Your Blog’s Been Hacked! Here’s What You Need to Do
It’s something that no blogger ever wants to see: A message from a reader, telling you that something is wrong with your site. Hackers can do any number of things to your blog if they gain access to it, from installing malware to completely replacing your existing content with something else (usually offensive), to causing redirects to other harmful sites, or even locking you out entirely to make it difficult to reclaim your work. Not only does getting hacked mean several hours — or even days — of work to recreate your blog, but it can also damage your reputation if you don’t handle the recovery right.
The most important thing to remember when your blog is hacked is that you shouldn’t panic. Yes, you may be worried, frustrated, and probably a little angry, but stay calm. It’s most likely going to be easier to get everything back to normal than you think it will be. Just follow a few steps.
Step 1: Notify Others
You can do a lot to protect your brand and reputation if you let your audience know what’s going on right away. Posting on social media, and sending out emails to your list if you have one, letting people know that you are aware of the problem and working on correcting it can help maintain goodwill and prevent a flurry of “Your site is not working!” messages. If you have a loyal following, you might even receive some offers of help or some good ideas for recovery.
You should also reach out to your blog host to notify them of the issue. In many cases, the host may be able to remove malicious code in a matter of minutes, getting rid of redirects or malware.
However, even if this happens, there could still be other issues, and you may need to reinstall your pages, posts, and other features. It may be worth calling in an expert at this point, unless you’re familiar enough with your site’s back end to do it yourself.
Step 2: Scan for Malicious Code
Sometimes, the reason your blog was hacked was a virus or Trojan on your computer. Hackers often use zero-day exploits to spread malware, and it’s possible that you fell victim to one. Launch your internet security program to do a complete scan of your system and remove anything suspicious from your machine. There may not be anything, but before you begin rebuilding, you must check and confirm.
You should also check the site itself for code. Again, a professional can help you do this, but you can start the process by using one of the many well-regarded plug-ins to identify potentially malicious programs. Because they like to hide, be sure to unhide all files and folders, so you can see the file extensions. In general, you are looking for executable programs (those with extension .exe) and that are smaller than 5 MB. Make a list of everything that meets those parameters and check them against lists of known viruses and malware, and then remove anything that shouldn’t be there.
Step 3: Change Your Passwords
Weak passwords are one of the most common reasons that blogs fall victim to hackers. If you are hacked, immediately change all of your passwords (including FTP sites, administrative panels, and host logins) to complex, unique codes. Plan to change these passwords every 60-90 days to help keep them safe.
Step 4: Change Your Habits
If you have backed up your site, including all of your posts, images, and pages, it should not be difficult to restore your site after a hack. Just be sure to scan everything before you do, to be sure it’s free of the malware that caused the problem in the first place.
Once you have restored your site, develop better habits to protect it from future attacks. This includes:
Backing up your site on a regular basis. Write all of your posts in a different program (like Word or Pages) so you can save them separate from the site and have an additional backup.
Change passwords regularly.
Install a firewall to manage traffic in and out of the site.
Use robust antivirus protection on your computer.
Avoid accessing your site via public or unsecured networks. Hackers can easily intercept traffic in public places, putting your personal data at risk.
Install plug-ins that will protect your site from further harm.
When your blog is attacked, it’s certainly inconvenient, but it doesn’t mean the end of your blog or business. It might take a little bit of time, but when you follow these steps, you’ll be back up and running before the hackers even reach their next victim.
Nice post. How about some security plugins for WordPress? Are they really worth it? The free one and paid ones?
Just couldn’t find any feedback about it.