So, even after all of that work you’ve done to prevent being hacked; even after all of the great website hacking prevention information we’ve shared with you in previous posts on WordPress website hacking, your WordPress site got hacked anyway. “Now what the H… do I do?” Right?

What to do when your WordPress website gets hacked

Hey, it happens to the best of us. These days, everyone is vulnerable to hacking of some type. Since WordPress is, by far, the most popular CMS on the internet, it makes for an easy target. And, since we’re all smart enough to use the best website platform out there, we become vulnerable too. So, what to now…

  1. Don’t panic. (Have a glass of wine if you begin to panic… or, you know… for the woo-woo types – meditate.)
  2. Remember – you have a backup in place. (Please tell me that by Article 4 you DO HAVE a backup in place. I mean, really, some of you are sooooo hard-headed.)
  3. Examine your options for restoring your website.
    • For a complete website take-down, use your Backup Plugin, such as Backup Buddy (or whatever backup option you’ve chosen) and do a site restore. Boom, Done – you’ll be up and running again in less than 30 minutes.
      • After you do your site restore, please go change your FTP password, just in case.
    • If you suspect that a hacker has installed malware on your machine, you should first confirm your suspicion by going here and doing a free site scan: http://sitecheck.sucuri.net/scanner/. If you find that malware has been installed by a hacker, you have two choices:
      • You can simply delete everything and restore from your backup.
      • OR, it the thought of wiping things clean and doing the restore yourself (or at all) makes you reach for the bottle of wine AGAIN, sucuri.net will clean your site for you (for about $80). They will have you up and running in no time, AND will continue to monitor your site for a full year afterward (and fix any other malware problems you have for the rest of the year). <— This is a seriously AWESOME service.
  4. Now, check your computer. If your website has been infected, it makes a great deal of sense to check your machine for infection as well. Run a scan and make sure you’ve installed all available updates like we talked about in Article 3.

Getting your website hacked is no picnic, believe me; BUT, it is survivable. All you really have to do is follow the suggestions we’ve offered in this series of articles on WordPress website hacking, and you should be golden – even if you do happen to get attacked.

Just make sure you keep that bottle of wine nearby.