Wordpress is an extremely versatile platform which gives the admin user a lot of flexibility. Being flexible is not always a good thing. The Admin user can easily make changes to the site code and if compromised by a hacker it can be a very long and painful road to recovery.
But there are several steps you can take to secure Wordpress as much as possible to prevent this in the first place. Below we will cover prevention as well as how to go about repairing a hacked site.
#1 Wordpress Hack Prevention!
Prevention is always better the a cure... Wordpress is similar to eating healthy and doing a little exercise... you have to do it on a regular basis for it to be effective.
There are many ways to lock down Wordpress and make it more secure. We highly recommend you follow all of the procedures below:
Keep plugins updated
Every few weeks you will need to log into your site and check the plugin area for any updates. Simply hit the update button to apply these. Pay attention to any notes from the developer as it could cause your Wordpress theme to break if it's a major update.
Use quality plugins
How hard do you work for free? Anyone can create a plugin, but amateur programmers who mean no harm might not know how to properly secure their plugin. If you're not paying for it (or if there is no premium version available) there's a good chance that the developer is not actively maintaining it or keeping it as secure as possible as new threats emerge. Buy a nerd a coffee and splash out a few bucks on any plugins you need.
Keep your antivirus up-to date
If your local machine is infected and you access your admin panel, the virus could inject something or scrape your user details. This is one of the most common causes for sites getting infected outside of website security issues.
User privileges/roles
Don't hand out the Admin role willy nilly. This role can do a ton of damage to your website if someone gets a hold of this login. Think about what the user really needs access to. For example if you are running an online shop you should only give them access to this by applying the "Shop Manager" role to their profile.
If you're an admin and need to make regular content updates, check e-commerce orders etc., consider creating a more limited account for yourself. This will limit exposure to your admin details.
Store your passwords securely
Don't leave your passwords lying around. This includes in your email folder, group chats windows etc. Use a password manager like 1password to manage and store your passwords securely.
Security Plugins
Wordpress has pretty relaxed/no existing security by default. To solve this you should install a security plugin to handle this for you. Itheme security is our favourite plugin. The setup process will take you through everything you need to secure your site. I would also highly recommend applying two-factor authentication via this plugin as well. This will send you an email with a confirmation code before allowing you into the site. Any hacker would need to have access to your email as well as the website before they could get in.
#2 Wordpress Hack Repair
So they got in... time to freak out! Errr - I mean remain calm. Hacks can range from your entire site being wiped to an injection of some dodgy code into your site that redirects traffic. I recommend you take the following steps ASAP.
- Scan you computer for any viruses/malware that might have allowed you to be compromised.
- Change all your passwords. Wordpress admin, Cpanel, FTP passwords, API credentials for any plugins you are using.
- Scan the site for any malware that might have been injected using Wordfence or Sucuri (or both). These will hopefully highlight the code changes and allow you to undo them.
- Check any access logs you might have on the server. Itheme security also has some great logs you can check out.
If you have a very nasty hack they will often leave behind some kind of backdoor file so they can get in again at a later date and re-infect the site. If you find your website keeps on getting re-hacked after you have done the steps above it's time to call in the experts as finding this file is like looking for a needle in a haystack.
Another option is to rebuild the entire site again with files you know to be clean... but this can be very time consuming.
Good luck!