This week my site was hacked – fortunately for the first time in the 12 years I’ve owned my domain. This is apparently quite amazing, as my wonderfully supportive hosting company Vidahost informed me sites get hacked into every day!
The first thing I noticed was that my website wouldn’t load and display properly and the header image had gone.
I called Vidahost, they checked and found out my site had been compromised. After restoring the site to the version when I knew it was last working ok, I breathed a sigh of relief.
My WordPress mantra is “back up”
This is the BIGGEST reason I recommend Vidahost (and yes this is an affiliate link). They back up EVERY client site daily so if something like this happens to you (or you make a mistake when working on your site yourself) you can easily restore it to how it was when it was working perfectly.
I didn’t think anything more of it until I logged in to my site today to write my blog post (the planned one on SEO will be published next time) and I found out there were 3 blog posts in my list that I had never written!
After immediately deleting them, I followed the steps below to ensure my site will be “hack proof” in future.
3 steps to keeping your WordPress site secure
1. Change your password
Yes I know, I know your biggest fear is that you will forget it if you make it complicated. (I’ve been there too, but have now learned my lesson – if it’s easy for you to remember it will be easy to hack!)
How To: Navigate to your WordPress Dashboard >Users >Select “Your Profile” from the dropdown menu.
Once on Your Profile page scroll down to the section “New Password”. Click on the box to “Generate Password” and it will come up with a long string of letters, numbers and symbols. (This is great your password will be strong!)
Don’t forget to scroll down to the end of the page and click on the “Update Profile” box to save your changes.
(Log out of WordPress and log back in to check it is working ok).
2. Install the plugin WordFence
This allows you to check that your site has not been hacked in any way.
How To: Navigate to your WordPress Dashboard >Plugins >Select “Add New” from the dropdown menu.
You will be taken to the WordPress plugins page. Type “Wordfence” in the Search box and once it is found click on the button to “install”.
Follow the instructions to complete installation and “activate” the plugin.
(You don’t need to purchase the Premium version, but if you want to find out more, check out the WordFence website).
3. Complete a weekly scan of your site
You will need to do this manually, as Wordfence doesn’t do an automatic scan for you. Vidahost suggest that you login to your WordPress Dashboard and do this on a weekly basis.
How To: Navigate to your WordPress Dashboard >Wordfence (this will appear as a separate entry underneath the generic WordPress list of settings).
Select “Scan” from the dropdown menu
You will be taken to the Scan page >click on “Start a Wordfence Scan” box (and let it complete the scan).
If it comes up with any New Issues go through them one by one, following the instructions to “delete” any malicious files.
Rinse and repeat weekly!
UPDATE: One of my lovely community has just let me know that Step 3 may not be essential, as it looks like WordFence does an automatic daily scan (with the free version).
To check your settings: go to Dashboard >Wordfence >Options and see if the “enable automatic scheduled scans” is checked.
Over to you
Has your site been hacked, and what did you do to address the problem? If you have any other plugins that you recommend to enhance security, please do share!
Photo credit: Nick Diamantidis on Unsplash