WordPress is the most popular CMS nowadays because of this, WordPress websites are getting hacked more than other websites. But one should have a habit of taking backups and keep an eye on your website on a daily basis so that you can track, that when your website got hacked and then you can restore your backups.
Apart from taking backups your website, you should do steps to secure it initially only as hackers always find one or the other way of getting into your file structure.
It’s important to secure your website initially to avoid any future attacks. But now when your website has been hacked or you are unable to view your website, you can follow these steps
Step 1 – Locate The Error
You can locate error by following means :
- Unable to log into your WordPress Admin Panel (yourwebsite.com/wp-admin)
- Your website is redirecting to different URL
- Google has marked your website insecure [RED SCREEN]
Step 2- Contact your hosting service provider
Many of the hosting service providers provide support for your hacked website but if you have bought cheap hosting services then they do not provide any support for this kind of errors.
Hosting service providers will perform a security check on your website and will notify you if your website has been hacked or not.
But before making any changes to the website, Contact them !!
Step 3: Restore your backup
If you have a habit of taking backup of your website, then you can restore it to the previous version.
After you have restored your old backup, remember this that it is already vulnerable to attacks. At that time perform the security points to your website to avoid malicious attacks again.
Step 4: Change your login credentials
Now that you have restored your backup, changes your login credentials immediately so that your website doesn’t get hacked again.
Step 5 : Install security plugins
There are many security plugins available online, but best is Sucuri Security wordpress plugin to secure your website from further attacks
Security Measures to Protect Servers and Data from Hackers
There are many security measures to protect servers and data from hackers but to choose the right one is the most important. Especially when you start a business website whether it’s an e-commerce website or a static website, a secured server is a primary concern of everyone.
To run a fully functional application/website, your server should be secure enough to handle the traffic.
CyberLaws.tech helps you protect your server in following ways :
Update your kernel and OS :
Make sure the server you are using, is having current and updated softwares. Always Use the stable version which has been tested more than any beta version available. An old kernel can lead to an easy target for virus, that can harm your server.
Monitor Logs :
Do you have any clue what are log records ? How often are they updated and rotated? LogWatch is a tool, which will email you all the daily reports of your server’s activities that includes anything it determines unusual, eg: repeated failed logins. You should also manually check the logs to keep an eye.
People spend hundreds of hours on website but usually forget to take backups which is the most important thing.There are two ways you can save your data :
- Manual Backup : You can use a seperate hard disk for keeping your data secure or you can keep your application/website data on remote system and should regularly keep a check on the backup.
- WordPress website : If your are using wordpress CMS then you can install following plugins to take automatic backups
Limit Access to a Minimum :
Never give more access to your user, than they require.Never give them access to shell, restrict file access to a minimum and leave other services turned off by default until requested, and if your are doing through wordpress then you can use free plugins to limit access to your website. Restricted Site Access
Lock down the PHP versions and use Mod_Security with Apache :
PHP, a server scripting language is always at large security risk, but there are a few steps to do that helps lock it down. CGI has Suexec,which helps to runs processes as the user,and PHP has something similar called PHPSuexec but with downfalls. You should always use open_base directory protection, have safe_mode on system wide, turn off register_globals, enable_dl and allow_url_open to help lock things down.
Review Processes Running and Remove Extra Software :
You can’t protect a system until and unless you don’t know what’s on it. If a hacker adds a script or an extra process, then you will not be able to identify why your server is not working.you should know what all processes are running on your system and who all users are there.
Use a Firewall :
You should always make sure the your server has firewall running all the time. A firewall is like a screen door to your house. If someone tries to get into your server, which is very likely to happen anytime, the first thing they’re going to try is, to upload something unusual stuff or their own service like redirecting to some other server. A firewalls can stop both incoming and outgoing attacks/viruses even when you’re are sleeping. We would recommend using APF on Linux systems or TinyFirewall on Windows Servers.
What Is GDPR?
GDPR give guidelines to organizations for handling the information of their customers/individuals. GDPR actually gives more controls to individuals over their personal information. Moreover GDPR specifies how consumer data should be used and how it should be protected.