Some people may be surprised to find this article here in the IP Address Guide, but after all the guide is about all sorts of security, and we believe that this is information that can turn really useful to our readers out there.
The article is focusing on securing WordPress websites, and how to make sure that your website is not hacked and infiltrated with malware, and if infected, we will give you some advices on what to do, to get rid of the problems!
Let us just start telling that hacking a website is not only about hacking the front page of the IP Address Guide and changing the content and added an ugly pig to the logo or whatever. Hacking is often about working in the darkness, meaning that the website owner will not even notice that the site has been hacked. Both these versions are typical and normal, and we will try to give some advices concerning both options on what to do to hinder a future attack, and give advices on how to fix your WordPress site after a hacking attack and some malware or other code has been added to your site.
How to secure your WordPress site
If you have a WordPress site and want to secure the site, then there are some basic steps worth making. Some plugins are ideal and will help you do these, and some steps can easily be done also without using any plugins.
- Do not use Admin as your username, but fine another username.
- Delete users, themes and plugins not in use.
- Always update your WordPress installation and all WordPress themes and WordPress plugins to the newest versions.
- Make sure to block users trying to log in several times and not succeeds doing so (there are several plugins that will help you with this).
- Keep the password of the administrator and all other users packed with capital and normal letters, with numbers and other special signs.
- And now is the time to install some sort of security plugin for WordPress.
- One great plugin is iThemes Security or the Sucuri plugin.
These are some general advices on how to secure your WordPress site. All these are good steps, but the very best advice is to visit the website of Sucuri and sign up for the services of those guys. They will watch over your site, do frequent controls, and if someone actually should hack your site, add malware or so on, they will remove it for free. We are really big fans of Sucuri and are using them ourselves, so this is not just something we write, but based on experience we can warmly recommend them!
But, what if you have come to this article not looking for help on how to secure your site, but looking for information on how to fix your already hacked site?
How to fix your hacked WordPress site?
If your WordPress site has been hacked it can show in tons of ways. Maybe you have received a notice from your ISP telling you that the site is hacked and that you have to fix it. Maybe they also told you that for quite a big amount of Dollars they will do it for you. Or another option is that your entire site has been closed down and until the malware has been removed, your site will remain offline. What can be done?
- One option is to download your entire website using FTP and then use a virus scanner/malware scanner to look for viruses and malware in the files on the servers. However, this is often not enough, or your scanner will not find anything. What can be done then?
- Ask your ISP for information on what files are infected, because if you at least know what files are infected, you have a much better chance of finding the error yourself.
- Go look for someone who will do it for you, and pay them for doing so.
The last solution is where it often ends, because pro hackers are really good at hiding, and a normal untrained eye will not find out where and what the problem is. Again we would give our nice words to Sucuri who not only helps our site stay secure, but we have several times used them so that when a site is hacked we add it to our already existing Sucuri account, and then we immediately ask them to clean it. For them to clean a site does not require that it has been in their registry for weeks or months, it is enough adding it at the time your site is hacked, and then they will do their best. They also have a money back guarantee, so no risk in trying this!
For Sucuri to repair your site you will need to give them access to your website using FTP. This might seem and sound a bit scary, but this is a matter of trust, so if you do not trust them, you will not give it to them, and they can not help you. But if you want someone on the outside to help you remove malware, then you will for sure need to give them access to your website anyway!