A Pointless but Mean WordPress Hack

Get your FREE WordPress Troubleshooting Guide – see how to fix most WordPress problems!

A hackers message saying You Have Been HackedJust a short note today about an (apparently) pointless website threat. . .

I just read this post on the Sucuri blog that describes a hack, the only purpose of which is to completely wipe out a website.

As that article points out (and as I have said many times) hacks generally have an ulterior motive. That could range from stealing credit card or bank details, through adding computers to a botnet, distributing spam or extorting money through ransomware.

In those cases it’s in the hacker’s interest to keep your site online for as long as possible.

But this hack is not one of those – it just wipes out your website.

All hacks are serious and can be disastrous if you’re not prepared for them. But this one just seems spiteful in the extreme.

How to Prepare for Being Hacked

So what’s the best way to prepare for being hacked? (Because it will happen at some point).

It’s really very simple: backup, backup, backup.

Take full backups of your website at least once a week and daily if you’re working on it or publishing content regularly.

Having a clean backup that you can restore when your site is hacked is the surest, quickest and cheapest way of recovering from a hack. You delete the entire site from the server and restore the latest clean backup.

Backing up WordPress websites is now very straightforward, so there’s no excuse not to!

Any of the WordPress backup plugins (and there are quite a few now) will enable you to set up a backup schedule – and you should definitely do that because it will ensure your site is backed up regularly, without having to rely on your memory!

But you also need to check your website at least once a day.

If your site is hacked and you haven’t checked it for some time you won’t know when it was hacked. That would make it difficult to know which backup you should restore – especially if you’ve set up a backup schedule and you have a number of backups from which to choose.

It’s quite possible that the most recent backups are of the hacked site, not the clean one.

To be sure you’re restoring a clean version, you need to know when the site was last operating normally and then use the backup on or just before that date.

So check your site each day so you can spot problems as soon as they arise!

Another point: in addition to taking backups you must also move them off-site.

By default the backup plugins store the backed up site files on the same server as that on which the site is running, but the better plugins enable you to set up an automatic file transfer off-site once the backup has been completed.

The plugin I use is set to automatically transfer the backed up site files to either Dropbox or Google Drive as soon as the backup has been successfully completed. I use Dropbox for small sites and Google Drive for bigger ones.

Keeping the backups off-site is a must because it puts them out of reach of the hackers and it keeps you in control if the entire server implodes.

At least you have your site files, which means you can restore it anywhere you like.

Something to keep in mind when deleting your site from the server: be sure to check that all files and folders have been removed. To do that you will either need to access the server via FTP/SFTP or set the file manager in your web server control panel to display hidden files.

This is to avoid the situation described in that Sucuri article where that spiteful hack deleted everything except the file that carries out the attack.

That’s so that the hackers can wipe out any backups you restore in the future.

Recovering from a hack

As long as you’re taking the precautions I set out on this page it will probably be difficult to discover exactly how the hackers accessed your site.

Therefore there are a couple of steps you need to take to reduce the risk of a re-hack:

  1. Check your computer, and the computers of anyone that has access to the admin area of the site, for malware. A key logger may have been installed that would have sent valid login details back to the hackers.
  2. Change all passwords of all users with access to the site: webserver control panel, FTP/SFTP accounts, website logins and all email accounts

Additionally, you will need to send a site reconsideration request to Google and Bing because they will have likely discovered the hack and blacklisted your site.

You should also check other blacklist operators – this page will help. (As part of running the scan on your site Sucuri also checks the other major blacklist operators).

If you’re concerned about keeping your WordPress-based website running smoothly and efficiently in this environment of increasing frequency and sophistication of cyber-attacks, you may want to review our security monitoring and tech support service:

Do please get in touch if you need me to clarify anything..!


Martin Malden

About the author: Martin Malden owns Abledragon, a WordPress agency that was established in 2009. Today it serves customers in Hong Kong, Australia and the UK. Abledragon websites are built for today’s Internet, with the mobile user in mind, and are known for security and speed. Successful Abledragon projects.