The unfortunate happens and your WordPress site is compromised. You fix your site through backups or SiteLock’s malware removal service, yet you still feel at unease.
The truth is, once a website recovers from a compromise, there’s a bit more to do. Taking a few simple, post-compromise steps can help harden your hacked WordPress site from future attacks and possibly ease administration. We’ll discuss steps to improve WordPress user security, add preventative security measures, and improve maintenance techniques to aid recovery if the worst happens again.
After recovering from a compromise, it’s recommended to immediately change the passwords for all users, using strong, non-dictionary passwords. And, no, ‘qwerty123!@#’ is not a good password.
Use a cryptographically random password generator, like Gibson Research Corporation’s Ultra High Security Password Generator, grab and set a password of appropriate length, and store the password in a password manager, like KeePass or LastPass. Also, if you are still using ‘admin’ for the username of the administrative user, change it to something unique. This prevents attackers from brute forcing a well-known username.
You can’t hide the fact a site runs WordPress from attackers, and once they know your site runs WordPress, they know the login URL of example.com/wp-login.php. Attackers can then use this easily gained information and attempt to brute force the login page. To help prevent brute force attacks you can install a login obfuscation plugin, like WPS Hide Login, that changes the login URL to something less guessable. There are also other security plugins which limit the number of login attempts an attacker can perform in a certain timeframe. Adding a login attempt limit ensures bad actors don’t have carte blanche to brute force accounts.
After users and the login page are secured, the next step is assure proper WordPress maintenance.
The next step after maintenance to harden a post-compromise WordPress site is to add preventative security measures. Adding a web application firewall, like SiteLock TrueShield, will block malicious traffic from even making it to the site. A web application firewall, or WAF, also prevents malicious scanners from repeatedly testing your site for vulnerabilities and attackers exploiting those vulnerabilities. After that, adding a malware scanner like SiteLock INFINITY will detect malicious code or files on your WordPress site and automatically clean the malicious code.
Recovering from a WordPress compromise is a stressful experience and no one wants to relive it more than once. Using these steps to harden your site after an attack will help prevent a dreaded second compromise.