
Having your website hacked is awful. However, it is something that could happen to any of us. I share what to do if your website gets hacked.
My website
I started this website in January of last year as a way of sharing my thoughts about life in Jersey. It has been there through the tough times and it has also been somewhere I have shared my excitement and good news. I have shared photos and memories of my children and I have raised money for good causes all through this website. When I started blogging I never anticipated that this would grow into a business and that it would enable me to forge a career that I can fit around family life. I’m not making millions (despite what the Daily Mail would have you believe about us bloggers) but I make a small amount and every bit helps. My website has also led to other freelance work. Therefore, this website has evolved. It has gone from journal to job. This website is my CV. As a result I am fiercely protective of it, turning down the majority of work I am offered. If I don’t believe in it then I won’t share it. This website reflects me. I am proud of what I have achieved with it and what I have created.
What it feels like to have your website hacked
I have always worried about my website being hacked. I had seen it happen to other bloggers and knew how upsetting it can be. There was a spate where it seemed that every blogger I knew was getting hacked. Therefore, I tweaked my security, I locked it down like Fort Knox. I thought that it was so secure that I was practically invisible. I am amazed that Google was even able to find me. Yet, despite the fact I had built a fortress round my blog, they still got in. When it first happened I had about 20 minutes of panic. I felt violated. They had taken something that I had created and rifled through my blog leaving their footprints everywhere. In my case I was lucky that they had relatively clean footprints. It appeared that they were just wanting to push Persil tablets. However, I was still annoyed as I am allergic to Persil tablets 😉
The lovely people over at HP asked me if I would like to share my tips for what to do if your website ever gets hacked. I am sharing what I have learnt so that you don’t have to go through it.
What to do if your website gets hacked in 14 easy steps
- Firstly don’t panic. Easier said than done, I know. If you don’t want people accessing your website with the way it looks then you can install a plugin to put it into maintenance mode. You can even personalise a message saying that you are working on your website and that you will be back soon. Therefore, no one will need know that you have been hacked. This is really useful if your website is your business.
- Secondly, contact your host and advise them of what has happened. They should run a scan for you and will be able to confirm if you have been hacked. Ask them to check your backup. If you are lucky then you can install that one and you are good to go.
- If your backup isn’t clean then it is time to get the professionals involved. You want to make sure that this is dealt with properly. There is no point putting yourself through the stress of trying to clean it yourself. I paid for Wordfence to clean it for me and for them to run a malware scan. However, there are other companies that offer the service too. Wordfence will clean your website and should also be able to tell you how they got in. However, sometimes even Wordfence won’t be able to tell you how they did it.
- After your website has been cleaned you need to think about trying to make sure that this doesn’t happen again. You need to make sure that your website is really secure. It is worth paying for security rather than relying on a free version to protect your site. Do your research but at the time of typing this Wordfence and Sucuri were highly recommended.
- Once you have installed your new security it is worth asking a professional to give your blog a security MOT. I asked for recommendations and found someone who was highly recommended and who I knew that I could trust. They tightened everything up for me and I now have someone I can call on if it happens again.
- If you don’t want to pay someone to check your website for you then there are plugins that you can install to check if your website has any gaping security holes. It is worth running a check as this will tell you what you need to tighten up. Once you have run your check make sure that you delete the plugin.
- Don’t install loads of free security plugins. Before I paid for one I had several as I thought that it would make my site more secure. It doesn’t, if anything it can cause a conflict making your site less secure and vulnerable. It will also slow your site down.
- Passwords. Make sure that you change your passwords regularly, and straight away after a hacking. They should be completely random and not just letters.
- Your username should not be obvious. Do not have admin.
- Plugins. Hackers will often get into your website through an old plugin. Really, you don’t want to be using plugins that aren’t updated regularly. Also delete any plugins that you are not using.
- Make sure that you run your own backups too. You can set this for daily, weekly or monthly. If you are then hacked again then you have a copy of your website that you can install. You don’t want to just rely on your hosts.
- Check your users. Make sure that the hackers haven’t set themselves up as admin. If there is anyone on there that you don’t recognise then delete them.
- If you are on a WordPress site then you need to generate a new security key.
- Once you are happy that your site is secure and clean then run a scan of your computer to check that is clean too.
If it happens to you then please don’t panic but I can’t stress enough that it is worth paying for a professional to sort your website out. That way you can hand it over and stop worrying about it. Moving forward you need to ensure that you are always changing your passwords and keeping plugins and themes up to date.
HP and their cautionary tale
This film by HP has made me realise that it isn’t just websites that can get hacked. We need to be careful with our emails, social media accounts, home servers and print security. If we aren’t careful then we won’t realise until it is too late. As this film illustrates, it could be anyone, anywhere. On an aside note, Christian Slater is truly terrifying. Don’t have nightmares, stay secure.
Pin for later:
Disclaimer – this was a collaborative post with HP
I’ve seen a lot of hacks these past few months so I’m sure this post will be gratefully received.I need to go over your tick list.
What a horrible experience but some excellent tips for dealing with it and preventing hacking happening again. I really need to review my security around my site, I think I’m probably guilty of being like yourself and putting in too many security plugins which then conflict. Also, mildly terrifying movie but a great way of getting the message out there!
It is incredible what they can do with technology these days. Getting hacked is a bit fear of mine. I have wordfence installed but currently just use the free version – I’d have no issues with paying them to help if I do get hacked though. Like you I would want to know the problem was fixed properly! I also back up weekly myself 🙂
There’s so much helpful information here. I’d never really thought about the conflict caused by numerous free plug-ins all trying to do the same thing and I’d also never thought of getting a blog MOT. Great idea. Off to review my plug-ins!
The whole thing makes me feel physically sick. I have the most long winded ridiculous password you could ever think of so am most likely safe in that respect but things like plugins failing worry me!!
This something i really need to consider to protect my blog. Some fab tips for protecting my blog. Xx