I don’t know how secure your website is, how popular your web hosting is, but trust me, it’s possible to hack them. Think of any popular website, it’s possible to hack them. It might be difficult but not impossible. This is the current scenario of the Internet world. There are plenty of hackers out there, some good and some bad hackers. Then, some script kiddies who have no idea what they are doing, more importantly, why they are doing.
It’s always better to be cautious now than to worry about this later. If your website has been hacked or if you are worried that your website might be hacked, then follow this simple essential guide to solve this issue smoothly. These are some personal tips which we applied when we experienced ‘malware hack’ for some blogs we were maintaining.
Website Hacked? Follow These Things!
1. Stay Calm & Focussed
Just stop the other works you are doing. Pause your torrent download. Close all the other irrelevant tabs. Keep your phone in silent mode. Avoid distractions, just focus on your website for the time being. This is very important because you shouldn’t be focused on your unwanted Facebook or Twitter notifications.
2. Take Down Your Website
Make the website offline. Use an under-construction page (even maintenance page works) or maybe redirect your website to your official Facebook/Twitter profile. If your readers or customers are seeing a ‘hacked’ web page (or even a browser warning) then it’ll surely spoil your brand’s reputation and they won’t really come back. Especially if you are running an eCommerce store then your visitors (or future customers) will be afraid to share their credit card or any payment info on your website.
So I think a little downtime is okay for managing your website’s reputation. This not only helps your website but also for other people who visit your website, sometimes hacked websites have malicious code scripts installed and it’ll affect the ones who visit your site as well.
3. Change Your Passwords
It’s better to change all your passwords (WordPress, Hosting, Database & everything) when your website is hacked. You can even change all the email addresses associated with your website as well. It’ll be hard for the hackers to crack the original password and know what is that, but still, it’s good to have a new set of passwords for better security.
ARE YOU SURE YOUR WEBSITE PASSWORD IS SECURE? HOW SECURE?
Essential (And Easy) Tips For Creating Secure And Strong Passwords
4. Contact Your Hosting
Go to your web hosting account, create a support ticket and at the same time, open a support chat to let them know about this hack. Suppose if your website is redirecting to some other hacked website, then you can also inform your domain registrar regarding this.
As a Web Hosting provider, it is their core duty to protect your website and your server, but sometimes the blame is on us as well, if our website’s security is poor then there is nothing else we can do to be honest. If you have infected website template or bad passwords, then they can easily hack your website with basic techniques.
5. Scan Your Website
You can use online scanners like Sucuri for scanning your website for any malware or hack related issues. They have a free tool to scan your website and let you know about the condition. I used a demo website and you can see the results below.
You can also install Clam AntiVirus (ClamAV) on your cPanel which scans for any malicious programs on your server.
6. Find The Culprit
Now here is the most critical part, you have to act like Sherlock Holmes, analyze what might have caused this hack. Which loophole? Which silly mistake? Which security flaw? I think it’ll be wise to list out the last 5 actions you did on your website for the past one week. Did you install any new WordPress plugin, did you install any Analytics script or did you install any theme you downloaded from the Internet (Malicious maybe?).
If you are so confused, it’s good to undo all those things. Uninstall the plugins you have, change your website theme, remove all the scripts you recently added and most importantly, make sure you have a backup of these things before proceeding. Taking a backup of your blog/website is very essential.
6. Inform Your Readers
As a webmaster, or a blogger, or a brand owner, it is your duty to inform your readers/customers/members about what happened. Sometimes it’s good to be honest, but sometimes it’s up to you to decide.
If you are a Blogger, then you can write a blog post about what happened, how this hack was possible, tell them the steps you did to fix this and much more. It’ll be a good experience post, you know, you can advise your readers on the security measures you have taken now.
IMPLEMENT THESE SECURITY ACTIONS NOW TO PREVENT ANOTHER HACK:
Website Security Checklist: Have You Completed All These Steps?
These are some of the basic actions you should take when your website or blog is hacked. If you know any other essential measures then do kindly share them in the comments below.
