Unfortunately, hackers get better every day at finding weaknesses and compromising websites. Of course, you should implement as much security as you can, but be prepared to take in case you get hacked anyway.
Here are eight simple steps you can take:
1. Stay Calm
If you are properly prepared, you have nothing to worry about. It’s a hassle, but you will be able to repair the damage and get your website backup and running quickly if you have done things you needed to do in advanced. You should have backups of your information, your software, and your website, and a list of who you can contact to get help.
2. Notify everyone
Don’t try to keep it a secret. This news gets out sooner or later and looks worse if you have tried to cover it up. People understand this can happen and will appreciate if you open and honest about any information that may have been compromised. The sooner they can make sure their own information is save, and make any needed adjustments, the better. Also, if your website will down temporarily while you fix everything, you want your customers, fans and followers to know.
3. Call your web host
Even if you have your own IT person to deal with things from your end, it’s still important to notify your web host, especially if you are on a shared server. Others may be affected, and you no way of knowing if the damage has spread beyond your site. They can find and remove any code the hacker has inserted on their side of things. You will need to do your own repairs on your side.
4. Shut down your website
Since you have site backed up, you are safe shutting it down until you can get everything repaired. It’s better to be down, with a temporary message that repairs are underway than to allow any further compromise to your site or anyone else’s information.
5. Change all your passwords
This is a critical step: change ALL your passwords, for every part of your site, as well as any other business accounts that are linked. You have no way of knowing for sure what information the hackers were able to get. Make sure you change your FTP password, and WordPress passwords and anything connected t your website’s [asswprd.
6. Tackle the damage
You should already have your IT or website professional helping you at this point. Work with them to locate and repair any damage, using backups to reset the site. Unless you are comfortable with the back end stuff yourself if you don’t have a pro to help you-you need to find one. It will reduce stress knowing someone is on call to help you when you need it! If for any reason you don’t have help, here’s a step-by-step guide on how to remove malware from a WordPress website. Follow this tutorial as best you can, and don’t hesitate to contact us if you get stuck.
7. Change the passwords again
Once everything is ready to go again, change passwords again. And set reminders to continue to change them every 30 to 90 days. Don’t keep any password longer than 90 days, and use the strongest passwords you can. This is an important step to make it harder for hackers to get in again.
8. Upgrade your security
If you have a WordPress website, find and install a reputable security plugin to establish a firewall. You want a plugin that will alert you when someone is trying to break in, and lock down the website. Check with your website manager or a WordPress expert or consultant to make sure your security is all it needs to be.
The most important thing to prevent major damage hackers is to be prepared. Backup your information, both on and off-site, so that you will always have everything saved and ready to put back into action on your, clean server.
If your website has been compromised, check out Website Helper’s malware removal service.