WordPress is the most popular CMS nowadays because of this, WordPress websites are getting hacked more than other websites. But one should have a habit of taking backups and keep an eye on your website on a daily basis so that you can track, that when your website got hacked and then you can restore your backups.
Apart from taking backups your website, you should do steps to secure it initially only as hackers always find one or the other way of getting into your file structure.
It’s important to secure your website initially to avoid any future attacks. But now when your website has been hacked or you are unable to view your website, you can follow these steps
Step 1 – Locate The Error
You can locate error by following means :
- Unable to log into your WordPress Admin Panel (yourwebsite.com/wp-admin)
- Your website is redirecting to different URL
- Google has marked your website insecure [RED SCREEN]
Step 2- Contact your hosting service provider
Many of the hosting service providers provide support for your hacked website but if you have bought cheap hosting services then they do not provide any support for this kind of errors.
Hosting service providers will perform a security check on your website and will notify you if your website has been hacked or not.
But before making any changes to the website, Contact them !!
Step 3: Restore your backup
If you have a habit of taking backup of your website, then you can restore it to the previous version.
After you have restored your old backup, remember this that it is already vulnerable to attacks. At that time perform the security points to your website to avoid malicious attacks again.
Step 4: Change your login credentials
Now that you have restored your backup, changes your login credentials immediately so that your website doesn’t get hacked again.
Step 5 : Install security plugins
There are many security plugins available online, but best is Sucuri Security wordpress plugin to secure your website from further attacks
WordPress security is a main focus area for website owners. Every week, Google blacklists around 20,000 or more websites for malware and phishing.
If your serious about your business and website, then you should focus on how to secure your worpdress website.
Here are the steps you should follow to secure your website :
Keeping WordPress Updated: WordPress is regularly maintained and updated by their team. By default, WordPress automatically installs minor/small updates. But For major releases, you need to manually update the wordpress. And you should regularly update your website to prevent it from hackers.
Strong Passwords and User Permissions: Hackers first attempt is through stolen passwords. Always use strong passwords using password generator to protect your website from hackers. Not just for WordPress admin password, but also for FTP, database password, WordPress hosting account ect, and your professional email address as well.
Change the Default “admin” username : Always change the default WordPress admin username was “admin” to something related to your project or something you can easily remember which will help you to secure your website.
Disable File Editing : Once you are done with completion of your project, then disable file editing so that hackers cannot modify your website if by chance the are able to login to website .You can easily do this just by adding the following code in your wp-config.php
// Disallow file edit
define( ‘DISALLOW_FILE_EDIT’, true );
Limit Login Attempts : By default wordpress allow users to attempt login as many as times they want. But you can limit the login attempts to prevent brute force attack by hackers. There are many plugins available to restrict the login attempts.
Change WordPress Database Prefix: By default, WordPress uses wp_ as the prefix for all tables in your database, which makes it easier for hackers to guess what your table name is. This is why we recommend changing it before you start your project.