Everyone wants to think that they won’t be hacked. Usually, they’re wrong. You don’t need to tempt fate by insulting Anonymous or documenting a particularly lulz-worthy obsession. Some hackers try to crack into websites at random as a badge of honor or to advertise their skills, so every site is at risk.
Small sites are particularly vulnerable. Joe Q. Blogger isn’t a security expert and, yes, may neglect to upgrade WordPress every now and then. So what happens if you blog does end up hacked?
Take A Breath
If you’re reading this, there is a chance that you just found out your site has been cracked like an egg. Take a deep breath. You can often recover from the damage that’s been done and it’s entirely possible that the problem exists not with you, but with your web host.
Check With Your Web Host
Hackers don’t need to go after your specific site to deface it and, if they don’t hold a grudge against your site specifically, they often don’t. Instead they go after web hosts, looking for weak spots that allow them to deface hundreds or thousands of sites at a time.
I’ve personally experienced this. Someone hacked the web host of an old blog and caused every site on that specific server to re-direct to a “You’ve been hacked!” page complete with an instant messenger contact, presumably so the hacker could try and scrape money from alarmed site owners looking to reverse the damage.
Email or call your web host and see if they’ve come under attack. If so, there’s not much you can do besides wait. It’s rare for a broad attack against a host to wipe out data permanently, so your site should be back to normal shortly.
Survey The Damage
If your site has been specifically targeted, the damage is likely to be more severe. There’s still a good chance that the hacker will have only changed a few files in order to re-direct to a “You’ve been hacked” page, but loss of data is not unheard of.
Look at your file structure and see if anything is missing. Also open up configuration files for your blog and/or website and scan them for changes to their code. This is where a local backup becomes handy. You can use the local copies for comparison with the ones on your web host, which makes spotting changes to the code infinitely easier.
You may at this point wish to back up your site’s current state (make sure you don’t overwrite your existing backup!) This will give you time to look over the files later while minimizing downtime for your site.
Restore Your Website
If the problem is not your web host, restoring your site is up to you.
With a blog there’s an excellent chance that the attack only reached as far as your configuration files. This means that once you are able to restore those files your blog should work the same as before without any loss of content.
A website could be a different matter, depending on how you’ve structured it. Restoring your website may be as simple as drag-and-dropping files from your backup to your web host’s server using an FTP client. It depends on how you’ve built the site – and since you built it, you probably know better than me.
If your database information has been compromised you will need to restore that, as well. Once again, a backup is invaluable and will turn a potentially crushing blow into a small setback.
Without any backups, your options are limited. Try Google Cache if you’re desperate. Any content that has been up for a week or more should be available, but you will still need to restore the rest of your site from scratch. Once again, blogs are easier. A re-install of WordPress can be accomplished in just a few minutes.
Update Your Security
Once you’ve restored your website it’s important to make sure that it is secure. It’s possible that the hack exposed your passwords or introduced hidden code that can be used later as a backdoor. To ensure security, follow these steps.
- Look through your site’s files to find any new code that has been introduced. If you don’t have time for that and have a local backup, use the local backup to overwrite the files on your web host.
- Change all passwords. This includes the account you have with your webhost, CPanel (or any other back-end) and any databases on your web host. If the password you used for your site was the same as the password used by other accounts (such as your email), change them as well.
- Run a malware scan on your PC and make sure a firewall is active. It’s unlikely, but possible, that the hack was made possible by a trojan on your local machine.
- Update the software used by your site to the latest version. This will ensure that known exploits are patched.
- If you’re feeling paranoid, try an intrusion detection system such as Tripwire orSnort. This is getting a bit far up the skill ladder, however, so implementing this probably is not worthwhile unless your site is popular.