Websites are critical to modern business and most businesses are on the WordPress platform. A website is one of the most important assets a business can own, yet due to their technical nature, many business owners are at a loss of what to do when something goes wrong – especially if the site has been hacked.
While the popularity of WordPress makes the code more familiar to hackers, there is also a vast worldwide army of coders working to protect the WordPress platform, and 835 million other WordPress websites out there relying on that security. You are not alone and help is never far away.
But statistics are never helpful in a crisis. If you’re reading this, you are probably freaking out because there is something wrong with your website, so let’s just jump in to what you can do to fix a hacked WordPress website. We’ll start with the most important tip of all:
Don’t Panic
Yes, the website that is the heart of your business might be compromised or even down, but if there was ever a time to be thoughtful and clear minded, it is now. Not only are you going to have to determine the next course of action, but you also may need to reach out to more technical minded people. Being calm and clear will help them help you. So take a deep breath and let’s begin.
Make Certain Your WordPress Website Problem is an Actual Hack
Often when a website is experiencing problems, it hasn’t been hacked but rather experiencing some kind of other technical difficulty, like a compatibility issue from a plugin or platform update. Before you go to any website that may possibly be hacked, check to see that the virus and malware protection is up to date and running on your computer!
If it is, here are some things you can check to get an idea of whether the problem is a hack or not.
- Does an error message appear rather than the website? If you see an error message with a number like 500, 502, 503, it could be a technical issue that your host can help you with. If you see a 401 or 403 code, it is possible that your website has been taken over.
- Is your website being redirected to a mysterious new website? Your website is definitely hacked.
- If the website is up, check the website content. If the content of your website has been changed in any way, it is obviously compromised. This would mean specifically text and images being altered for a nefarious end or strange pop ups that were never there before. If, however, the layout is broken or distorted, it may be from a technical issue which could be handled by your site designer or developer.
- Can you log in to the backend? If you try logging into the backend and your password isn’t working, try password recovery. If this doesn’t work, it is likely that your site has been taken over by a hacker. If this works and you gain access, you still need to reach out to a professional to ensure that nothing else has been compromised on the website. If you can’t reach the login screen, it might be a technical issue a web developer can tackle.
- Check your site traffic volume. Regardless of what the site problem is, checking the volume of site traffic on Google Analytics (or whatever platform you use to monitor web statistics) can offer huge clues to what is going on. If there is a huge traffic spike, your site may be under attack. If there is a drop in traffic, it could just be because there is a technical problem and the site was unreachable, or Google has flagged your website for security issues. Check your website with Google’s Safe Browsing site status to ensure it’s not the latter.
How to Repair a Hacked WordPress Website
Whether your problem is from your website being hacked or a technical issue, it’s these times when having a good hosting company and/or website developer that you can reach on the phone becomes invaluable. A hacked website presents three problems that need to be solved: getting the site back up, ensuring that it is safe for users, and fixing the weakness that led to the site being compromised.
If you have a website developer you can reach out to, now is the time to call. It should be noted that a WordPress “designer” often does not have the technical skills to tackle all the security issues a hacked website presents. The person who specializes in the technical aspects is usually referred to as a website developer. You can learn more about the distinction here.
You should also reach out to your hosting company. In some cases, they will be able to get your website back up, but you will want to reach out to a developer to go through the code in your website and make sure there is nothing malicious still lurking.
The good news is that most hosting companies keep backups of the websites on their server. If your website was built by a capable WordPress developer, this is also a good sign that your site has been safely backed up by another method. It may cost a little bit of money to get your site restored from a backup and have it scanned for malicious code, but that will be nothing compared to the cost of rebuilding a site from scratch, and the often greater cost of business loss from being dropped from Google search results.
In the event that your hosting company is not able to help and you don’t have anyone capable that you know, you will need to hire someone to fix your website. As mentioned above, make sure it is a website developer familiar with the WordPress platform.
How to Secure Your WordPress Website from Hackers
As always, the best defense for keeping any website safe from hackers is to have good people on your side. This means a responsible and responsive hosting company, and a capable developer who will put trusted security plugins in the website to protect the site from threats, scan for malicious activity and code, and backup the website in the event there is a problem.
If you are on your own with your WordPress website, adding a security plugin like Wordfence or Sucuri can help keep the site safe, but it is also good to ensure you have a backup solution from either your hosting company or a plugin – or both!
If you have a WordPress website that has been compromised, we can help! Give us a call at (941) 548-9950 or contact us via our webform. We are your Tech Partner!