Has your WordPress site been hacked recently? We want to hear about it
Thousands of WordPress sites get hacked every day. If your WordPress site has not been hacked yet, it’s because you don’t have content worth hacking.
We’ve been helping individuals as well as hosting providers with hacker clean up.
What you should do should you find your site is hacked.
First, backup your site. Even though the site is hacked, you want to have a backup should you have to undo any of the clean up steps, and have a fresh start at cleaning up.
If your site is based on WordPress, Joomla, Drupla, or any other database-driven method, be sure to include a backup of the database as well as the files in your HTML directory structure.
Second, If any of the hacked areas include defaces or other visible clues (or even in your face writings), then take screen shots of those areas. Basically, you want to document what you know about your site being hacked.
Third, contact your hosting provider technical support giving them as much information as you know along with any screen shots and notes you’ve taken to date.
If your hosting provider cares about you as a person, and cares about your site, they will do what they can to help you clean up from the hack(s) on your site. Depending on how quickly they are told, they might be able to review server log files to identify how the hacker(s) gained access and when such access was gained.
Some hosting providers do have the right to charge for clean up per their terms of service; prior to asking them to do any work, ask them if their help in the case you are facing will be done freely. If yes, move forward; if not, then find out the charges involved and make a decision as to how much you need their help.
In any event, you should still notify your hosting provider so they know you know; AND, that the intent is to clean up the site as quickly as possible.
The main reason you want this notification (even if you are going to clean up the site yourself, or use another party) to the hosting provider is to ease any effort the hosting provider might make against you if they receive pressure to shut down your site.
Fourth, if you are unsure of how long the cleanup will take, put your site in maintenance mode so your site is not infecting others (or has less of a chance to infect others).
Fifth, scan any device (mobile, PC, etc.) you or any authorized person who has access to the site for virus AND malware / spyware. Anti-virus software will often not find any malware, and anti-malware software will often not find any virus. You need to run two different scans — one for viruses using an anti-virus program; and another for malware using an anti-malware program.
I recommend NOD32 for anti-virus and malwarebytes.org for anti-malware.
Sixth, change your passwords — FTP, SSH, control panel, WordPress, etc.
If you are running WordPress use securemoz to save you all the trouble
Now, you might find yourself on the find malware, hacks, defacement step and be lost. If that’s the case, you might want to reconsider either having your hosting provider get involved in the cleanup, or contracting a person or firm to do the cleanup for you.
Contact us if you have any questions.