When your website has been hacked, it’s easy to panic. After all, every second of downtime counts, and if the hackers have defaced the site or deployed some kind of message, it reflects badly upon your brand for as long as the hacked site is still online.
The first thing that to do is to restore your website from a backup and to boost its security settings. If you just restore your old site without boosting its security, you’re effectively holding up a big banner that says “hack this page”.
We’re going to assume that you’ve already restored and secured your website and that you’re now more concerned with making sure that the search engine optimization of your site hasn’t been affected. And so with that in mind, read on to find out what you need to do after your site has been attacked.
One of the first things that you’ll want to do is to re-download WordPress.org and to use it to ensure that you’re running the latest version and that all of your files are clear of malicious code. Pay particular attention to the “last modified” attributes of key files across your WordPress installation including your header.php and footer.php files. If they’ve been recently updated, it could be as part of the hack.
Read up on what to do
The next step is to read up on what to do, and you’re off to a good start with this article. You can also view step-by-step tutorials for specific hacks or investigate the official WordPress documentation to try to understand what went wrong. You can also read here for essays and other information on WordPress.
Check website for malware
The first thing you should do after your website has been hacked should be to check the website for malware. Once you’ve confirmed to your satisfaction that the malware has been removed, the next step is to install a WordPress security plugin. Here are just a few of the best.
Set up redirects
If the hackers created temporary pages on your website, you can combat any damage by setting up 301 redirects. These can point to a blog post or notice about the hack and inform users that they’ve visited a compromised URL, apologizing for any inconvenience. This will improve user experience and retain the value of any compromised pages that were indexed by search engines before you fixed them.
A common trick among hackers is to change the metadata of website pages in what’s essentially a form of cyber-graffiti. Accordingly, you’ll want to check the metadata across your site and pay particular attention to meta titles and meta descriptions. If they’ve been changed, you’ll want to change them back before your site’s previews are defaced on search engine results pages.
Check Webmaster Tools
Google’s Webmaster Tools will allow you to view all sorts of information about the health of your website, including whether it’s been flagged for malware or other issues. You can also request a re-crawl of your website through Webmaster Tools, which can help to update the cached version of your site and to clear your name after any damage that the hackers might have done.
Ask for feedback
Trying to hide that you’ve been hacked is a terrible decision, especially when you could instead be asking people for their help. Communicate the fact that your site has been compromised and ask people to report anything suspicious. This will help you to pick up on anything that you might otherwise have missed.
Now that you know what to do if your WordPress website is hacked, the next step is for you to make sure that you’re ready to spring into action if something does go wrong. Just remember that fixing the hack will only get you so far, and so you’ll need to update your security settings to avoid being targeted again.
With the website restored and secured, the only thing left is to make sure that your website’s SEO hasn’t been compromised. The good news is that if you follow the advice that we’ve shared throughout this article, you’ll be off to a good start. Good luck.