Your website was hacked and taken offline. Or worse yet, hackers gained access to your site and used your server to spread malware to your customers. What can you do to fix your website and get back on the right track?
A compromised website takes many by surprise. Imagine a customer calls and says your website was defaced. Or imagine you start getting alerts about your business website. Imagine your bank contacts you and says your site is processing fraudulent transactions. Or imagine you get a call reporting that your customer information has been leaked to the web.
If your website is hacked, your reputation could be damaged. Your business will be at risk. You have to respond quickly.
You must notify your customers and fix the hacked site fast. Keep reading to learn how to fix your hacked website.
How do attackers gain access to websites?
Hackers constantly probe websites for vulnerabilities, weak passwords and unpatched software. Automated programs, known as “bots”, probe sites for exploits.
Other bots scan sites and test for weak passwords.
Together, these bots help build a database of sites that may be vulnerable to attack. Once your site is known to be vulnerable, an attacker will launch their hack.
An attacker will most often gain access to a website by way of an unpatched software vulnerability. Computer software is far from perfect. Hackers, researchers and programmers find bugs in code. Malicious parties exploit these bugs to force crashes and finally hacks.
Now that you understand how your website could be compromised, let’s learn how to fix the problem.
How to fix your hacked website
Take the site offline immediately
To prevent damage to your brand and reputation, contact your web developer and take your site offline immediately. Better to have nothing there, than a fraudulent or malware-infested site.
A good short-term solution is to redirect your site to a simple HTML page on another server. On this page, inform your visitors that your website was compromised but that you are working to protect their data and fix the problem.
Identify the hack
Determine the source and the extent of the hack. Develop a timeline of events by looking at logs and code changes. You can determine when hackers breached your site by reviewing backups and seeing when code files change. Use a tool like WinMerge or KDiff to compare backups.
Restore from backup
Once you identify when and how the hack occurred, restore your site to the newest backup before your files were compromised.
If you make a lot of changes to your site, you might lose work restoring to a backup. Losing work is always painful, but the fix is much less painful than getting breached again.
Don’t have a backup? Most web hosts offer automated backups of websites, at least once a week. If you don’t have a backup, you can still recover. But you must be very careful in scanning and cleaning your website files.
Change all passwords
Once you restore the backup, immediately change your site passwords. Force password changes for all accounts on your site, especially users with administrator or editor access.
Also change your hosting account passwords.
If you determine that your website breach was due to a compromised password, check your computers and devices. Consider using a password manager.
Review users and permissions
Audit the accounts on your site. Remove unnecessary or outdated accounts. Check that your accounts have appropriate levels of permissions. Do not allow more permissions than necessary for a given task.
For example, a user that primarily writes articles for your site should not have full admin access. Only give the required minimum access to complete a task.
Segment your users by function. The accounts you use for admin functions should remain separate from your editor and author accounts.
Scan your website for malware
Use an external malware scanner to check your site for malware as it appears to a site visitor.
A server-side, or offline, malware scan will deeply review the source code for your site.
Some external malware scanners scan your site for free. For a server-side scan-and-clean, think about paying for a solution. Securi, Wordfence and Malcare offer support for WordPress and other popular content management systems.
Your budget and business needs will determine the scan you choose. (some web hosting companies will automatically scan your server-side code for malware)
Update outdated plugins and software
Most hacks take place because of unpatched plugins or outdated software. Update your web content management system (CMS), and make sure to update all your plugins.
Using WordPress? Turn on automatic updates for your plugins. Enable automatic updates for core site files. If you have control of your server environment, make sure you use the most recent version of PHP available.
Remove unnecessary plugins and old code
The more plugins and functions you add to your site, the larger the attack surface. Determine the plugins and code necessary to provide essential functions to your customers and site visitors. Review old code and remove what you don’t need.
Eliminating unnecessary plugins and old code will help secure your website. Doing so can also help speed up your website.
Secure and limit logins
Secure your login pages with a captcha code or multi-factor authentication.
Limit invalid login attempts to a set rate. If a hacker or program attempts to log on too many times or too quickly, your site should automatically block the origin.
Don’t try to reinvent the wheel. Captcha codes, multi-factor and login limiting are best accomplished with modules or plugins.
Set up monitoring and intrusion detection
Choose an up-time monitoring solution for your site. A monitoring solution will notify you if your site goes offline or starts returning error codes and defaced pages. Hosted solutions include UptimeRobot and Site24x7.
Staying updated on your site status will help you remediate damage and respond quickly should a hack happen.
Consider setting up a Web Application Firewall (WAF). Common options include Cloudflare and Securi.
Check your backups
Make sure you have a valid backup of your website at least once a week. Most web hosting companies offer once-weekly backups, included with hosting plans.
If your host doesn’t offer at least weekly backups, think about upgrading to a better host.
You can also perform manual backups of your site. Download the database and files to your computer and save offline. In certain cases, you might find manual backups necessary.
However, automatic backups are a must for the ongoing security and continuity of your data!
A hacked website can damage your reputation and your brand. Your business will be at risk, and you’ll have to respond quickly.
Fix your hacked website fast. Take the site offline and identify the source of the hack. Restore from a clean backup. Change your passwords. Audit your site users and their permissions. Limit and secure your logins. Scan your site for malware, and update your software and plugins.
Detect and mitigate future attacks by setting up site monitoring. Ensure you have a working backup solution.
Was your site attacked? In the case of a hacked website, ComputerKick can help. We offer site security audits, risk management and free consultation. Contact us via email (email@example.com) or on LinkedIn.