Responding to a Hacked WordPress Website
Over 74 million websites utilize the WordPress framework; and as of 2014, self-hosted WordPress websites accounted for roughly 20% of the internet’s websites. And one of the reasons why WordPress has become so popular is because its users don’t need to learn programming to build clean, responsive, and well-functioning websites. But its very popularity has made WordPress a target for hackers, who dedicate a great deal of time to learning how to overcome WordPress security and encryption to gain control over websites and user data.
But the unfortunate truth is that no website is unhackable; and that though WordPress teams run round the clock to create new security updates, and you might have purchased high-security hosting, it can still happen to you. So we’ve built a several-step recommendation list on how to sensibly respond to a website hack, including problem isolation and disaster-recovery.
Assess Your Assets
Have you ever heard of an assets evaluation? It’s when you parcel out all the different parts of your website into their categories and order what is the most important to what is the least important. And of course – all of your website is important. But just like all the parts in any other machine, some parts are more important than others. This will help guide your course of action in case of emergency.
For example, pretend that you run a very successful online shop. Your WooCommerce plugin had a vulnerability which a hacker exploited, and now your website is hacked. You immediately notified your hosting company, who informed you that they would need to take your website offline, and that you’ll lose all of the data gathered since the attack: 24 hours. All of the sales information, client data, all of it!
But if you’re familiar enough with your own website to know that it was just the WooCommerce gallery which got hacked, and your gallery is not as essential as your product lists or client database, you can tell your hosting provider to only take the gallery offline, and restore only that part of your website: which will resolve the problem and not lose you any data. In this case, the gallery is a segment of your website assets which are less important than the checkout process and your client list!
Have a Website Emergency Contact List
You know who to call if you get into a car accident or if your home’s plumbing goes haywire. But what about if your website is hacked? Make certain that you have the numbers for your hosting provider, theme author, and major plugin author companies all easily on-hand.
Your hosting provider should be your first line of defense, and will help you understand the technical aspects of your hack; and in some cases, they might be the ones informing you that your website has been hacked! But before you get hacked, make certain to review what services your hosting provider offers: do they give you free automatic backups, in the case of an irrecoverable hack? Log analysis? Security audits? Will they clean malicious code for you? Some of these may be incurred at an additional fee; and it’s better to know beforehand what to expect!
The developers of your website, theme, and plugin should be your second-tier line of defense. Usually it is a weakness in a theme or plugin which has allowed your website to be hacked, and you should notify these developers immediately: often they will provide security patches to help correct the problem.
Don’t Panic, And Copy Everything
It’s important not to panic about a website hack, and to stay calm no matter how scary the situation is. This will help you make more rational decisions when responding to the crisis. Your first step should always be to make a backup of your hacked website without overriding any previous backups. This will allow you to analyze the hacked website to find where the vulnerability was.
You can use a tool on your hosting to create a backup, but you can also use SSH to log into your website and create a mySQL dump, which can be a little faster.
Quarantine Your Website
As soon as you have the backup, quarantine your website by going into maintenance mode. Doing so correctly can help preserve your search engine rankings and convey necessary information to your regular visitors: ideally, you should set your status code to 503 for all pages, and redirect to a maintenance mode page with no outbound links. You can help preserve your search engine status with a Retry-After HTTP header set for at least 24-48 hours following the hack.
Luckily, WordPress has a maintenance mode built in! You can quickly create a PHP file titled ‘.maintenance’ and add it to your root folder. The file should only contain the following: <? $upgrading = time(); ?> and should be deleted whenever you want to bring your website off of maintenance mode.
When you set your website into maintenance mode, it’s time to change all of your passwords, and at this time your hosting provider and developer should have been able to advise you on how best to proceed. If you’re technically proficient, you can begin restoring your website from a clean backup, and going through the hacked backup (or allowing your developer to do so) to identify the vulnerability which led to the hack.
Understand Your Enemy
In order to be able to fend off current and future attacks, it’s important that you understand a hacker’s mind – their goals, their intent, and their tactics. There are a number of online course dedicated to IT training. You can get certified in Ethical Hacking, something often employed by the Federal Government. The thought being, by learning to perform an attack, you will be better equipped to conquer any hackers that are looking to crack your site.