It’s estimated that roughly 30,000 blogs and websites are hacked each day. As a blogger, it’s downright frustrating when you invest your time and energy to building a successful blog, only for some hacker to take control of it. Regardless of who has access to it, though, it’s YOUR blog, which is why it’s important to follow some basic steps in the aftermath of an attack.
Check Your PC
According to the official WordPress website, the first thing you should do in the wake of a hack attack is to scan your local computer/PC for infections. Use a virus scanner like AVG or Microsoft Essentials (or both) to see if your computer is infected with malicious software.
“Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice extends to both Windows, OS X and Linux machines,” wrote WordPress.
Regain Access to Your Dashboard
Next, you should regain control of your blog’s admin dashboard. It’s not uncommon for hackers to change the admin password once they’ve infiltrated a blog, preventing the rightful owner from entering. Assuming the hacker didn’t change your email account, you can reset the password from the login screen. If the hacker did change the password, however, you’ll need to manually update your password in phpMyAdmin.
Survey the Damage
Now comes the not-so-fun part of surveying the damage. Go through your blog to see what kind of changes the hacker made. These changes may be obvious, such as the addition of a new spam page, or they may be more subtle, such as hidden iframe and redirect code. Spotting these changes isn’t always easy, so take your time by going through each and every page. Here’s a tip: view the source code for each page and search for “http.” If your site is being used for spam purposes, this should reveal hidden links, at which point you can simply remove them.
Fix the Damage
After surveying the damage, it’s time to fix it. Hopefully the damage is minor and can be repaired manually by hand. If the damage is more extensive, however, you may need to restore your blog to an earlier date. This involves restoring a backup that either your or your web host had created at an earlier date. Most web hosts perform automatic backups of clients’ websites at either two to four week intervals. If you did not perform a backup, you’ll to contact your web host and ask them to restore your blog.
Here are some tips to protect your blog from hackers:
- Don’t use the “admin” username.
- Disable user file uploading.
- Keep your content management system and any related plugins updates to the latest version.
- Use a strong password consisting of upper-case letters, lower-case letters, numbers and special characters.
- Beware of phishing attempts.
Has your blog ever been hacked? Let us know in the comments section below!
My site was hacked twice in a row. It was a nightmare and quite the embarrassment. Once fixed, I implemented several layers of security in hopes that it will never happen again. Of course it occurred right when I was expecting a potential client to be viewing my site.
I’ve learned that you can never be too cautious when it comes to protecting your site. I recommend backing up regularly and investing in a high quality host.
I use Wordfence Security plugin and have been really happy with it so far.