It is every website owner’s worst nightmare, apart from losing confidence and ranking from Google: getting hacked.
Due to the fact that websites carry a lot of traffic and can create some serious revenue, it is always going to be a target for hackers to try to break into and take some of that success.
On the extremely occasional rare occurrence that a website gets hacked, what do you do!? First things first, do not panic. The vast majority of sites are recoverable, one way or another. It’s just working
Security Plugin – Scan Whole Website
The first step to do, if you still have access to the dashboard of the website, is to scan the website for any viruses, malware, vulnerabilities, and threats. For WordPress based websites, the best solution would be to use Wordfence and preferably pay for Wordfence Premium. What this allows for is the most update to date searching for viruses, malware, and vulnerability, enabling you to fix the issue, if fixable, as soon as possible. On the whole, Wordfence is very good at doing this, so the majority of hacks can be fixed this way.
Wordfence also has a service to get experts to vet your whole website. This would be a last resort, as it is quite expensive.
Find Issue? Delete Malware
As mentioned above, Wordfence should be able to find the part of the website that is hacked. Once found, to fix it, there are a few things you can do:
- Go into each file and modify the code to what it should be (if you know)
- Delete the code that Wordfence has stated is infected
However, with both points, if you are not 100% sure what to do, there is the potential to cause more damage to your website than good, to the point that the whole website could go down for encountering a critical error (broken code).
Hacked? Restore from Server
If modifying or deleting the hacked code is something you are not confident doing, then what you can do is restore your whole website from backups from your server. This is a normal thing to do, backing up your website at the server level, for exact situations like this. With this, there are a few pointers to be aware of:
- If you restore your website, any work you have done to your website after the restore date will be lost, so make sure you make offline copies of that to reupload.
- The website will have the same vulnerabilities that saw it get hacked in the first place. So make sure the vulnerabilities are patched as soon as possible after the restoration. The same goes for updating all plugins, logins, and passwords so that there is no possibility the same hack could happen again in concession.