Recovering From A Hacked Website; Essential Tips

Its common place for your website to get hacked so don’t think you’re being singled out. The motivation behind hacking your website could be personal vendetta or some random dude just itching to test his skills. Your website getting hacked is just one occurrence, the choices you make from that moment are gravely important.

I’ve had a good number of bloggers approach me for help with their hacked websites. On questioning them about the steps they took shortly after, I couldn’t help but scold them because they did even worse than the hacker did to their website. When you discover that your website has been hacked, you tend to feel angry, helpless and frustrated; especially when its defaced. The first thing that comes to mind would be to restore your most recent backup so your website can be up and running again. If this sounds like a good idea to you then think again because its a terrible idea.

First off, you need to ask yourself how the website was hacked. Restoring your most recent backup not only means you’ll lose data (your most recent posts and comments) but also that you just deleted your chance to figure out how your website got hacked (and prevent a  future occurrence) in the first place.

How did my website get hacked?

Whether your website is hosted (e.g on Blogger or WordPress) or self-hosted (e.g Free or Paid hosting servers). There’s a good chance it could get hacked. From my experience, having vulnerabilities in your scripts (or plugins) is one and using the same password on multiple accounts is another.

If you happen to use the same credentials on your website’s Admin account as on accounts on other websites then one of them getting leaked automatically puts your website in danger. This is how Blogger and Adsense accounts often get hijacked.

Mistakes you might make when you discover your website has been hacked

Its going to be hard but you need to be calm. Reinstalling your website’s software means you’ll lose all your data (especially if you’ve not been backing up). Restoring your most recent backup too quickly means you’ll lose your most recent posts and comments. Moving your website to a new (sub) domain without (htaccess tweaks) could be the end of your link juice because you’ll not only end up with duplicate content, but will lose all ranking and link juice associated with your previous (sub) domain.

What’s the first thing to do once my website is hacked?

First, you need to find out how it got hacked. If your website is hosted then chances are that your credentials were leaked and you first need to change your password (or regain access to your account). If you use a Free or Paid host then you’ll want to:

• Login to cPanel
• Backup your files and databases in their presently hacked state then keep securely (for future reference
• Find out your current IP address (there are several online tools for that)
• Locate the htacess file in public_html
• Input the following lines then save

order deny,allow

deny from all

allow from 12.34.567.890

* Replace 12.34.567.890 with your current IP address

This will block all access to your website (except you) so you can begin investigating. What you’re looking for are strange files (shells) in your public_html (sort by date because they’re usually recently created / uploaded files). You should also check your database for suspicious entries.

What you’re able to find will tell you the nature of the exploit and how it might have occurred. You would also want to uninstall all plugins till the website is stable again. Consider asking an experienced webmaster or your host for help with scanning your website for shells & back doors. Once those are removed, you can then commence the never ending task of beefing up your website’s security.  

If the hacker had deleted any post you’d not backed up then you have Google cache to recover that post. Simply Google that post, then click the arrow in front of the link (in the Google Search result) and select Cached. Copy then recreate that post (ensure the url matches).

Don’t forget, your number one defense against getting hacked is backing up your website regularly. Courtesy of hovatek.