Back again after been hacked. This Wednesday night someone hacked this site. It resulted in that I couldn´t access my site and that´s very frustrating, mildly speaking. This took me a lot of extra-time to restore everything via back up.
I know that there is a lot of CMS sites that are being attacked on regular basis. So if your site being hacked, here is a few tips to make it more difficult to the intruder the next time.
Make sure you have a up to date backup, most web hotel can send you a zipped version of a total backup. But it´s always a good idea to have a spare one. Comcure is a site that gives you free backups that you always can access and download the backup from their site.
So after you got a copy of your website you should do the following.
- Replaced all files with new files.
- Ensured that all software is running with the latest versions – WordPress, plugins etc.
- Ensured child themes use best practices. The best way to do this is to run a theme check
- You can run the Exploit Scanner plugin to look for further issues
These steps are so easy to do, but still very often neglected. Since WordPress is open source, if a vulnerability is discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain.
This makes old versions more open to attack, and is one of the primary reasons you should always keep WordPress up to date.
The WordPress community and developers of quality premium themes and plugins are continuously working on improving the software, striving to make sure that with every new release, security and functionality is improved.
WPBeginner published this infographic as a guide on upgrading WordPress.