So last Saturday I mentioned my site being hacked. Everything is pretty much sorted out now, thanks to the help of my wonderful friends, Dave and Luana; thank you so much again
Basically, I learned that if your WordPress site has been hacked, one of the few things you should first do are:
- Log into your Cpanel, go to phpMyAdmin, click on your WP database, “browse” wp-options and check the username, email, password. If you cannot log into your WP site, the hacker probably changed your information. Change it to something new.
- If you have the time, download your entire site to your computer and check the files to see if the hacker tampered with any of them. Otherwise, try checking your index pages, especially your theme index page. The hacker might have replaced that page, which is why your site is now displaying something cruddy or inappropriate.
- Just to be safe, you might want to delete everything and re-upload again. That way, you know each file is clean.
- Upgrade WordPress! As well as any plugins! Older versions are more prone to have security issues. I never had any problems with using slightly older versions, but obviously that changed recently and I got my butt kicked.
- Backup asap, and frequently! I’m guilty of not backing up enough. I just end up getting lazy or forgetting, but when something unfortunate happens you’ll be kicking yourself for not simply backing up…
- Use RSS feeds or Google Cache to retrieve any lost posts (and hopefully there aren’t that many since the last time you backed up…). I had retrieved what I could remember through Google Cache and my friend kindly sent me files of my most recent blog posts as well.
- Next time, if you haven’t already, go to your wp-config.php and add some secret-keys to increase your security. You can get randomly generated keys here.
- And lastly, seek the help of a good friend or two (or your webhost, or even a support forum!). Being hacked is definitely a stressful time and if you are inexperienced like I was(!!!) it will be so much more relieving if you can have someone help you along the way.
Of course, the damage on my site wasn’t that bad…or bad at all in the end, compared to what I initially thought. These tips are quite rudimentary, but I hope to never experience anything worse, and I hope no one else ever has to either.