What to do if my website has been hacked?

This question arises in each user who faced such a problem, as a hack of a website. Let us try to clarify the situation.
Beforehand, first, it is always necessary to have archived copies of your website, its databases.
However, to solve the problem and prevent such a situation in the future before the recovery, it is necessary to understand how exactly the site was hacked. The reasons for hackings can be various, but we will focus on the main ones.

 

Reasons for hackings

The first reason of hackings is a stealing or sorting of passwords to your FTP account or to the admin part of your website. Such a situation can occur because of the virus on your PC, operating system or because of an outdated vulnerable version of the browser from which was the installed password downloaded, or installed password was too simple (for example, it consisted of only numbers) and it was easily sorted.
That is why always install strong password, which consists of numbers, letters of upper and lower cases, as well as it contains other keyboard symbols. To generate a password you can use corresponding online resources. Do not keep your passwords in unchecked apps on unprotected (without antivirus) PCs.
The second reason of hackings is outdated, vulnerable version of CMS (its components, plugins) on which your website works. One of the most “favorite” CMSs for hackers is WordPress. Having made a check of hundreds of websites that work on WordPress CMS it was found that 71% of them do not use the latest releases of corresponding branches.
In addition, the risk of hackings on outdated versions of CMS is very high. Moreover, the most of CMS hackings occur via insecure plugins and components, which the client installs. And via these insecurities, hackers download different exploit, iframe, PHP shell to the server.
We have noticed the next vulnerable components and scripts, with queries to which as usual websites are hacked for WordPress CMS these are:

  • Change of wp-login.php;
  • Download of php shell and php eMailer via:
    – wp-content/plugins/wp-my-admin-bar;
    – wp-includes/is/tinymce/;
    – wp-content/themes/infinity.
  • timthumb.php theme vulnerability.

Your actions in case of a hack of your website:

  1. Check website’s files for recent changes, download them on local PC or check via built-in file manager in Cpanel.
  2. Recover website from the archived copy.
  3. Check available updates of website CMS for WordPress, as well as installed modules, plugins and CMS components.
  4. Change the access password to hosting (FTP accounts) and website’s admin access password.
  5. Clear the website’s catalogs of cache/ and tmp/.

When looking after the CMS updating, downloading the components from only trusted sources, to work with the website only from protected PC and have reliable passwords – the possibility of your website’s hack will be minimal.
Hire only professionals to setup and design your website. Do not trust casual developers. Do not use doubtful hosting or free solutions you know nothing about. Hire a person to be responsible for your website’s security.
Paid services largely reduce the risk of the website to be hacked, domain to be stolen, and to damage your project.

Leave a Reply

Close Menu