It happened. I got WordPress hacked. It was a huge nightmare. Many of my sites were infected. It got so bad that no only did i have to delete a handful of sites but several of my sites got listed with Google as a site that hosts maleware and I was put in Google jail until i could fix the issue. WordPress hacks are very common now, a lot more then just a few years ago. I did what anyone would do when facing a problem like this, I called my webhost in hopes of figuring out the damage really was and a path forward to solve the problem. Sadly my hosting company had been sold to a giant conglomerate and no longer will put in any kind of support ticket for any kind of security issue. So I dropped them like a hot fucking potato after being with them for 8 years and found a company who would not only host me but helped me clean my compromised sites . During this process I learned some basic things that anyone with a WordPress site can do to help keep the hackers at bay.
- keep your WordPress version up to date. You would think this is a no brainer, its not. Do it keep it up to date. When you get that email saying theres a new version of WordPress. UPDATE! Its likely got a fix for a known vulnerability. This will save your ass.
2. Keep all your plugins up to date and delete ones you’re not using. Have plugins you tried out but then thought eh… delete them. you don’t need them sitting there inviting hackers to play with your wordpress back-end. Keep all the plugins you do like up to date and fresh.
3. Delete any only themes you’re not using. Say buhbye to all those themes you tested out and though, yuck. You dont need them and they also can be a way in for hackers.
4. Keep your theme up to date. If you have a theme thats is never updated time to find a new one. This is a very common way hackers can bust into your site. You want to stay with a theme that updates.
5. Wordfence. Install it ( its free) and run regular scans. Its a serious life saver.
6. Find a hosting company with good tech support. Not all companies will help you if you get hacked. I learned this the hard way, most of my sites were off line for a full week and I spent countless hours the phone arguing with my ass-clown hosting company (cough Hostgator cough) getting nowhere fast. Whoever you host with should be able to in the very least help you sort out whats going on, give you some guidance on how to handle it moving forward and in some cases actually help you fix the issue.
7. Change your passwords. You have to change your passwords to something hard to break. Do not use anything with words in it, make it a mix of special characters and capitals and it should be long. I know how will you ever remember it? You wont. Write it down, use a password manager and suck it up. Passwords are so easy to hack now its not even funny.
None of this will guarantee you wont get hacked but its a good step forward and some of the better WordPress practices you can employ. Its better to take the precautions then to pick up the frustrating pieces of being WordPress hacked.
Follow Jenny DeMilo on Twitter