During the past few months, we’ve heard about more WordPress attacks than you can imagine. It must be a new trend, one that we don’t particularly enjoy. And if you think this couldn’t happen to you, well, don’t be so sure.  You can get hacked, and if this happens you need be prepared with information.

What to do if my blog is hacked?

  1. Change your admin password ASAP.
  2. First of all, you really need to be sure your site is really hacked and it’s not a server error or something like this. If someone posted some articles or if the blog is deleted and instead of it you see a message like “you’ve been hacked by…”, then yes, it’s for sure. However, if it’s just a blank page, there can be a number of other reasons. So don’t panic until you are absolutely sure.
  3. Next thing you have to do is log in in your hosting account and change all the other passwords, like cPanel, SQL, FTP etc. Use a password generator that will give strong combination of characters.
  4. Ask your hosting company what happened. They should be able to trace back and find out how you got hacked, therefore you will be able to know where your vulnerability is.
  5. Ask your hosting company for a backup. If your provider is a serious company, they should be able to restore your files at whatever hour you want. If you got hacked at 9AM, you could ask them to restore the backup at 8PM.
  6. Change the admin password again, as it will go back to the old one.
  7. Go to your FTP and see if there are unusual files left there. If so, they might be a backdoor for the hacker to come back any time he wishes. Even if you restore a backup, if the files were non-existent before, they will be untouched.
  8. Check your .htaccess file to make sure the hacker didn’t write any code there either.
  9. Check your local machine for viruses and update everything from software you are using locally to WordPress, plugins and so on.
If you enjoyed this post, make sure you subscribe to my RSS feed!