Today we will be taking a look at what steps you can take should you discover your WordPress site is undergoing a security attack, as well as how you can start the recovery process to bring your site back online and restore its content.
While no one who has suffered from forced downtime, or had their site hacked wants to hear that it could have been prevented, or at least had the effects mitigated with a few free plugins, we will also take this opportunity to highlight a few key steps that can be taken to prevent such an attack succeeding in the future.
Is WordPress a Vulnerable Platform?
Although WordPress isn’t renowned for being an easy target for hackers, the fact that the platform powers a large portion of the web makes it popular target for those with malicious intent. With so many WordPress sites now out there, any reports covering online security issues are likely to mention the platform in some way.
So while these reports and news stories might create the impression that WordPress has many vulnerabilities, the truth is more that as the popularity and profile of the software grows, so too does the number of reported incidents involving WordPress security issues.
Prevention is the Best Cure
As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure” and if there is any area where this philosophy applies more than most, it’s the world of IT security. Taking a few steps to prevent a security breach can pay off many times over when compared to the clean-up job that can be involved if your website, or computer succumbs to the threat of a hacker, virus, or any one of the many online security threats in active circulation today.
By installing a few plugins on your WordPress site, you can protect your site as well as doing all you can to ensure a fast and painless recovery. While this is great advice, it’s not going to be appreciated by anyone currently undergoing, or in the immediate aftermath of a security breach.
So with that in mind, let’s take a look at what to do if your safety precautions weren’t adequate enough to prevent your site falling victim to an attack.
What to Do During a Security Attack
If you detect or are notified that your WordPress site is under a sustained attack then unfortunately there isn’t much you can do to avoid it while it’s taking place. Signs that you are under a denial of service or brute force attack can include your website slowing down to a rate where it is almost inaccessible, through to the point where it goes offline altogether.
During the period of attack you or anyone else won’t be able to easily access the pages of your website, or login into the admin dashboard. As the malicious activity on your site intensifies, the chances of your web host taking your site offline before the hackers do also increases. Your host may take this action as a preventative measure to protect your site, as well as to protect the other sites they are hosting due to the extra resources your site is now consuming.
Contact Your Web Host
So as soon as you start noticing some of the symptoms of an attack on your website or any suspicious activity at all, your first port of call should be to contact your web host. A great web host should already be aware of the attack before you are and have taken steps to counteract it.
A good web host will work with you to stave off the attack, while a bad one might even be unaware of the attack until you notify them, losing you valuable time in your bid to minimize the damage that is incurred. If you’ve chosen your WordPress web host wisely then together with your host, you should be able to minimize the fallout from the attack.
Better Late Than Never
If your site is still accessible during the attack, then now would be a good time to remedy the failure to take adequate protection before the attack began. By installing a few free WordPress plugins you can quickly shore up the security of your site with minimal effort, as well as taking some steps to make the recovery process easier should any data loss occur as the attack develops.
What to Do in the Aftermath of a WordPress Site Attack
Once the attack has abated, or you’ve just realised your WordPress site has been hacked, the recovery and clean-up process must begin. In some cases this can be a time of regrets and recriminations, especially if there was no backup plan in place, or if the installation of a free security plugin was overlooked.
Scan for Threats
An important step in the recovery process is to scan for any lingering threats. This should ideally take place on both your website and your local computer. Your site should be scanned in order to detect any malicious code that has been inserted as part of the attack. This code could be used to launch another attack using your website as a remotely controlled bot, or allow for future access to your site in the form of a backdoor.
-
One useful free tool for scanning your site is the Sucuri Site Checker.
As the source of the infection or security compromise could have originated from your computer, rather than from another website, running a virus and malware scan of your computer is essential. If your computer is protected on an on-going basis, now might be a good time to run a full scan of any devices you use to access your website, using your anti-virus software of choice.
Plugin and Theme Housekeeping
Now is also a good time to remove any plugins and themes you are no longer using by deleting the deactivated files you’ve previously uploaded to your site. Any plugins or themes you can’t account for or remember installing should be treated with extreme caution.
All existing plugins and themes that are in use, as well as the WordPress core should also be updated to the latest version now, and in the future as soon as a new version is made available. A further measure could include removing and re-installing all plugins and themes you wish to use on your site, to ensure you aren’t using a version which has been compromised during the security breach.
Restoring Backups
Even if you weren’t actively backing up your site, there is a chance your web host might have been doing it on your behalf in the background. If you were subject to the type of security breach that has resulted in the need to recover your site’s content then contacting your host might provide a glimmer of hope.
Changing Login Details
However, before restoring any content it is vital that you change all usernames and passwords, including your hosting account logins such as the FTP server, the control panel, and any databases created, as well as the WordPress login details for each user account.
It is also recommended that the default admin account is deleted, and one with a less obvious username is created. By using the default admin username, you have already given any hackers a head start in discovering your username and password combination. You can even go as far as obfuscating the WordPress login page to make it even more difficult for anyone to try and gain access to your site.
Attack Prevention Checklist
If you were unfortunate enough that your WordPress site was attacked and overcome, you should now have some good information to go on when it comes to initiating the recovery process and getting your site back online, while also ensuring its security is no longer compromised.
While there are few positives to be gained from such an event, one, or perhaps the only good thing to come from this type of experience is the lessons learned, with this invariably bringing us back to the issue of prevention vs. cure.
So in order to prevent your site becoming the successful target of a hacker or collateral damage in a mass denial of service attack again, here is our WordPress security prevention checklist to help ensure your site stands a better chance of fighting off the nefarious intentions of a malicious user, whether human or computer-controlled:
-
Keep WordPress and all installed plugins and themes up-to-date
-
Avoid installing plugins or themes from unverified sources
-
Delete the default WordPress admin account and create one with a username that is less obvious
-
Use complex passwords which are changed regularly
-
Install one or more security plugins
-
Switch to a web host that is more proactive in dealing with attacks
-
Instigate a regular backup plan for your site, including the databases, and site content
-
Run regular security scans on your site and local computer
Conclusion
Whether your WordPress site has been hacked, brought down, or forced offline, or you are proactively seeking some advice in case the inevitable should happen, hopefully you have picked up some useful tips and advice from this article.
While there are many different ways your WordPress site can be attacked, unauthorized access or a denial of service attack seems to be the most common threats that are active today. Although no public website can ever be considered truly secure, by following the advice in this article you should hopefully stand a better chance of recovering from an attack or even better, preventing one in the first place.
Has your website ever been hacked or taken offline and if so how did you recover and what lessons did you learn from the experience?
Thanks for this article, Joe. As I discussed with Jin before http://cmspioneer.com/designwall/blog/tips-to-enhance-your-wordpress-site-security/#comment-1282664351 CMS platforms are always a lucrative target for attackers to compromise sites on a huge scale. No security measure is 100% accurate, but we still need to make sure as good as we can.
Keeping the wp core & plugins up to date is always a good idea, but most people forget to update the main base, The OS. If the OS is vulnerable then no security procedure has the ability to protect anything. So installing security patches and updates for the server itself and using a well maintained distro is always the first step to a better secure site.
@Anik, are you following the news about Heartbleed? The internet world is being driven crazy by it.
That is a good point Anik, thanks for raising it.
it’s my pleasure Joe. I read your articles from your site and they are really resourceful. Thanks for the write up!