Ugh. The other day I got an email from a client that no one ever wants to get – “I’ve been hacked”!!
Right away my palms were sweaty and my heart was racing. This had never happened to me or any of my clients before!! I knew there were some major vulnerabilities out there lately and many many warnings had been posted on the interwebz but of course you never think it will happen to you…
Worse yet, once Google thinks your site is vulnerable, it puts it out there for the whole world to see and it can take days if not weeks for everything to re-index properly. Double ugh! Thanks Google!
So, here are some things you can do RIGHT NOW to help secure your WordPress website from those nasty hacker types.
- Change your WordPress password. Use something VERY strong (I recommend a random password generator)
- Make sure your WordPress version is up to date at 4.2.1 (they just posted another update today!)
- Make sure every ACTIVE plugin is up to date.
- Remove any inactive plugins
- Update your WordPress Theme if it needs updating (often hackers can find their way in through theme vulnerabilities or through plugins that are used in the theme) or consider changing your theme altogether
- Consider adding an extra layer of security to your site through Sitelock.com, Wordfence (plugin) or Sucuri.com
- Ensure your website is being backed up regularly via your hosting provider (GoDaddy for sure does this) or via a plugin like BackupBuddy or BackWPUp
- Use Google Webmaster Tools and run a Security Review to see what is vulnerable or affected on your site. Google then provides fairly good clean up instructions you can use.
- Consider a move to a VERY secure hosting provider like WPEngine that will not only protect your site from attacks but completely clean it up if it does get attacked.
- Find a local pro who can help if you have been hacked. Luckily we were connected with Nikole at “That Super Girl” who has been helping get the site back on track with Google.