There’s a number of different ways that a hacker might take over your site: Use it to send spam messages, insert spam links into your content, replace your index.php file with a splash page announcing his success at taking down your site..
The worst, however, is when the hacker uses your beautiful, carefully built website to infect the audience you have spent so much time and effort cultivating:
When your site gets hacked, your options include:
- Contact Your Hosting Company. The first thing to check is whether your hosting company routinely backs up your site and if any of their backups are clean (meaning, made prior to the hack). If they have one, they can restore it easily for you. Even if they don’t have a backup, your outstanding support tech might help you out of the goodness of his heart (but don’t count on this kind of service… even an outstanding support person can’t dedicate hours to helping you if he has other customers who also need help).
- Restore a Clean Backup. If you make regular backups of your site, it’s possible that you have a clean one that doesn’t include the hacked code. This is more likely if you store your backups somewhere other than the same server your site is on (off-site).
- Pay to have Your Site Cleaned. Sign up with Sucuri.net and pay $200 for a year of protection (they will remove the hacked code within 12 hours PLUS any hacks that happen in the next 12 months). This may sound like a lot of money, but is a killer deal in the world of cyber security (most other firms would charge in the thousands and then only for the one time clean up).
- Delete the Entire Website. If the hacked website isn’t being actively used (or the other options don’t work for you), you can simply delete the entire website and all of its files from your hosting account. In the case of attack code, this is the only way I’d recommend you engage with the files since simply touching them could infect your computer.
No matter which option (or options) you choose, one thing you can be absolutely sure of: Whatever you had planned for the day just became a lot less important than getting your website back up.
When you store files online for the world to access, you take the risk that those files will get hacked.
Although one of my former clients once had a web developer tell her that he was using “hack-proof” code, no such thing actually exists. Hackers are among some of the smartest people on the planet and will find a way around even the most advanced protections eventually. So, it’s a matter of WHEN your website will be hacked, not IF.
To help keep your site safer (notice, that’s safe-er, not SAFE), follow these guidelines and you’ll make your site a more difficult target:
- Keep Everything Updated. Hackers love WordPress websites that aren’t kept up to date – or better yet, are abandoned and their owners have completely forgotten they even exist — so once you make the decision to install WordPress, make sure you keep WordPress itself, any themes and all plugins up to date at all times.
- Make Regular Backups. There are many backup tools available, some free, others with a small fee. No backup will do you any good whatsoever if you can’t easily restore one when you need to. So, choose a backup system and then test it by restoring a backup so you know it will actually be there when you need it most. Some of the options that I like: ManageWP, VaultPress, and UpDraftPlus. Store your backup files somewhere other than the same server that your website files are on so hackers can’t compromise them as well (it happened to me last year when my site was hacked for the first time).
- Install WordFence. This free plugin will help block known attackers in real time, scan your site for malicious code, and generally add an extra layer of security to your website files.
If you aren’t using WordPress, at this point you might be thinking that makes you safe from these awful hackers. It doesn’t. If you are using any of the other open-source web authoring tools (Joomla, Drupal, Odoo, etc), the code that hackers need to find in order to create an exploit of your site is freely available online, so if it’s possible to exploit it, hackers will find it eventually. And if you are on a proprietary platform (Vista, Wix, etc) or have built your own website files from HTML, that doesn’t mean you are completely safe either. Make regular backups so you have them in the event you ever need them. If you do get hacked, Sucuri.net can take care of you, no matter what type of website you have.
You’ve spent a lot of time and effort building the web presence. Don’t leave it’s security to a “hope and a prayer.” Hackers are out there and they will eventually hit you and take down your site. Be prepared so that when it does happen, it doesn’t take your business down with it.