Today, I’ve put together a list of the top 10 things you should do immediately once you know that you have been hacked.
1. Don’t panic – proceed in a calm and methodical manner. Be systematic and take notes on each step you take – this way you will know either what worked, or be able to explain what you have done to other IT professionals (if needed).
2. Passwords: CHANGE THEM – Especially high-level passwords belonging to anyone with administrative control, editors, and writers/contributors. One or all of these people’s passwords could be the door used by the hacker to get in.
Changing everyone’s passwords helps to ensure that the hacker no longer has control of the site so you can begin cleaning.
3. Have everyone run their anti-virus/malware software before logging back into your site with their new passwords.
4. Change the password on your C-panel and FTP logins.
5. Re-install the latest most secure version of WordPress from the WordPress site.
6. Make sure your theme is updated to the latest version.
7. Update all of your plugins.
8. Check and change the permissions on your file folders and directories using C-panel or an FTP.
File folders should be given nothing less than 750 or 755
Directories should be given nothing less than 640 or 644
Be suspicious of any folder given an open 777 permission
9. Review and copy your .htaccess file (if using an Apache server) remove any malicious .htaccess rules from this file.
10. Contact your host and ask them to run a security scan on your server.
Your host should not charge for running a security check on your server, as it is in their best interest not to host websites containing viruses or malware.
However letting the tech know what you have already done will help build goodwill – and get your website back to AWESOME more quickly!