Unfortunately, my site (SujanPatel.com) was hacked again, but I’m happy to report that everything is back up and running – no data lost and no personal information compromised.
I wish I could say that this was the first time somebody messed with my site, but what I’ve come to learn is that getting hacked is part of the price of admission for running on WordPress.
Don’t get me wrong – I love WordPress. The fact that it’s open source and widely adopted means tons of great templates, plugins and add-ons, many of which I use to power this blog. But those same pros turn into cons when you take into consideration the fact that hackers have the same amount of access as you do.
Dealing with the potential for WordPress hacks requires two things – being able to recognize the signs that you’ve been hacked, and knowing how to clean up the mess while simultaneously protecting your site for the future.
Obviously, the first step to recovering from a hack is to recognize that it’s occurred – but that’s surprisingly easier said than done.
It’s in the hacker’s best interest to mess with your code in such a way that you don’t notice. After all, if you catch wind of what’s going on, you’ll take steps to fix it – and that doesn’t serve the hacker’s goals (which might be everything from neutralizing your site as a competitive threat to adding spam links for the purpose of generating link juice).
After my site was hacked the first time, I installed a program called Sucuri which monitors my code for hacking attempts and helps in the recovery process whenever something happens. I really can’t recommend these guys enough – they’re fast, they’re extremely affordable and they’ll save you tons of time should a hack occurs. If you have a site on WordPress, you need to set up their service ASAP.
If you don’t have a monitoring system in place, you need to be more proactive about watching for website hacking attempts. The signs may be subtle, but keep an eye out for any of the following changes:
Usually, the hacker’s goal isn’t to crash your website, but it does happen from time to time. Typically, this will occur if the hacker has added so much bad code to your website that it slows down to a crawl or crashes entirely, or if the bad code that’s been added conflicts with a plugin or theme on your site.
You might also run into this issue if your hackers have, unbeknownst to you, added your site to a network of websites that’s used to redirect email traffic. If detected, your ISP may shut down your website in accordance with their terms of service.
If your site usually gets a lot of traffic, you’ll either notice this hack yourself or hear about it from one of your followers. Your first clue might also be a cursory check of your site’s analytics dashboard, which will show your traffic numbers down – or nonexistent.
Having a slowed down or crashed site will definitely result in a loss of traffic, but it’s not the only possibility that can lead to this outcome.
Some hackers will commandeer your site and use it to reroute your traffic to another page, causing a drop in your reported visitor counts. Others will leave visible evidence of their hacks on your pages, which will affect your bounce rate as visitors arrive on your site and then leave after seeing something suspicious.
You may even find that, if Google has blacklisted your site due to the presence of malware or other bad code, your traffic drops off because potential visitors will see a warning message when clicking on your site in the search engine results pages (SERPs). Since most people are naturally afraid of things like online identity theft, the odds that they’ll click through – even if they know your site is legit – are pretty slim.
Logging on to your pages and seeing the visible evidence of a hack is both scary and frustrating, but you can at least take comfort in the fact that you’ve been alerted to the intrusion. Some website owners can go months, or even years, without detecting a site hack, putting their reputations at risk as long as their code is infected.
With most visible hacks, you’ll see strange looking code in a couple of predictable places, including:
That said, not all hacks affecting areas like your site’s footer are going to be visible. It’s possible for hackers to insert code into your site that Google will see, but you and your visitors won’t. Even if they aren’t visible, these additions can slow down your site or result in a blacklisting penalty.
If the hackers taking advantage of your site are very good and very determined, you might not see any evidence of a hack until the email messages you send out start bouncing back to you. Here’s how this typically plays out:
If this occurs, there’s a good chance your email marketing service provider will limit your ability to send messages – or eliminate your account altogether. Not only is that a huge deal for any business that relies on email marketing for sales and return website visitors, it can take tons of time and lots of back and forth to get your account placed back in good standing with your provider.
Most US webmasters don’t pay much attention to their bandwidth usage, as nearly all website hosting plans these days come with unlimited access. But if you’re in a country that charges a premium for going above your preset bandwidth limit – or if you just happen to keep an eye on this metric out of curiosity – you might notice it increase dramatically as the result of a hack.
There are a few different factors that can lead to a spike in bandwidth usage following a hack:
Not all reasons for bandwidth spikes are negative; they could occur as the result of well-executed marketing campaigns or successful PR pushes generating higher than average levels of traffic. By and large, though, this is a sign that should provoke immediate suspicion if you see it pop up on your analytics reports.
Say that, unfortunately, you’ve detected one of these symptoms and confirmed that yes – indeed – a hack has taken place. It’s a sick feeling, for sure, to know that your site’s security has been compromised, but you can’t let that stop you from taking immediate action.
Here’s how to handle your hack:
Acting quickly is incredibly important when it comes to recovering from a hack. If you’re lucky, and you detect the hack before things get too bad (as in, before your reputation is irreparably tarnished and your site is permanently blacklisted), you’ve got two choices. You can either fix it yourself, or you can call in the professionals.
If you’re truly tech savvy and have expert-level coding skills, by all means – take a crack at repairing your site on your own. Don’t be too over-confident, though. Hackers do what they do for a reason, and there’s a good chance that if they were able to slip into your site undetected, you’ll either miss a necessary part of the clean-up process or inadvertently make the situation on your site worse.
Nearly all webmasters running WordPress sites are going to be better served by turning to security experts to assist in the repair process. As I mentioned before, Sucuri are my go-to guys, but posting a notice to sites like Guru or Elance should help you turn up a talented web developer or recovery specialist as well. Be sure to check each candidate’s credentials thoroughly before hiring, though, as an unskilled coder could leave you with a bigger mess than you began with.
Next, it’s time to own up to what’s happened on your site. You know what’s embarrassing? Having to admit to your customers that a hack has occurred. But you know what’s even worse? Having them speculate on why your site is down or worry that those strange code snippets they saw mean their own private information has been compromised.
Notifying your followers is especially important if there’s even the smallest possible chance that any of their information you had stored on their site was accessed or stolen. In this case, it’s best to be direct. Outline what has happened, what types of information may have been compromised, what followers should do next (for example, order new credit cards or request a free copy of their credit reports) and what steps you’re taking to make things right in the future. Offer your sincerest apologies for any inconvenience your hack – even if it isn’t really your fault.
Since your site is likely still down for repairs, you’ll want to disseminate this information through other channels. Social profiles are a great first place to start, but sending an email (if your domain hasn’t been blocked by your provider) or putting out a press release may also be appropriate, depending on the scale of your hack and the size of your audience.
Finally, if you’ve gone through the hack process once, you’ve probably already guessed that one of your top priorities should be reducing your risk that this type of attack will ever happen again. And if you haven’t gone through a hack yet, trust me on this – an ounce of WordPress preventative security measures is worth a pound of site repair cure!
If you’re running WordPress, there are a number of steps you’ll want to take to help remedy the weaknesses that come along with an open source system:
Next up, consider installing all of the following security plugins to help address weaknesses and loopholes that the changes above won’t protect:
If you’re a Sucuri subscriber, you can use their WordPress plugin to handle many of these needs, including a site firewall and malware scanning feature. There are also plenty of different paid WordPress security plugin options, such as VaultPress and WordFence Premium that many of these different needs from within a single system.
WordPress security may sound complicated, but it’s something you can’t afford to ignore. Maybe you’ll be one of the lucky ones who’s never targeted, but as with so many things in life, it’s better to be prepared for the possibility than to find yourself scrambling to repair the damage from a hack you could have prevented. Adopting the tips above won’t guarantee your site will never be hacked, but it’ll make the process much easier to deal with, should the worst occur.
About the Author
Sujan Patel is the VP of Marketing at When I Work. Previously Sujan founded Single Grain, one of the top Digital Marketing agencies in San Francisco, CA. With more than 12 years of Internet marketing experience and has led the digital marketing strategy for companies like Sales Force, Intuit and many other Fortune 500 caliber companies.
Sujan Patel is a data-driven marketer and entrepreneur. He is a high energy individual fueled by his passion to help people and solve problems. Sujan is the co-founder of WebProfits US, a growth marketing agency & software companies, Narrow.io & ContentMarketer.io, tools to help marketers build their Twitter following and scale content marketing efforts.