We don?t just write content here at Coastal Content. We also publish them to client websites and manage blogs too. With a background in IT and security, I am well placed to manage many of the most common threats to a website. One of those key skills is recovering from a hack.
Recovering from a website hack isn?t just a reactive task. It has to be proactively planned too. As part of our blogging service, we can perform WordPress security audits, scheduled backups of your website and undertake a series of measures to prevent as many hacks as possible. No website will ever be completely invulnerable to hackers, but the harder we make it, the fewer hackers will make the effort.
Having just had to recover a hacked website for a client, I thought I would put together this quick guide on how to recover from a website hack. We can do all this for you of course, but forewarned is forearmed.
1. Plan for the hack
If you run a commercial website, you may as well assume that you will be hacked at some point. By planning for it, you can speed up response time and mitigate against hacks as much as possible. It will all help you respond quickly and minimise any damage to your site, business and reputation.
Plan. Build a placeholder index page telling visitors that your site is offline and why. Once you discover the hack, you can quickly upload this page to stop visitors being exposed to any malicious code planted on the site or any damage done to it. Prepare a statement in advance too. This can be emailed to customers explaining what has happened, why and what you?re doing about it. Prepare another email for when everything has been restored.
Make a backup of your site once a week and have it sent to you via email or save it somewhere offline. This will speed up recovery immeasurably. Storing it elsewhere will preserve its integrity from the hack.
When you?re hacked.
Take the site offline
The moment you know your website has been hacked you need to take it offline immediately. You need to prevent customers seeing the damage and avoid any malware injections as mentioned above. You also need to ensure Google doesn?t notice you were hacked and placing a warning onto the page.
Upload or rename the placeholder index file you made while planning so all visitors see it instead of the website. Send that first email statement to your customers explaining the hack.
Do not delete your website files yet. Your security team or ISP may need them for investigation. You want to know how you were hacked so you can plug the gaps and stop it happening again.
Work with your ISP
Talking to your ISP is an essential part of recovering from a website hack. If you use shared hosting, your site might not be the only one affected. You may also need help scanning for malware or malicious code. At the very least they can help identify a hack and when, where and how the hacker gained access to your website. They can then format your web share to ensure any malicious code is securely deleted and safe for you to upload a backup.
Your ISP may also add monitoring to your account which may catch future hacks as they happen or quickly after.
Load the backup
Once your ISP gives you the all clear, upload your backup and test it. If it all looks good, rename or remove your placeholder index page and let the public back into your website. Test the site again from your desktop, tablet and/or mobile just to make sure.
Make sure you and all users change their passwords immediately. If your CMS allows it, enable two-factor authentication and captcha to prevent bots accessing the site as much as possible. Add any other security measures as suggested by your ISP or development team.
Now you can send that second email explaining what happened, what was accessed, how and what you have done about it. A well-informed customer remains a loyal customer.
Recovering from a website hack is a process just like any aspect of disaster recovery. Plan it beforehand, initiate those backups and mitigate against it as much as possible and that process becomes easier. Ignore the possibility and recovery becomes a long, hard slog. We know which we would prefer!