How to prevent and fix a WordPress hack attack

Prevent hacking attacks with Better WP Security plugin

There are few things you can do to discourage hackers by making your website more secure but one of the best steps you can take is to install and configure Better WP Security which is a great plugin and should be default on any WordPress website. You can download it here.

This plugin will secure for you file permissions, enforce strong passwords, protect against brute force by limiting login attempts, hide login access area, change tables prefixes and many other! One of my favorite feature is sending an email whenever a file change was detected. This featured helped me with websites that were hacked and I could monitor if the website was being compromised again.

My website was hacked?

How do I know?

You’ll definitely know if your website was hacked if:

  • Google will display a Beware Malware page
  • If your website haven’t been identified with any infection yet but you notice unauthorized changes such as: home page redirects to some other website or you see Viagra ads, or your website doesn’t look like anything before, that means you were hacked.

What can I do now?

First thing call your hosting provider to restore the website to a previous stage before the hack. Pray that your hosting provider keeps automatic back-ups. Then Install Better WP Security.

If restoring the websites to a previous date is not an option and you don’t want to loose recent changes or updates you’ve done on the website call your webmaster to investigate the issue. I would normally look for anomalies in .htaccess file, or index.php file in the root or the active theme directory. Most of the time I had few websites infected with base64 code which is easy to spot and clean.

If more than few files were infected and the malicious code had spread across website the best would be to go with a fresh WordPress install while cleaning the theme files manually or restore them from a back-up.

Conclusion

Good hackers are smart folks and if they want to gain access somewhere they definitely will. It is unlikely however that your business website will attract the elite and so taking preventive measures will definitely discourage the regular hackers or spammers.

Comments are closed.