We have been offering custom web design for many years now and almost exclusively build client sites using WordPress as the content management system. WordPress has proven itself to be incredibly versatile and feature-rich. Most importantly clients have loved having full access to edit their website content on their own. However, as WordPress has grown to be by far the most popular content management system used by websites it has become a target for hackers. As such, in the past year we have unfortunately had to help a significant number of clients remove hacks and restore their site back to normal working order.
How can I tell if my WordPress website has been hacked?
One immediate sign is having a clear “Your site has been hacked” type message appearing on your URL. However, most hackers don’t want to crash your site or make it disappear. They actually want your site up and appearing normal. In fact, many sites that are hacked most people visiting it don’t even realize it.
Here are the ways to tell if your WordPress website has been hacked:
- Your site is redirecting users to a malicious site and trying to install malware on their computer.
- You are seeing words and links to other sites, typically pornography, drugs or illegal services. You may not even see it since it could be white text on a white background, but search engines still can see it.
- If you go to Google and search “site:yourdomain.com” and you see URLs for pages you don’t recognize.
- Your web host sends you a message that your website has been hacked. If this is the case, immediately back up your site in case your host decides to delete your site to protect others on the same server (not uncommon!)
One thing to note is that you need to check your site while not logged in as some hacks will not do anything when it knows a site administrator is viewing the site to help keep itself hidden.
So my WordPress website has been hacked, now what?
Hire a professional in all honesty. If you don’t have much experience in the nitty gritty of WordPress, servers and technical details of a website then the cost to have someone else handle it properly will be well worth it compared to the time spent trying to figure it out yourself. At AshWebStudio, we work with a 3rd party provider to clean up our hacked client sites and simply charge a flat, reasonable fee to get it all cleaned up. There are companies who do this day in and day out and we let them do what they do best – clean up your site properly and thoroughly.
How could I have prevented my website from being hacked?
Most hacks could have been prevented, we have only run into a few where we were left scratching our heads on how it happened. We’ve learned never to underestimate the intelligence and determination of hackers. Here are some basic tips to keeping your WordPress website secure:
- Secure passwords. Many hackers run “brute force” methods to gain access to a site. This means they just try a lot of really common passwords until they get in. One important step WordPress developers took to help combat this common user misstep was to default all new user passwords to being long, complex ones.
- Keep WordPress, and plugins, up-to-date. WordPress itself is very secure and they have a great process of having people report critical security bugs and fixing them fast. However, you have to keep WordPress updated in order for your site to have those security issues fixed on your site. Don’t forget the plugins as they are the most common way hackers get in since they are not scrutinized for security as much as WordPress itself.
- Make sure your computer is clean. We’ve seen a few client sites appear to be repeatedly hacked. After the repeated hacks, we finally found that the client’s computer had malware installed on it which could recognize when the he was logged in as an administrator of his WordPress website. The malware would then inject hidden links to pornography and drug sites every time he updated a page on his site.
There are a lot of more technical things that can be done, but we know you’re not here looking for those details. You know the importance of hiring a professional web design and development company to help you with matters like this. We’re here to help you out.
What do we do to prevent WordPress sites from being hacked?
We of course follow all the prevention tips listed above as well as follow WordPress’ own recommendations for keeping it secure. However, the biggest thing we do is by offering a specialized WordPress hosting option to all our clients.
The WordPress hosting servers are built exclusively for WordPress sites and nothing else. This means they don’t have to try to be a one-size-fits-all server but instead can focus itself on the exact needs of WordPress. One of those needs is security. Security measures which the server has in place help keep hackers out without even us having to lift an extra finger to make it secure. Every client site we have had to clean up has been on a basic (usually cheap) shared hosting service. On the other hand, not a single site on the WordPress hosting servers has had an issue.
The other added bonus of our WordPress hosting is daily, automated backups, automatic updates of WordPress, and site loading times we’ve seen at 10x faster than a basic shared web host. While the price is not going to beat $5/month shared hosting plans, the technical benefits alone are more than worthwhile but our clients have said the peace-of-mind is truly the biggest advantage.
If you are hosting your own WordPress website, I do recommend this extensive guide on WordPress security.