My Wordpress Website Has been Hacked: What do I do?

WordPress Website Has Been Hacked

Have you ever Googled a company, clicked on a link and suddenly you are on a pharmaceutical website that advertises Cialis and Viagra for Erectile Dysfunction? We just had a company referred to us last week for this very issue. If you go directly to the website, everything looks fine but if you Google the company and then click on the URL, you are immediately redirected to a pharmaceutical site. What’s more, the client could not log into the WordPress side of the website to make any updates nor could she reset the password because it didn’t recognize the email address that was associated with her website login.

What does all of this mean? It means your WordPress website has been HACKED and there is Malware on the site. Before panicking, most of the time we can help clean the website and get you back into the WordPress files relatively quickly. Rare occasions do happen where the website is irreparably damaged, so we always recommend making sure your website is consistently backed up just in case.

Items to ensure your website is not easily hacked:

Hosting Plan: Make sure that the Hosting Plan you are on is up to date. The PHP level currently used for WordPress is 7.4. On some hosting platforms, you must manually update this. Other hosting platforms are old, and you cannot update the PHP past 5.6. My advice – move off of that platform.
Username & Password: Have a strong Username and Password on your WordPress website. Please use something besides Admin as the username. The password should be unique to your website and be strong with an ample number of letters, numbers and symbols. I recommend letting WordPress create the password and you can always copy and paste it. I also use Double Authentication on all of my company websites because I want to ensure that it is extremely difficult to get into them.
WordPress Updates: Always have your WordPress Theme and Plugins updated. If you do not hire a company to keep your website up to date, please go in at least one to two times per month and keep all aspects of your WordPress website up to date.
SSL Certificate: Make sure your WordPress Website has an SSL Certificate on it. An SSL certificate works to create an encrypted connection between your visitor’s browser and the server.
Malware Scanner: Have a Malware Scanner on your website. We have seen plenty of free plugins that do a decent job although some won’t scan every aspect of the site unless you pay for the pro version, but they work well enough to at least alert you to possible malware issues. There are also a ton of paid plugins out there as well, but some scan the site regularly, but you still need to initiate the cleaning of the website.
Firewall: Firewalls are also beneficial to keeping unwanted traffic off of your website. There are plugins that help with this and some hosting platforms have paid plans as well.

We used to see websites get hacked because they were an eCommerce platform or there was some valuable information on the website that someone wanted. Anyone’s website is open game for hackers these days. With companies spending lots of time and money on building their brand, we recommend protecting your website like you would your computer or cell phone. Even with the steps above, websites can still be vulnerable to being hacked but it is a lot less likely!