The unfortunate happens and your WordPress site is compromised. You fix your site through backups or SiteLock’s malware removal service, yet you still feel at unease.
After Your Hacked WordPress Site Has Been Cleaned
The truth is, once a website recovers from a compromise, there’s a bit more to do. Taking a few simple, post-compromise steps can help harden your hacked WordPress site from future attacks and possibly ease administration. We’ll discuss steps to improve WordPress user security, add preventative security measures, and improve maintenance techniques to aid recovery if the worst happens again.
Passwords and Logins
After recovering from a compromise, it’s recommended to immediately change the passwords for all users, using strong, non-dictionary passwords. And, no, ‘qwerty123!@#’ is not a good password.
Use a cryptographically random password generator, like Gibson Research Corporation’s Ultra High Security Password Generator, grab and set a password of appropriate length, and store the password in a password manager, like KeePass or LastPass. Also, if you are still using ‘admin’ for the username of the administrative user, change it to something unique. This prevents attackers from brute forcing a well-known username.
You can’t hide the fact a site runs WordPress from attackers, and once they know your site runs WordPress, they know the login URL of example.com/wp-login.php. Attackers can then use this easily gained information and attempt to brute force the login page. To help prevent brute force attacks you can install a login obfuscation plugin, like WPS Hide Login, that changes the login URL to something less guessable. There are also other security plugins which limit the number of login attempts an attacker can perform in a certain timeframe. Adding a login attempt limit ensures bad actors don’t have carte blanche to brute force accounts.
After users and the login page are secured, the next step is assure proper WordPress maintenance.
- It’s recommended to keep a closer than normal eye on the WordPress install for any changes or suspicious activity to verify there are no leftover effects from the compromise.
- Update WordPress to the latest version and update every theme and plugin you are using.
- Remove any unused themes and plugins. Out-of-date versions of WordPress, themes, and plugins provide easy targets for attackers as vulnerabilities are published and bad actors to scan for said vulnerable plugins and themes.
- Ensure regular backups of the site content and database. Sometimes hosting providers provide backup services, or there are plugins which provide backup assistance or services. It’s strongly recommended to save backups off of the shared hosting account or server to avoid the backups from being compromised as well.
The next step after maintenance to harden a post-compromise WordPress site is to add preventative security measures. Adding a web application firewall, like SiteLock TrueShield, will block malicious traffic from even making it to the site. A web application firewall, or WAF, also prevents malicious scanners from repeatedly testing your site for vulnerabilities and attackers exploiting those vulnerabilities. After that, adding a malware scanner like SiteLock INFINITY will detect malicious code or files on your WordPress site and automatically clean the malicious code.
Recovering from a WordPress compromise is a stressful experience and no one wants to relive it more than once. Using these steps to harden your site after an attack will help prevent a dreaded second compromise.