Recovering from the Hack

So you were hacked, but the good news is you’ve gotten your site cleaned out. So now what happens? How do you recover from this and move forward?

Your new plugins

One of the first things you should do is take a look around your new & clean site. Now,  provided you’ve had a professional job done you should have some new plugins. Firewall, Security, Backup Offsite, and some extras depending on who cleaned your site, you may also have a couple of extra plugins. A few that I particularly like are WP Optimize and Yoast SEO.

Firewall

Firewalls are designed to block users that you don’t want on your site (like the malicious bots that roam the internet). I recommend Ninja Firewall which is an easy to use plugin.

Word of Warning: You need to know how to access your files and what dot files are. If you don’t, you should get help.

Security

Having a WordPress site without a properly setup security plugin is a lot like connecting a Windows computer to the internet and not having any antivirus, and then leaving that computer in a high school cafeteria.

I personally use and recommend iThemes Security. In fact I’ve written a whole tutorial about how to configure it.

Backup Offsite

There are two locations that you can backup your files: onsite and offsite. So what’s the difference and why does it matter?

Onsite backups are on the same server that your website resides. These are frequently the easiest, and depending on your hosting arrangement these may be included. The big problem with onsite backups are that while they are a backup for some accidents, they are not a backup for server failure. Usually a hosting company will have some sort of backups for server failure, but the process of getting them restored usually takes at least a couple hours and can take days. Also, you are the mercy of whenever the heck they last made a backup. If you have an eCommerce site — losing more than 24 hours of purchase records can be a HUGE problem.

Offiste backups are backups taken and stored somewhere that isn’t your server. One of the most frequent locations is the cloud. I particularly like storing to the cloud that syncs to another physical device. For example I usually recommend Dropbox, your files are accessible from pretty much anywhere, they keep deleted files for 30 days, and you can sync it to physical hard drives kept elsewhere than your server.

Offsite backups can be set to any backup schedule and leave you with full control over your site and it’s storage. Want it get it setup? I recommend and have written a tutorial on using BackWPup.

WP Optimize

WP Optimize is a great plugin for giving your database a good scrubbing.

Every time you make a post, a revision, put something in the trash, that data collects in your database. And over time, you can end up with a lot of excess gunk. WP Optimize can scrub all that gunk out of your database, and in some cases have given drastic reductions in database size.

Word of Warning: Before using any plugin that manipulates the database, you should backup and know how to restore that backup before using.

Yoast SEO

Yoast is a great tool for SEO and the standard version is also free. Iv’e got an article which goes into a lot more detail about Yoast SEO here.

Recovering your reputation

The first step to recovering your reputation online is to remove any blacklist notifications that you’ve had. I recommend two things: installing the Sucuri Security plugin and also checking blacklist websites to see if you are listed there.

Running Sucuri Scanner

First install the Sucuri Security plugin if you haven’t already. When you first visit it you’ll see your dashboard which will tell you if files have been changed. If you see the green OK, then you are good. Otherwise you should review the changes — not all changes are bad. Next, you’ll want to do a Malware scan. Click the tab and then click on Scan. It will run a scan and you should see CLEAN listed for everything. If not, you have a problem that needs to be resolved. Go to the article on what to do if you’re hacked. Next, check your blacklist status. If you see yourself listed on blacklists, the first one you need to take care of is Google. Many of the others will refer to Google, so it’s pretty much useless to try to fix anyone else until you’ve fixed Google. Each of the lists will have a “More details” link which will take you to an appropriate page to see the issue. These pages also have instructions for what to do once your site is clean.

Fix Google’s blacklist FIRST, many of the others will not accept your site as clean until Google declares it so.

Getting on Google’s Good Side

Go to Google’s Webmaster tools and visit your site (if you didn’t get setup before with Webmaster tools, click here). From there click on Security Issues and you will be able to request a review of your site (make sure it’s CLEAN first).

Recovering your traffic

Unfortunately, because of a hack you may have lost some traffic for your website and some customers. Even as little as 12 hours of having your site listed as potentially malicious can bring a hit to you. The good news is that with some time and effort you can get back your rankings.

Going Forward

Now that you’ve been through a hack, I’m sure you don’t want to go through the experience again. It can be both hazardous to your health and your business. The good news is that there is a lot of you can do to prevent hacks in the future. Now no site can be guaranteed to never be hacked — the FBI and white house websites have been hacked, but there is a lot you can do to reduce your risk.

Top issues I find when cleaning out sites:

• Publicly available usernames (or username “admin”)
• Insecure passwords.
• No security installed.
• Out of date website. A lot of hacks happen to people who haven’t updated — many hackers use the announced security patches to go after websites who haven’t installed them yet.
• Allowing PHP execution in uploads folder.

Want to avoid the pain of recovering from a hack? Get your website professionally maintained.