How to deal with a WordPress attack
Sites built with WordPress are constantly growing, making them targets for cyber attacks. Owners of these sites should learn what to do if that happens.
Today, we have an increasing number of people who want to create a blog, making them a good target for hackers – especially in popular Content Management Systems (CMS) such as WordPress. This is a serious problem because months or even years of sacrifice can vanish in an instant.
This article presents some of the things anyone facing a hacking of a WordPress site should so, in order to resolve or, at least, minimize the damages of that attack.
Perform a backup
It may seem strange to perform a backup of a site being attacked but, in fact, that can be very useful. As the attack goes on, chances are that more and more data is affected, so it is a good idea to save the as much content as possible.
Again, this may seem a strange thing to do while being under attack, but it will most likely be effective to deter the attacker(s). Just browse to the wp-config.php file and change the current passwords to safe ones. This way, the attacker(s) will be blocked.
Perform a clean installation of WordPress
A clean installation of WordPress will eliminate any problems that resulted from the attack. It can be done by eliminating all content related to WordPress from the server, except for wp-config.php, that has the new passwords like explained above, and the wp-content folder, that has all the site's contents.
Inspect the 'wp-content' directory
Now it is time to explore the wp-content directory. Any suspicious folder should be removed. It is important to perform a backup before doing so because, if anything important is eliminated by mistake, the backup assures that recovery is possible.
Inspect and reinstall plugins
Next, it is important to inspect all the plugins in order to understand if the attack was performed through any of them. All plugins not being directly used in the site restoration should be eliminated.
The mechanics should be to disable, remove and reinstall all plugins. If you know for sure that a given plugin is not infected or compromised, then it does not have to be eliminated — but it should be, just in case.
Take measures to protect the site in future attacks
With the site restored and back online, it is now time to worry about future attacks. Check if your hosting is protected and, if not, move to one that is. Also, use tools that prevent this kind of things, like Google Webmaster Tools or specific security plugins for WordPress, like WordPress File Monitor Plus, a plugin to monitor changes in any WordPress installation.
Last but not least, an advice that is really old but always actual: performs regular backups. Therefore, if an attack takes the whole site down for good, you will always be able to return in no time using those backups.