What To Do If Your WordPress Site Has Been Hacked

Last week I was hired to help an artist get her WordPress blog back up. When I went to the site all that was there was a blank white page. At first I thought it was a simple plugin conflict and if so a quick fix, but alas it was not.

The site was hacked with Malware/iframe virus code.

The first thing you have to do when this happens, as outlined in this great article from WordPress, is stay calm.

Ya right, your site is gone, all your hard work and Google may penalize you.

No really, you must get hold of yourself, there are logical steps to take to get your site back online and one of them is to use your WordPress Backups, but first…

  1. SCAN your computer for Malware and viruses. It could be that you inadvertently downloaded something and infected your computer. The Malware is lying in wait for you to upload something to your site and then goes with it.
  2. CHECK with your hosting company, they should be able to remove the virus.
  3. CHANGE your FTP, WordPress and database passwords. Also change the secret keys contained in your wp-config.php file. There is a link there where you can generate, copy and paste them in to the file.
  4. UPGRADE WordPress and plugins will help prevent a hack in the first place. This is one of the most important things you can do to protect your site. If you are at all uncomfortable with executing upgrades, Artbiz offers an upgrade service.
  5. DELETE everything and start over. Not what you were hoping to hear but sometimes this is the most expedient way to restore your site. Download and install the latest version of WordPress and restore a clean copy of your database from your database backup.
  6. BACKUP! Keep at least three weekly database backups. If you backup daily then you may want to keep a weeks worth so that you can go back far enough to get a clean copy.  You can export a database backup from PHPMyAdmin or install a database plugin that will export a backup right from the WP Dashboard.

Regarding item #6: The WordPress Export Tool is not the same as a database backup.

The export tool only creates a file that contains your post, pages and upload content, while a database backup creates a file that contains your site configurations.

It is important to note that the while the database backup does contain the site configurations and even NextGen Gallery image descriptions, it does not contain the physical images, themes or plugin files.

You should be performing both forms of backups, because if your database can not be restored at least you have your content!

What steps have you taken to create WordPress Backups?