It can happen to anyone. Despite your best efforts your WordPress website can become compromised. Once you recover the content of your website and restore its proper functionality, here are a couple of other important things to check for to protect yourself from recurring attacks.
Install a security plugin
If you have not done so already, make sure you have a plugin in place that will provide a firewall and early detection system. We recommend WordFence, which is an industry leader in this area. Running a security scan on a regular basis will help you detect potential weaknesses of your site and identify any malicious software that sneaks in.
Check admin accounts
The attacker could have created an administrator WordPress account to log back into your site in the future. Be sure to look at the list of users registered who have admin access to the site. Remove anyone that looks suspicious or is no longer associated with your organization. The attack could also have come from a compromised password. That’s why we suggest resetting all the administrative passwords for your site.
Check the plugin directory
A very common remnant of an attack on a WordPress site is code left behind in the plugins directory. This code can also become a backdoor for a future attack. To look for these, you will have to access the directory structure for the site either via FTP or cPanel. In the wp-content/plugins directory check to see if there are any subdirectories with strange names (random strings of characters) that do not correspond to any plugins listed in the WordPress Dashboard. Delete all of these directories.
Check outgoing links
Outgoing/External links – links that take you from one website to another are very valuable for Search Engine Optimization. Attackers often work to gain access to your site to leave behind links back to the website they are trying to promote. These links are often hidden from view. You can look for outgoing links using tools like https://www.siteguarding.com/ and check for broken links with https://www.brokenlinkcheck.com/. Once you identify them, you can just delete the associated content.
Check posts, pages and comments
Another common intent of an attacker is to generate not only links but entire posts and pages with suspicious content. Take a closer look at the list of posts, pages and comments in your Dashboard (including drafts and trash) to make sure all the content listed was created by your team and is relevant to your site.
Bring in WordPress experts to help
Ultimately the above are some top level things you can do in a pinch which will help to restore and protect a hacked site, but the wisest approach is to bring in a team of experienced WordPress experts to help you recover from an attack and fortify your website against future attacks. If your site has been compromised and you need help restoring it, reach out, we will be happy to help.