Got Hacked? How to Get Back on Track

Recent Tweets

So your website has been hacked. All your pages are gone and you can’t log into anything to make changes. What do you do and how do you fix it?

I’ve been hacked twice in the past 16 months, and the first time it happened, I was extremely scared, nervous and pissed all at the same time. The second time around I was able to handle the situation with a little more composure.

***NOTE: I believe I keep getting hacked because I haven’t done a very good job of keeping my WP up-to-date. Keeping WP up-to-date is your first and best defense, but if it happens…read on.

One of the first things that comes to my mind when I run across that horrible “You’ve been hacked” message on my homepage is concern about being able to retrieve all of my posts. Ideally you should be continually backing up your WP database to keep all of your posts and comments stored. Depending on how often you post on your blog will determine how often you should update your database. I only write between two and four posts a month and I try to back up my database once a month. That way if for some reason I lose all my posts, I’ve really only lost the ones since my last back up. If I posted five times a day, I would maybe backup the database twice a week. It basically comes down to how many posts you think you can afford to lose. There are a few plugins that make backing up your database easier but you can also go the manual route.

Steps to getting your blog back

So my first step in getting my blog back to normal was to make sure I had all my posts backed up. As soon as I realized I got hacked, I tried to log into my dashboard. No luck; can’t get to that page.

Since I had no access to anything WP, I had to back things up manually. I logged into my cPanel and went through the steps for backing the database through phpAdmin. Luckily with the type of hack that got my site, all of my posts were intact.

Once I was able to download multiple versions of my database (just in case one doesn’t work for some odd reason) I was able to move onto getting my blog back to normal.

You’ll also want to make a copy of the themes that you are using because you’ll have to upload those as well. If you have FTP access you can download them from your site, or you might already have them on your system.

When I was researching how to handle a hacked website, I ran across several articles that mentioned looking for specific php code snippets on certain pages. I didn’t like this method because it could mean hours of searching through code and possibly never resolving the issue. So I went another route.

Download the newest Wordpress

I went and downloaded the newest version of WP.  Since I don’t know how hacks work and what files they use, for me, the best alternative was to re-upload almost everything and overwrite the existing files.

The wp-config file has all of your settings that connect your blog to your database so you need to make sure this file is updated before you upload the new files.

Here’s what you do:

  1. Open the new wp-sample-config file from the new WP download.
  2. Open your old wp-config file.
  3. Update the new wp-sample-config file with the settings from your old wp-config file and save it as wp-config.

Uploading your new WordPress

Now you can safely upload your new WordPress and hopefully all of your posts will still be on your site. If they’re not, you’ll need to look into restoring your database from a backup.

Depending on which version of WP your updating from you might have to upgrade your database, but WP should walk you through those few quick steps.

Here is a detailed guide on installing WordPress and upgrading WordPress if you need it.

You’ll then need to upload any root level files you might have. I have a robots.txt file, my .htaccess file, and a few others that support the performance of the site.

Check your site to make sure all posts come up and links work before moving on.

Getting your themes and styles back

Whenever I go through something like this I make sure and go very slowly and update only a few things at a time. You want to make it easy on yourself. If you upload a bunch of files and then realize the site doesn’t work, then you need to go back through every file. If you only upload one thing at a time, then you can easily remove the one corrupted file and keep moving.

By now you should have a base WP install. All of your existing posts are on the site, but now you need to upload your previous theme because WP is using one of the default themes.

Upload your previous theme only. Don’t upload any of your plugins yet. It was noted in some of the “getting hacked” articles I read that hacker code can be placed in plugins, so we’ll get to those in a few minutes.  Upload your theme and activate it, then check your site and multiple pages to make sure everything looks good.

Adding the bells and whistles

Now you should have your existing theme and your posts back, so it’s time get all of your plugins working again.

If it was me, and it was me last week, I would upload each plugin one by one just to be on the safe side.

  1. Upload the plugin
  2. Activate the plugin through the dashboard
  3. Test the site and multiple pages before moving on to the next plugin.
  4. Rinse and repeat until you have your blog back to normal.

I know this might sound like a lot of steps but I was able to get my blog back in about an hour, once I finally realized what I needed to do.

In a way this hacker actually helped because it made me clean up my system and files. I previously had about 30 plugins uploaded but wasn’t using a lot of them. It was always confusing which ones I had tried and which ones I disliked.  I removed all the unused files and my dashboard has never looked so clean J.

Getting hacked is never a good feeling, but don’t let it overwhelm you. All you need to do is follow a few steps and you can get your site back and running smoothly.

On a side note, if anyone notices something that looks broken or not how it used to look before, please let me know in the comments below.

Join the conversation 4 Comments

Commenting is not available in this section entry.

Look in the archives