Learn how to protect and restore a hacked websiteEdward Zarkovas
Your Web Design Southampton specialists are also quite savvy when it comes to backing up and preventing a virus attack.
Here at Sites For Business, we are often asked how to deal with an infected or hacked website. Viruses and hackers can infect your website in many ways, which is why it’s important to protect your websites and to make sure they are safe in the first place.
WordPress is the most popular content management platform after it overthrew its competition by more than five times. In this case, it’s natural that most hackers are intrigued by the possibility of hacking a high profile site, so they give it their best shot. However, WordPress has a large community of IT specialist and web designers, which are always hot on the trail when it comes to security flaws.
Your Web Design Southampton specialists, Sites For Business, cannot express enough the importance of regular updates. When maintaining your WordPress make sure to install new updates immediately. The core of WordPress is very secure, and is trusted by large corporations such as: CNN, The New Yorker, BBC America, MTV news, Best Buy, Fortune, Ford Social, The New York Times, The Walking Dead and many more!
If these corporate giants can trust WordPress, then what’s stopping you?
The biggest issue with security is plugins. Large teams of specialist are working endlessly on the security of the core of WordPress, but plugins continue to become a problem. They can be made by a single person, which means that security issues are dealt with less effectively. That’s why before installing a necessary plugin, you should always check who the creator of it is and how often it’s updates.
Check your plugins before you become victim of a hacked website
Avoid at all times using cracked, nulled or hacked (illegally obtained) plugins and themes. Some plugins and themes are paid for, but many websites offer to download them illegally. There is no guarantee that they will be virus or malicious code free. By using a WordPress plugin directory it will save you money over time, especially when it comes to rebuilding your website.
What does a virus do to a website?
There are four modes of attack from a virus:
- Stealing information. Viruses collect information about your visitors. Unknowingly they steal their login, password and bank details. It’s really hard to notice these viruses on the website as they do not affect its functionality. Nevertheless, these are the most dangerous types of viruses as their only aim is to steal you or your clients’ money.
- Spamming. These viruses look for security flaws on your website and then using our public internet address they send thousands of spam emails. This activity usually is detected by your hosting provider and your website administrator is informed immediately. At that point, you have a limited amount of time to cure the security issue as your website and email services may be blocked by the hosting provider.
- Redirection. Viruses install malicious code on your website that redirects visitors to other websites. These sites may be infected with other viruses. Not only do you lose the trust of your visitors (clients) but also your SEO rankings will be affected.
- Taking down. There’s no rational explanation for this other than your website is being taken down. Once this is achieved your website won’t be accessible by visitors which means you can lose them forever. This virus can affect the accessibility or the way your website is displayed. When Google indexes the hacked website, it will mark it as “hacked” next to the search engine result. This will also affect your overall ranking, and your website might be removed (banned) from being ranked at all.
Viruses are always easier to prevent before they attempt an attack on your website. Many hosting companies can offer you daily, weekly or monthly backups. When it comes to this, you need to decide the length of information you are willing to lose (for example a day, month or weeks worth of information).
You’ve restored your hacked website, you now need to go through the following steps:
Step 1. Login details
Change ALL passwords, WordPress login details, hosting and even database passwords. You don’t know which passwords are known by the virus creators. It’s highly recommended to avoid usernames such as admin, administrator, website or the business name. If you’ve been using these names then you’ve been making the virus’ creators jobs 50% easier to hack your website. They don’t need to guess your username, only the password.
Step 2: Updates
- Make sure that the core of WordPress is up to date. Also, it’s worth checking your plugins, see which needs updates.
- Before applying updates to your plugins make sure that they are compatible with your current (preferably latest) WordPress core system.
- Keep in mind that your theme might be affected by updates and changes or the design you made before might be affected. If your website theme was created using the “Child” theme – there should not be any problems.
Step 3: Additional security layer
CloudFlare offers a variety of protection methods against viruses, such as firewalls, DDOS and large doses of brute force protection. In addition to that other platforms can offer Content Delivery Network (CDN) and cache functions that will improve the overall performance of the website. It’s also worth considering SSL (HTTPS) protection that will help to build trust between you and your visitors (clients).
Step 4: Antivirus
Install an Antivirus package to your website. WordPress has a brilliant tool called Wordfence. Deemed the most downloaded security plugin, WordPress offers this plugin to their users for free. This plugin is powered by Threat Defense Feed, it is constantly updated and stops your website from becoming hacked. At the sign of a threat, the Wordfence Scan immediately alerts you to prevent your site being compromised.
Step 5: Information
Once you’ve protected your website from viruses and malicious software – inform everyone that you are safe! If harmful activities were noticed by Google, inform search engines that you have now sorted these out. You can resolve this by using the Webmaster tool. If your website and email accessibility was limited by your hosting provider – inform them about the security measures you’ve taken and ask them to unsuspend your accounts.
Are you finding it difficult to retrieve your lost information from your hacked website?
If you’re struggling to restore your hacked website by using a backup copy, then it’s always best to seek professional help. An IT specialist will take over the restoration process and help retrieve lost information and emails. In these situations, viruses and malicious code are removed manually from source files and databases. This is often performed by skilled professionals, to avoid the situation from deteriorating.
Have you been affected by a hacked website? Our Web Design Southampton team and IT experts can prescribe the perfect cure for your hacked website. To speak to a member of our team contact us on 02380 011718 or email us at firstname.lastname@example.org