Very sadly, we do occasionally get calls from people who have had their WordPress Website hacked, or they have done something to it, that’s “brought it down”.
Even the most intensely strong security on a website won’t stop hackers who really want to harm you, or have uber tech! It does happen. We do our best to ensure all our websites are kept up to date, with the best security features available.
We had a call recently from someone who had made a change to something in their WordPress setup, and it brought their site down immediately. We don’t host it, so were unable to help directly, but we could advise. Alas the file they changed had no local backup, so it was down to them contacting their host. Hopefully they have backups and can perform a restore at pace.
If we ever need to do a Restore, it’s quite simple. We have access to our website’s backup reserves, which go back quite some way, and they are doing around 4 times a day. So not just a 24 hour thing, meaning you could lose sales. In fact we performed a website change recently at 9pm, knowing a backup had taken place at 830pm.
With this website that had been broken, if we had hosted it, we could in fact restore that single file, within about 5 minutes. When we host, we don’t charge for restores either, as it really does not take long.
I’ve been hacked on my WordPress site…
Onto what happens if your WordPress website gets hacked – this is much more tricky though.
A hack can be, and usually is, added files, or edited files on your website. WordPress uses Plugins, and if the website in question has ‘free’ plugins, they are all found in the WordPress Repository. Using appropriate tools, we can find out which plugins have “duff” files or edited files in them. Such as if a Plugin folder has a file called iindex.php, it a glance it looks normal, but it has two ‘ii’s in it. The software would pick up “this is not in the repository.
It can find all those and delete.
It might also find dodgy files in your WordPress install (which is usually the spot they go for). This can sometimes be remedied within the WordPress install instead, tho some hosting can “reinstall” WordPress without damaging your website – OUR setup can do that.
What about preventing hacks of WordPress?
It’s a little like securing your house – you do as much as possible, but you can still forget things. Do we all lock all our windows at night?
WordPress can get out of date with its core version, old plugins, Subscribed Premium plugins that are out of date, and can no longer be updated, as they haven’t been paid for.
We do have tools that tell us if a plugin is expired but also if it has a known security vulnerability; then we can advise further on this.