In the world of security, the following advice appears to be gold: Keep templates and plugins up to date; use secure passwords and captchas; be cautious about who and what you grant access to, and use a security-conscious web host.
While these are all excellent suggestions, your website is still (and always will be) hackable. We’ve seen and assisted clients with numerous hacks over the years, so we wanted to share some advice that goes beyond simply adhering to security best practices.
Hacking becomes more likely as your user base and reputation grow, and it can happen to anyone. As a result, having a hack recovery plan is the best thing you can do. In the event of a disaster, you’ll know exactly what needs to be done and who can help you. You will not panic and make rash decisions that could turn a crisis into a disaster.
Get the News First
You don’t want a chance visitor to your own website to learn about a hack. The red screen of death with messages like “Danger: malware ahead!” or “This website may harm your computer” is not what you want to see. You don’t want your homepage to be vandalised.
The worst part of discovering a hack by accident is that you most likely won’t be aware of its existence for very long. You won’t be able to comprehend the full extent of the harm.
Installing one or more proactive tools that can identify hacks and alert you is the solution.
Source code and front-end monitors
Pingdom is one of the tools that keep track of your site’s uptime and content updates on the front end. Additionally, there are programs that check your website’s source code for hacks, such as our own HackAlert service. Both can be configured to send different types of notifications, and the possibilities are endless.
Alerts from Google Search Console
Google’s Search Console finds many hacks, but you can’t rely on it for an early warning. Make sure to enable email alerts in the preferences when setting up your site. It’s a smart idea to monitor Google’s security rating of your website. Most importantly, it’s free.
Backup your site
In order to use a backup copy of the compromised website when removing malicious code later, you will need to do so. A backup should be created and saved before entering maintenance mode.
In light of this, ensure that your website is regularly backed up and that multiple copies are kept at all times. A clean copy will be useful if you need to later recover your site. Although your web host will typically create backups for you, there are many tools and plugins you can use to set up backups on your own.
Get Access Logs
Access logs are yet another tool that can be used in the restoration of your website. If they can provide them and how far back in time, ask your host. Some attacks are hard to locate and might need logs from six months ago. Set up your own log-keeping system if your host is unable to do so. Access logs are available for download from the cPanel and hosting-australia.com support can assist in accessing these.
Prepare maintenance mode
It’s crucial to enter maintenance mode as soon as possible. Search engines continuously examine your site’s HTTP status and the content it is serving to users. Your rankings will undoubtedly suffer if your website is unavailable or is serving malicious content.
This is why you should prepare a basic HTML maintenance page in advance of experiencing a hack. While your website is being cleaned, you’ll be able to quickly enable it, minimising harm to both visitors and search engines.
Utilizing.htaccess to direct all requests to an HTML page is the best way to activate maintenance mode. Any malicious files left on your domain will then be forwarded to the mentioned page and become inaccessible in this manner.
Website and vulnerability cleaning
You can either restore from a clean backup or delete the malicious code from files and databases to clean up your website. Regardless of the cleaning technique, you must ensure that the vulnerability is closed off afterward.
Bringing Back a Clean Backup
With their backup tool, most people can complete this option in the shortest amount of time for the lowest cost. It does have some drawbacks, though. You might lose some data if you manage a frequently updated website (e.g. an online store might lose some orders). Additionally, there is never a guarantee that the backup you are restoring is error-free.
Remove malicious code from databases and files.
This is the more advantageous choice, but depending on the hack, it might be very challenging. Use a cleaning service from a third party if you are unsure of your abilities. Attack detection and removal go well beyond the scope of this blog post.
Take the Vulnerability away
This is where the access logs come into play, but once again, doing this on your own can be challenging, so you should feel confident. At the end of the day, you need to be certain that the malicious code, along with the vulnerability used to access and modify those files and databases, was eliminated from your files and database.
Simply get in touch with our support team at Hosting Australia, and they will be more than happy to help. Our support can also help with scanning and cleaning your website.
Conclusion
Change all user, tool, and device passwords that have access to your website after the process is complete (control panel, FTP, SSH, etc.). Ensure that all website contributors follow this procedure. Perform this prior to going live.
Your website’s users and visitors are something else you should think about at this point. Determine whether any of their data was used in the attack by analysing the situation. If so, it’s a good idea to inform users and request a password change as well as any other necessary actions.