Unfortunately, it’s probably just a matter of time before your website is compromised in some way. The important thing to do is to try to implement all the security you can, and be prepared and know what to do in advance in case it should happen anyway.
1) Don’t Panic
If you’ve made sure to be prepared, you have nothing to worry about. You’ll be able to repair the damage, and get your site back up and running in no time if you’ve done the things you needed to do such as back up your information, back up your software, back up your website, and know who to call to get help.
2) Tell Everyone
You want people to know that you were hacked because often times these things spread like wildfire. People know that this is not your fault, and if you’re up front about any information that could have been compromised it gives them a chance to fix any collateral damage that might develop. Plus, you want your followers, fans, readers and community to know what is happening.
3) Call Your Website Host
Even though you are going to call someone in to fix the problem, it’s important to let your webhost know – especially if you share a server. Others on the server could be affected, and you cannot be sure about how far the damage has spread. Don’t rely on them to totally fix your problem, but they will find and remove the code that the hacker has put in. However, you will still need to repair the issues.
4) Shut It Down
Since you have a backup of your site you’re safe shutting down your site for now, until you can get things back up and repaired. Better to be down with a message of repairs being completed than to further compromise anyone else.
5) Change All Passwords
Immediately change every password you use, for every single part of your site, and your business. You have no way of knowing what other type of information they have now that they’ve hacked your site. Definitely change your FTP password, your WordPress passwords, and anything associated with your website’s passwords.
6) Fix the Damage
If you already have a techie professional that can help you then they’re likely already hard at work fixing the damage, using your backups to restore your site to like new. If you don’t already have a professional at your fingertips, you need to consider finding one if you’re not of the geeky persuasion yourself. It’s a great stress reducer to know that someone has your back and can fix things.
7) Change the Passwords Again
This might seem redundant, but you should be changing your passwords every 30 to 90 days. Don’t leave your passwords, no matter how difficult, the same for longer than 90 days. Keeping your passwords updated and changed often will help prevent more issues in the future.
8) Install a Firewall and Other Security
If you use WordPress it’s very easy to use a plug-in to install a firewall. These plug-ins will email you when someone is trying to break into your site and lock them out. There are other security plug-ins that you can get for WordPress that help harden your databases and other files so that it’s harder for hackers to break in.
To lessen the pain of being hacked, it’s important to be prepared. Continuously back up all your work both onsite and offsite so that you have double guarantee to have all your hard work saved to put back up on your new clean server.