You’ve Been Hacked

“You’ve Been Hacked.” These are words that nobody wants to hear. Ever. But chances are you may hear them at some point.

Without knowing anything about your website, there is a very good chance of guessing that you are running it using the popular platform, WordPress. After all, over 27% of all websites today are powered by WordPress. If you are, you are probably aware that great things happen with WordPress; there are consistent and constant updates released for it making it better and better with each upgrade.

You have heard that it is important to keep your software up to date. This goes for your desktop computer, your laptop, and even your website software! There has never been a better time to follow this advice than now! When you learn that a new version has been released, you should upgrade your website (remember to always backup your website before updating anything… Safety first)!

What is so important about the most recent upgrade to WordPress? A recent upgrade fixed a vulnerability that was discovered in a couple previous versions. Technically this update is described as:

An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

What this means in terms that everyone can understand is this: A flaw was discovered that let hackers modify the content of any post or page within a WordPress site without the need to login or provide any credentials.

In fact, by some estimates, over 1.6 MILLION WordPress sites were attacked because of this issue!

I knew it! WordPress is NOT safe I hear you say…

The doom and gloom are out there regarding any security issue. Some past issues allowed hackers to get in and inject links to sites that were so undesirable that you would not want your grandmother to visit them. Other issues let hackers get in and leave files (or programs) that had malware or would send out emails, or do a lot of other harsh things.

What happens if you’ve Been Hacked?

The good news about this recent vulnerability is that it only allowed hackers to modify content. The extent of the ‘damage’ is that your website gets defaced; you can think of it as digital graffiti sprayed on your blog posts. While no one likes to clean up spray paint, it is certainly easier to clean up some spray paint than it is to have to rebuild an entire building.

Of course, the shame you might feel when you see that your website has been spoiled with the words, “You’ve been HaCkEd” is never a good feeling. An even worse feeling is if a client is the one to give you the phone call, “Hi there – I was visiting your website and it says that you’ve been hacked.” UGH.

Truthfully, a defaced website is embarrassing and, fortunately, it is typically easy to fix. In most cases (for this particular hack at least), you only will have to update your website to the latest version of WordPress. Once you do that, the next step is to search through your current blog posts and pages and check them to see if there is no unwanted content on them. Depending on the size of your website, this may be quick, or it may be a time-consuming process. You may want to use the search capability on your site to literally search for the word, hack, and then clean up those pages and posts.

An alternative to correcting all the abused posts and pages (if you have a lot of them) is to restore your website to how it was prior to the hack. If you have a recent backup of your website, you can always restore that version since the backup is clean. Be aware that if your most recent backup is 3 months old, your website will be put back to how it was 3 months ago. You will then need to add your content back to bring the site up to date.

The bottom line is that there are 2 lessons to learn from this: first, ALWAYS have a backup; always take a backup before updating anything on your site. Do this and it is like having insurance on your website. You will never hear someone say, “Darn, I wish I didn’t have that backup copy!”

Second, keep your software up to date! For the most part, WordPress is a very secure platform! You need to do regular maintenance (and regular backing up!) to keep it safe. When an update comes out for the WordPress software, or a plugin, or a theme, make sure you update it soon!

As Sergeant Phil Esterhaus would say on every episode of Hill Street Blues, “Let’s be careful out there.” Taking these precautions will prevent you from seeing the words, “You’ve Been Hacked” appear on your website!

Written By
Adam
Founder of WP Helper.
You will also like these articles

Relax Knowing Your WordPress Site Is Secure & Running Smoothly 24/7

Let us manage your WordPress site, everything from security to updates will be taken care of. Support plans also come with dedicated support so we can do anything from adding content to customising your site for you.

Same Day Professional WordPress Support

Get WordPress Support Today

Need help with a single WordPress problem, today? We can help with anything from adding analytics tracking code to site hack recovery. Full money back guarantee on all jobs.

1. Submit a Support Request

Use our support ticket form below to send details of your problem to our developers.

2. Get a Quote

We will review your request and provide a quote within 24 hours (but usually within a few hours).

3. We fix your WordPress problem

Our team will begin fixing your WordPress problem the same day.

4. 100% Money Back Guarantee

If we can’t fix the problem for the amount quoted we will refund you 100%.

  • Do you have a screenshot of the issue or have a copy of the theme or plugin that is at fault? If you want to upload php, html or css please zip first.
    Drop files here or
    Accepted file types: jpg, jpeg, png, pdf, zip, gzip, rar, doc, txt, Max. file size: 15 MB, Max. files: 10.