You visit your website, and the first thing that you see, is that it is not functioning as how you want it to function, then you discover something which makes you yell My WordPress website has been hacked. After some sigaretes and drinks, you have the reality check, yes, my wordpress website has been hacked and I need to take action. Well, you are lucky, in this article, we will discuss the steps that you will need to take, once you have noticed that you have been hacked.
Start with the WordPress FAQ
Wordpress is a widely used package, so the chance that cybercriminals will target WordPress environments is very high. This means, that on a daily basis, WordPress websites are attacked and owners need to take action to fix their websites. WordPress knows this, and in order to help hacked website owners forward, they have setup a FAQ on their website.
In the FAQ you will get instructions on:
Scanning your local environment
Checking with the hosting provider
Improve access controls
Reset all access
Finding and removing the hack
Using the WordPress community
How to update WordPress
How to change your passwords
Securing your website
First, snapshot the hacked environment
This might sound harsh, but it is the best thing you can do, in this way, you will have a backup of the hacked website, which you can use to investigate in-depth of what exactly has happened. There are a lot of security services available that will help you to investigate what has happened, and how it was possible that the threat actors got inside your WordPress website. The results of that can be used for cyber insurance claims and lessons learned sessions.
The chance is there that your hosting provider can be in assistance of this, so make sure that you contact them.
Take down your website
If you care about your visitors, it is adviced to take down the WordPress website. Go into maintaince mode, and make sure that you inform your visitors and community about the fact that your website has been breached, and that you are investigating the matter. In this way, your visitors are informed and you can minimize the damage that your hacked WordPress website can bring.
Inform your hosting company
Your hosting company is your friend, as mentioned before, WordPress websites are attacked on a daily basis, and your hosting company has a lot of experience with these type of attacks. They can help you to identify the hack, clean-up and update your WordPress to a secure status again. Most of the hosting companies have security services running that can identify malicious files and hacked environments such as WordPress, so do contact them.
Remove all your plugins & themes
Make a list of all the plugins you have and all the themes you have. Now you have the chance to remove all of your WordPress plugins, reset them to disabled, and then remove them.
Once removed, you continue to your WordPress themes and remove all of the themes you have with the exception of the official WordPress theme.