Here at Nalcro we can’t stress the importance of keeping your website, plugins, server updated and passwords secure. We know from first hand experience what can happen if you don’t. Believe it or not there are people out there who have a hobby of hacking sites. Their reason for doing so can be personal, paid “hitmen”, hold it for ransom and extort money from you or simply for fun and bragging rights.
Taking advantage of outdated code found in your website or using brute force with an ftp program and password generator they can get in where they shouldn’t be. Some times the damage is minimal, a new homepage or added text / images just making fun and showing off their “pwn” of you. Easily fixed once you get back in, however some times the damage might not be fixable from your end and require a payment to gain control of it (we advise NEVER to submit payment to these hackers or any ransomware program). In a few cases the hack might be irreparable and purely malicious wanting no fame or payment just to simply destroy your website.
Always look out for updates for your website, if its a WordPress website you will see a notification up the top of your dashboard for new WordPress versions available and the plugins menu on the side bar will have a notification next to it. We recommend logging in at least twice a month to check for updates and to use a long complex password for your website settings (cPanel, FTP etc) and all admin accounts. Also select any option that will let you hide your personal details, for a small extra cost, when buying a domain (ask for this if your host/website designer is buying it for you). Keeping your personal information private helps deter from social engineering methods.
If you think you may be at risk or have already been hacked there are a few websites that can confirm this:
HaveIBeenPwned.com – a user name and email checker that will search against any leaked or hacked websites that you have an account with.
Zone-h.org – Is a site that records hacks and the hackers who claim them, it’s sort of an unofficial boasting site among hackers as it can show their alias and the changes they added and if it was to an important site .gov etc.
Depending on each case of course the best way is to do a restore from a back up. Contact your hosting provider asap and wait for their advice.
Alternatively if you have some knowledge and are still able to get, log into your server with an FTP client. Sort the files by date modified to make it easier to find any that have been added or edited by the hack. Be sure to go through every file in every folder, some may have been added deep in your theme folder for example. Remove and try fix these, google can help you lots here. As long as any files weren’t deleted you should be able to restore your site. However be prepared for the worst and the eventuality that you may have to rebuild your site (see backup regularly).
Change all your passwords after any hack or leak or even every few months to be that bit safer.