Yes, it happens.
For starters, you don’t cry and you certainly don’t ignore it. Don’t get angry (well, it’s actually a source to channel some great Spartan workouts, but that’s another discussion). You can do this. We’re either going to RECOVER ourselves or we’re going to hire someone to do it. The more you know what’s involved the less overwhelming it will be (on the other side of FEAR is knowledge). 🙂
If you are here for PREVENTION, click HERE:
STEP 1: ASSESS & DETERMINE NEXT STEPS
Go here: http://www.google.com/intl/en/webmasters/hacked/ to see a video Google created that explains everything!
- How and why sites are hacked
- Process to recover a site and remove the user-facing warning label
- Time-to-recovery depends on extent of damage and technical skill of administrator
- Two options:
- Do it yourself
- Get help from specialists
STEP 2: BUILD TEAM OR DO YOURSELF
Do you have skills and are doing yourself? Follow the below. Otherwise, do get yourself a good professional recommendation from your network. We’re happy to help walk you through the steps for a nominal fee.
STEP 3: THE PRODUCTION LIST
1. Contact Hosting Company to determine shared server is secure with infection or if its just you who is toast. If yes, request change server. If you have money, go to shared virtual server which attracts more serious clients. If you have even more money, get a dedicated server!
2. Log into Google Webmaster Tools launched (specialists know how to do) – will be using tools to review and fix search
3. Assess the Damage and Identify the Vulnerability.
- Compare WordPress code to the original source (hidden malware pops out as a big ugly difference)
- Compare theme code to the original source
- Remove any malware found
4. Clean and Maintain your site
- Update WordPress to the latest version. Doing this ensures that there are no security loopholes, which I’m sure there was!
- Remove unused themes from WP
- Update WP Theme, create child theme to protect existing customization
- Update all plugins and remove any unused ones
- Install Sucuri Malware protection plugin which monitors that no files are changed, prevents hackers from accessing certain files & hides them, etc.
- Remove any open contact forms where URL injections could have taken place and use 3rd party secure tools like JotForm
- Review MySQL database and determine what cleansing needs to take place.
- Determine if we can safely add .htaccess code to disable PHP execution in subdirectories
5. Request a Review at Google Webmaster Tools!