Published On: 5 October 2016

Has your WordPress website been hacked? Don't worry, we will help you!

Examples of spam in Google results

Examples of spam in Google results

How can you tell if your website has been hacked?

  • In Google, your listings show a notification saying "This website may be harmful to your computer."
  • You notice advertising/spam on your listings in Google.
  • You get notifications and/or emails from people or servers that have received (spam) mail from your domain name.
  • The website cannot be reached properly. This could also be due to something else, e.g. too little memory or disk space, an automatic update that did not go well...
  • There are links or text on the website that do not belong there.
  • There are blog posts on the website that don't belong there.
  • You note other things that don't add up.

Why is your WordPress website being hacked?

  • Obtaining user data such as usernames or passwords.
  • Obtaining credit card details from customers.
  • Sending spam/advertising emails
  • Spreading malware to website visitors
  • Phishing, obtaining data by sending trustworthy-looking emails asking you to hand over personal data or log in somewhere.
  • Redirecting visitors to other websites.
  • Using the website to attack other websites and make them inaccessible.
  • Hosting package storage is used to store (often illegal) files.
  • Displaying content such as products, texts and links.

What could be the cause?

  • Often hacks are caused by a security leak, also known as an exploit. This can be due to poor security, overdue maintenance of templates, plugins and WordPress itself, or it involves a leak that is not yet known.
  • Malware on your own computer.
  • Someone has intercepted or otherwise obtained your password. This could be via a hacked mail account, but also passwords that were not stored properly, easily guessed or were on a piece of paper on the desk....

Generate salts for WordPress as extra security to protect your passwordsHow can I fix it?

  • Depending on your hosting party and agreements, you may or may not be responsible for cleaning up the hacked website yourself. For example, in the case of a Managed WordPress Hosting package at Milcraft from €20 per month we will solve this for you at no extra cost.
    Always notify your hosting party or website administrator of a hack.
  • At best, there is a backup of the website that can be restored to the situation before the hack. We ourselves, for example, make daily backups with a 30-day retention for each customer.
  • Change all passwords, of WordPress, mail accounts, database, FTP. Of course, do this AFTER restoring the backup.
  • If possible, update all plugins, templates and WordPress itself.
  • Be sure that all plugins and templates come from a reliable source. So from WordPress.org or Themeforest, for example.
    There have been cases where paid plugins or templates were available for free download on dodgy websites. Here was then a backdoor incorporated into it so that hackers could access the website and admin panel.
  • Check all plugins in use, active and inactive, for known security vulnerabilities on the WordPress Vulnerability Database. Indeed, sometimes there is no security update for a plugin because its owner has stopped maintaining it. A WordPress installation then seems up-to-date but nothing could be further from the truth.
  • View all users in WordPress and the hosting package. Hackers often create their own administrator accounts.
  • Block ip's of the hackers and/or report them to the hosting party.
  • No proper backup at hand? No worries. Without a backup, your website can also be cleaned up. We can help you with this.

How do I get the message "This website may be harmful to your computer." away from Google?

  • A review can be requested via Google Search Console. Google reviews the website after it has been cleaned up, and if it is found to be the case, Google will remove the report.
  • Also, Search Console may ask to re-index the website and remove displays of spam URLs. This may take a while, though. Existing urls will be displayed normally again fastest. Urls created by the hacker unfortunately take longer.

How can I prevent a hack at WordPress?

  • Regularly update plugins, templates and WordPress. When updating, there is a difference between updates with additional features and security updates. The latter are important for keeping a website secure.
  • Use strong passwords with uppercase, lowercase, numbers and special characters ( @ # $ %). The more characters, the better the security. For storing passwords, use a handy programme such as KeePass.
  • Use a security plugin to curb the number of incorrect login attempts, among other things. Wordfence comes highly recommended. At Milcraft, a Wordfence licence is available.
  • Generate salts and add them to the wp-config file. You can generate salts here.
  • Keep server software up to date and use a firewall.
  • Website security can be as good as it is, but if the computers used to send e-mails or to maintain the website are not secure, this is a big risk. Always make sure you have a good, paid anti-virus programme. Free usually does not exist on the internet and there are cases where providers of free anti-virus software have sold user behaviour data to third parties. We recommend Kaspersky. Another important measure is to update Windows regularly. These updates can be set to automatic if they are not already.
  • The above points are minimum required security and will significantly reduce the chances. However, giving 100% assurance that you will never be hacked cannot be done. For instance, even big companies like Adobe, Ebay, Citigroup, Apple, AOL, Sony, Dropbox, Linkedin etc. have been hacked in the past. View here a nice overview of the biggest hacks in history.
    Therefore, always make sure the website is properly backed up to minimise lost time and costs in the event of a hack!

managed wordpress hostingNo proper backup of your website on hand or want help cleaning up your hacked website?

No problem. We make a website hack free with a 30-day guarantee!
On taking a Managed WordPress Hosting package of €20 per month or Managed WooCommerce Hosting of €30 per month ecl. VAT, you get a one-off discount on the hacking of your website of €49 excl. This package is the ideal total solution for outsourcing the entire technical part of your website!
Want to know more? Mail us or call 0172-897789