What's in this article?
Hackers work 24-7 to get into WordPress sites like yours. If it happens they get through one day, don’t panic. Here are some web development tips to dealing with a hack, malware, and server side SEO issues caused by a hack. It’s no fun, but a website hack is ultimately fixable.
Confirm a Hack
WordPress sites can be fickle. A constant stream of theme and plugin updates, combined with any custom-made code and your team working with the backend of your site, parts of your site can break without any hack at all.
But a serious external hack will typically have at least one of these five characteristics:
- Spam ads displaying in your site’s header or footer, especially if they’re advertising drugs, guns, or porn, and especially if the ads have bad design, like dark text on a dark background.
- Running a site:mysite.com search in Google (use your real site URL) brings up a list of pages and site content you don’t recognize and that looks suspicious.
- Your users are telling you there’s a problem with your site redirecting to a spammy or malicious site. Some hacks will hide such redirects from admins, so test on a different machine to confirm.
- Your hosting service is telling you there’s a problem with your site doing something spammy or malicious.
- You have a site security monitor, and it’s telling you there’s a problem.
Fixing a WordPress hack can be tedious, but a great step-by-step guide is available from Wordfence. (Wordfence also makes a security plugin tool that can clean up hacks.) I’ll summarize the main points for server fixes.
If it looks like your site has been hacked, immediately make a backup of your entire website, including your files and database. That’s because it’s standard procedure for hosting services to wipe customer sites when they discover they’re hacked. It is necessary to protect other customers’ sites on the same server.
Plugins are sometimes the culprits for hacks, so deleting plugins directories can a good first step. Plugins in the WP Plugins Directory can be reloaded after you fix your hack. Custom plugins can be reloaded from your saved site backup. Other items on the server like old installations, past site backups, or old theme directories can also usually be deleted.
Connect With SSH
Using Secure Shell (SSH) access, you can begin digging through files and directories to find recently modified files, files with base64 used by hackers, and hacker text repeated across infected files.
Clean With a Plugin
Plugin tools can be used to dig for more hidden infections, finding common hacks, malware URLs, and so on.
After you’ve cleaned your server files, you may think the effects of the hack have been neutralized. But there still may be more to do. Hacks and malware often cause your site to be flagged by search engines, security products, and anti-virus software. Your site may be cleaned, but your users could still be seeing a notice, such as “This site may be hacked.” or “This site may harm your computer.” Your users won’t want to visit your site until your server side SEO is fixed as well.
Request a Google Review
Google has their own comprehensive guide to fixing your hack. Importantly, there are instructions on how to remove your site from Google’s Safe Browsing List. You can check if your site has been flagged by visiting the URL:
replacing mysite.com with your real URL. If your site is on the list, the Google page will tell you why and the next steps to fix your site SEO. More details about the review process can be found here.
Depending on the type of hack You may also need to disavow backlinks, that is, low quality, spammy sites that have linked to the hacked content on your site. These links can hurt your SERPs ranking, but the Google Link Disavow tool lets you tell Google not to take certain links into account when assessing your site SEO.
Whitelist With Security Software
Since there’s no universal, integrated safe list for the web, you may still find that, after all your hack recovery, your site is still getting flagged by security and antivirus software. Common products like McAfee’s and ESET have instructions for “whitelisting” your site. You can also run a web search for “site removal” or “false positive” plus the software brand name to find the fix.
Avoid Getting Hacked
Of course, the best advice is not to get hacked in the first place. With the complexity of the web and the persistence of hackers, this may hard to ensure. But there’s plenty site owners can do to help their case. Always keep your site updated, with the newest updates for plugins, widgets, themes, and the newest stable version of WordPress. Practice good online security. Guard passwords and logins. Don’t answer phishing emails. Consider extra security protection for any online business website.