My Site Has Been Hacked! What Do I Do?

Follow the steps below if you believe your site has been hacked

Dealing with a hack can be a very frustrating experience. If you think your Wordpress site has been compromised, here's a quick rundown of what you should do now.

Step 1: Change your passwords!

Be sure to change your passwords to something more complex. Write them down if you must. The majority of hacks are perpetrated by “brute force”, which is a trial and error method employed by a bot to decode encrypted data (like passwords), so having a longer, more complex (computer generated) password is sometimes enough to thwart these attacks.

Step 2: Run a security scan and malware removal for your website.

Hosting providers often offer security or malware removal services for websites on their servers. Check with your hosting provider to see if they can provide this service to you.

Note: Our support plans at Elevation come with security scans and malware removal, so if you have a plan with us, send us a message and we can run the scan and removal for you.

Step 3: Secure your website's weaknesses.

Among other measures, consider the following as post-cleanup tasks:

  • Be sure that any computers that have access to your website's backend have security or virus scans running routinely.
  • Apply Google's Recaptcha to your site's login.
  • Change passwords to your website login, hosting login, and any other related credentials.
  • Update your site's plugins, PHP, and WP version.

Step 4: Back up your site.

Make regular backups to your site in order to ensure that in the event of a hack or other site-breaking malfunction, you have a clean version of the site that you can restore. Check with your hosting provider to set up regular backups or set them up manually.

If you host with Elevation, then you have nothing to worry about in this regard, as all clients hosted with us have automatic daily backups.