Your WordPress website can be hacked if you don't take serious steps to improve the security of your site. And even if it's hacked, it's still a good idea to take steps to prevent this from happening again. The reason that WordPress sites are a common goal is because WordPress is the most popular website builder in the world, powering more than 31% of all websites, which means hundreds of millions of websites worldwide. All of these accounts are protected by passwords. Using weak passwords makes it easier for hackers to crack passwords with some basic hacking tools.
File permissions are a set of rules used by the web server. These permissions help the web server control access to the site's files. Incorrect file permissions can give a hacker access to write and change these files. All your WordPress files must have a value of 644 as file permission. All folders on your WordPress site must have 755 as file permission.
See how Sucuri helped us block 450,000 attacks on WordPress in 3 months. Every day, thousands of websites are hacked. WordPress sites make up a disproportionate percentage of those sites, as they power more than 30% of the web. The point is that no website is 100% exempt from the possibility of being attacked. Once you are online, you will be attacked. Not familiar with 2FA? See our introduction to two-factor authentication for WordPress.
A hacked WordPress site is as harmful as having your house stolen. It can completely destroy your peace of mind and adversely affect your online business. Suffering a hack can be one of the most frustrating experiences you'll ever have on your online journey. However, like most things, taking a pragmatic approach can help you maintain your sanity. At the same time, go beyond problems with the least possible impact.
A hack is a very ambiguous term, which in itself will provide little information about what exactly happened. To make sure you get the help you need through the forums, make sure you understand the specific symptoms that lead you to believe you've been hacked. Also known as indicators of compromise (IoC). Not all hacks are the same, so when you participate in the forums, keep this in mind. If you can better understand the symptoms, teams will be better equipped to provide help.
Below, you'll find a series of steps designed to help you get started on the post-hack process. They're not all comprehensive, as it wouldn't be practical to consider every scenario, but they're designed to help you think through the process. So yeah, take a step back and compose. Doing so will allow you to take control of the situation more effectively and regain your online presence. You are creating the baseline for what is recognized as an incident report. Whether you are planning to conduct the incident response yourself or hire a professional organization, this document will prove invaluable over time.
We recommend taking a moment to also write down the details of your host environment; this will be required at some point during the incident response process. When scanning your website, you have several different ways of doing this; you can use external remote scanners or application-level scanners. Each one is designed to observe and report on different things; no solution is the best approach, but together they will greatly improve your odds. Other related security plugins are also available in the WP repository; the ones listed above have been around for a long time and have strong communities behind each of them. The hack may have affected more than just your site, especially if you're using shared hosting; it is worth checking with your hosting provider in case you are taking action or need. Your hosting provider could also confirm if a hack is a real hack or a loss of service, for example. A very serious implication of a hack these days is around the blacklist of emails; this seems to be happening more and more as websites are abused to send SPAM emails; email blacklist authorities mark the website's IPs and those IPs are often associated with the same server that is used for email. The best thing to do is to look for email providers like Google Apps when it comes to your business needs; Google's blacklist issues can be detrimental to your brand; they currently blacklist somewhere in the neighborhood of 9,500 to 10,000 websites a day. There are several forms of warnings, from large landing pages that warn users to stay away, to more subtle warnings that appear on search engine results pages (SERPs). You'll often hear people talking about updating things like Passwords; yes, this is a very important piece, but it is a small piece in a much larger problem. We need to improve our overall stance when it comes to access control; this means using complex, long and unique passwords to begin with; the best recommendation is to use a password generator such as those found in applications such as 1Password and LastPass. This also extends beyond the user and should include all users who have access to the environment. Once you identify a hack, one of the first steps you'll want to do is to block things down to minimize any additional changes; the first place to start is with users; you can do this by forcing a global password reset for all users, especially administrators. Hopefully you'll have a backup of your website, but if you don't have one, this will be a good time to create one; backups are a critical part of continuing operations and should be something you actively plan to move forward. You should also ask your host what their policy is when it comes to backups; if you have a backup, you should be able to perform a restore and skill directly on forensic work. In any case, before moving to the next cleaning phase, it is recommended to take one more snapshot of the environment.
