‘Help I’ve been hacked!’ We hear this all too often these days. I’m sure you never imagined you’d be writing that.
Opening up your website one morning to find that all is not as it should be is the nightmare of most website owners. Unfortunately it’s becoming a reality for more and more of us with so many hackers around trying to make a name–or a buck–for themselves. But it’s common to think you’ve been hacked when in fact, something else is going on. Let’s be sure th at you have been hacked…
First, let’s be clear about what hacking is. It’s when someone gains illegal access to your website, without your permission, and makes changes to the code of the site. For whatever reason–if anyone makes changes to your website you’ve been hacked.
Making Your Website Secure From Hackers
An ounce of prevention is worth a pound of cure, as they say. To make your website as hack-proof as possible, I recommend the following:
- Pick a strong password for your hosting that won’t be easy to crack. If you’re worried about forgetting your login information, simply use one of the great password managers, such as LastPass. I personally use this, and you can get a version for whatever browser you’re using.
- Change your password frequently. This is a step well worth taking for website security.
- I strongly recommend WordPress for building websites, even e-commerce websites, because the code has been developed over time and they are constantly upgrading it for security. This is something you won’t get with even the most expensive web design service.
- Set up correct permissions for your website files: make sure that you aren’t giving out more permission that is necessary for any single file.
- Understand how hackers can use the .ht acces file to gain access to your site.
I’ve Been Hacked–Here’s What to Do
If you have been hacked, the first thing to do is don’t panic. If you should opt to follow our instructions, you can call us for help.
- Take your website offline immediately. You can do this through your hosting panel. If you’re not sure how to do it, talk to support and they will do it for you.
- Block access to your websites files by using .ht access.
- Change the password you use for your hosting provider. This is vital, because the hacker can get right back in and hack you again even after you’ve fixed things if the password hasn’t been changed.
- If your website is built on WordPress, here’s all you need to know about being hacked from WordPress.
- Be sure to copy any files that have been customized from your theme: this is important because to remove all traces of hacking you’re going to have to delete everything and start again.
- If you had a customized web build, you should have a backed up copy of your site, or at the very least your designer should be able to help you out here.
- Backup your access logs (from your hosting provider). Do this immediately because they are not kept for long and you don’t want to lose evidence.
- Inspect the code for all your website plugins. You may need to get a specialist to do this for you if you don’t know what to look for.
- In the end you will have practically rebuilt your website from scratch. I know this can be daunting but it’s really the only way to ensure that you’ve eradicated all traces of the hacker’s code. Doing this the right way will save you time and aggravation further down the road.