually will probably not take care of the problem. You may miss a bit of coding, fail to see a file that has been compromised, or a backdoor could still exist to allow the hacker (or hacking software) to slip back in.
If you don’t have a backup of your site, you are facing a dilemma. You could try to save as much as possible before deleting, but this could still run the risk of reinfection by malicious coding, or even infect your desktop. Not to mention the risk that exists to your readers if something goes wrong. I would recommend copy/pasting as many posts as you can into .doc files, then deleting everything on the actual blog and reposting the text fresh. Of course, you will have no choice but to find or reupload all photos.
Yes, this is all a huge hassle. But if you want to keep your site running, and it has experienced a hack, you have no choice. That is why it is so important to backup all files regularly, at the very least once a week. If you update often, then several times a week. This will allow you some peace of mind, as you know that you will only have to delete and then reinstate the data if a problem occurs.
Have you ever had a blog hack? Tell us about it in the comments.