WordPress is the most used content manager in the world. It is estimated that 30% of all websites are made on it! If on the one hand, they give us an idea of the potential of this platform, on the other they have to worry about their vulnerability since the more used a system it is, the more susceptible it is to these attacks, websites getting hacked has become a big nuisance!
There are so many searches termed “WordPress website hacked” identifying how big a problem it really is. Among the numerous measures that we point out, the most relevant are related to the passwords you use and the periodic updates of your installation and plugins to keep them up to date.
In this sense, developing custom themes will ensure a higher level of protection since the code behind it is not visible to everyone.
How to tell if you have been hacked?
Your WordPress may have been infected with malware, a malicious code that without our consent infiltrates the code of our software. There are several types of malware with different purposes (steal personal information from users, show publicity, hack our computer).
As a result, Google will mark your domain with a warning. This measure clearly has a catastrophic effect on your online presence, since many people will be alarmed with the warning and wouldn’t want to access your website. This will also have your site’s visitors opt for your competitors website instead.
In order to tackle this, you can use a server-level antivirus, to do so, contact your provider to see if they have one installed and that they analyze your website. But there are more ways in your web setting portal as well.
How to fix a hacked WordPress website?
After performing this procedure, the installation of WordPress will be clean in the files part, of course, it is worth checking the database through SQL queries you can validate if injections have been submitted.
Once we have detected the malicious code and to avoid major problems to the users who visit our site, what we can do is put the website in “maintenance mode” showing a message warning of the situation, or creating in the file. htaccess a new rule that blocks access to the portal.
Now that we have located the files that have been infected, the question is: how do we do this?
The answer, in this case, varies depending on the type of hacking we have suffered, but the main idea is to delete or clean files from malicious code.
The first step we must do is delete any file that has been infected, that is suspicious, or that is not part of the WordPress installation, installed plugins or template used and that has not been uploaded by us. If you have any questions, we can perform an Internet search to see if this file is really part of the CMS programming or not.
The problem may appear when a file that is part of WordPress, a plugin or theme has been marked as a potentially dangerous file. In this case, we have two options:
1. Replace infected files with new clean malware files
2. Edit those files with malicious code and delete that code
In other cases, the second option can be complicated, especially for those who are not experts in programming. Of all, it can serve as a clue that this type of code injected into the files attackers often use the base64_decode and eval directives, although we can always find false positives, so we must be very careful with what we eliminate.
To avoid this situation, our recommendation is to have a complete replacement of all files on the server. In this way, we guarantee to end all malicious code, including one that has not been located.
Ensuring better security of your website
To ensure greater security of our CMS, it is advisable to carry out a series of practices to strengthen our site. Among these practices, we can highlight:
We have to be clear that any platform we use, such as a content management system or CMS for its acronym in English (WordPress, Joomla, Drupal, Magento, PrestaShop, among others), can be hacked or hacked.
As a consequence, the first thing we lose by being hacked is the positioning we have gained by search engines. We acquire new things such as the ability to infect our users with malware and damage our reputation when the pages of our website redirect to undesirable websites. And the worst that could happen, totally or partially misplace the information on our website.
Security is a priority, and even more so for online businesses. For this reason, it is important to have a good hosting provider. If our possibilities are limited, we could use a managed WordPress hosting like BionicWP, which holds quite a reputation in the market.