Try to keep cool and get ready to forgive, forget and move on — keep this mindset when your website gets hacked.
WordPress hacking is widespread, and it can be a scary episode if this is your first time going through the experience.
Why Me? Why My Website?
First, keep in mind that 99% of the time, the hacking or site breach is not personal.
I have found that in most cases, the attack is not even stemming from a human being but comes directly from software designed to target vulnerabilities in specific websites.
We could sit here and speculate all day on why anyone/thing would target your innocent website or blog for seemingly no reason at all. The majority of the time, the reason behind hack or website breach is to use your website to help spread spam links.
What Do I Do Now?
The good news is that your website hack was most likely grouped with similar websites using a similar setup (in this case, WordPress).
The damage you face is probably injected junk code into a series of one or more of your website files. While this is a total annoyance and can make your website behave in bizarre and unpredictable ways, it is a very common occurrence in which the problem can be quickly resolved.
If you have limited knowledge of website development. It’s best to reach out to your web hosting provider or a website maintenance service provider to remedy the situation and help put measures in place to try to ensure another hacking episode does not occur.
How Can I Prevent This From Happening In The Future?
Well, one of the best measures to protect your website from the more common WordPress hacks is installing a plugin by the name of Wordfence.
Wordfence is available as both a free and premium/paid plugin, but for the most part, the free version will get you by just fine.
Let’s address a few other quick tips to ensure you don’t wear a massive “hack my website” target on your back:
- Ensure you are using the most recent version of WordPress.
- Ensure your existing plugins are stable and updated.
- Ensure ModSecurity is enabled and active on your web hosting server (if applicable).
- Ensure your .htaccess file has the proper file read/write permissions (ask your hosting provider).
- Ensure your wp-content file directory has proper, secure read/write file permissions (ask your hosting provider).
Of course, these recommendations are not guaranteed; however, between using a security plugin such as Wordfence and ensuring you execute the 5 points mentioned above, it will be far less likely for your WordPress website to be the victim of a hack or exploit.