You build a blog, put careful effort into designing it either from scratch or through a CMS like WordPress, fill it with excellent content and take care to contract high quality hosting servers; then, one day you visit your main URL and find your browser warning you that it’s being directed to a high risk website, or maybe you type in your URL and nothing appears, just an error page! Or, maybe you even visit your pages and find yourself getting redirected to some other page offering things like gambling pages, or other unwanted pages. That’s how quickly hack attacks can happen, and the result can be deeply shocking if you hadn’t been expecting it for any reason.
Whatever the case may be, don’t go flying into a blind panic just yet. There are solutions that can at least help you recover control of your domain, and maybe, with a bit of luck, you might even be able to get all your data back.
Let’s cover the essential steps to dealing with a blog hack after it’s happened and maybe even coming out of the situation in good shape with everything recovered.
1. Make Sure it’s a Hack
The first thing you should be doing when your website suddenly stops working is checking for the possibility that you yourself may have done wrong before jumping to the conclusion that someone’s hijacked your pages. While this obviously won’t be the case if you’re finding your pages redirecting to malicious sites, an honest personal mistake may be the case if something like an error page appears where your lovely blog used to be.
Thus, just as a preliminary step that might save you from a lot of trouble and worry, think carefully and consider if you might have recently done some faulty reprogramming in your FTP, servers, CMS or site code. If you think this is a possibility, retrace your steps and restore your pages to their last functional previous state. Ideally, you should have been taking note of everything you did as you were modifying your pages.
2. Save All Malicious Programs, and Affected Files
This is a very important piece of general advice that applies no matter what form the hack into your blog took: wherever possible, save copies of all damaged or compromised files and any code, program or malware exe that you locate to a remote medium such as USB. Afterwards, destroy the originals.
Doing this is important since it will let you identify the nature and possibly the source of your blog breach. It might even later be possible to find out exactly how the hack took place or by whom it might have been perpetrated.
3. Check your Local Machine
Not all attacks come directly from the outside web; some can get into your site/blog servers as already concealed malware or a virus that was on the local machine from which you access your servers through FTP.
Thus, scan the local machine with at a combination of malware detectors and anti-virus software and delete anything suspicious that you find after you’ve noted its name and made a copy for storage to a separate medium like a USB stick. You can also run a search of all exe files and look for suspicious executables to do the same to – if doing a direct exe search, be careful not to accidentally delete your own system files.
4. Make A Record of What Happened
One of your first procedural steps should be to automatically make a record of everything you note as soon as you notice it. Thus, once you start to notice something is wrong with your site or blog, immediately note down when you first noticed it, what exactly you noticed and what pages, processes or files you think have been affected or damaged.
Doing this establishes a more reliable and useful body of evidence for not only detecting the specific cause of your intrusion/functionality problems, but also for fixing them much quicker and avoiding future recurrences.
5. Close off FTP
Once you’ve noted the details of a potential hack on your blog, go into your hosting control panel and try to shut off your FTP accounts for the time being; be aware that not all hosting providers allow this option, but check to make sure because it’s a useful control step.
Once you’ve disabled FTP, go through all the accounts for which it had been enabled and change their passwords. FTP may not have been the entry vector for your blog problems, but it’s an effective damage control step to take while you still don’t know exact causes for a hack.
6. Contact WordPress or Other Provider
As soon as you’ve noticed a hack into your blog, contact WordPress to explain to them everything that you’ve noticed, done and recovered.
This is an important step to take because by talking to them you can not only get additional security assistance, but also find out if the intrusion that’s affected your site might be part of a bigger problem that’s also hit others with the hosting service – especially if your blog is running off of shared hosting.
7. Change all of your Passwords Right Away
We’ve already mentioned disabling your FTP and changing all of the account passwords for it, but to be extra thorough, you should also go ahead and change all other site related passwords; including those for MySQL, your actual hosting Control panel, any accounts it is accessed through and your passwords for any CMS dashboards you have such as those that WordPress presents to its users.
8. Replace all Existing Plugins and Core Files
If you’re running your blog off a popular Content Management System like WordPress or Drupal, then you’re probably running a whole host of plugins and addons for different parts of your pages functionality and viewer experience management. If so, start updating them.
Download and install the core files for the latest version of whichever CMS you’re using, and replace all of your plugin applications with their latest counterparts. If any existing plugins are so old that they don’t even have newer versions available anymore, then get rid of them completely.
Outdated site software and platforms are a major cause of all hacker and malware intrusions
9. Start Backing Everything Up
Back up whatever is still safe on your blog as soon as you can after you’ve noticed a hack. This is something you should have been doing regularly anyhow but if not, then start now before the hackers or malware cause further damage.
Don’t worry about accidentally backing up malicious files along with all of your remaining unharmed blog content; you can later filter through the backup copy under controlled conditions for anything suspicious.
10. Implement Preventative Steps
Finally, if you’ve managed to work calmly, follow the steps outlined above and recuperate your blog after some fast damage control, you should now proceed onwards with more of a mind for security against future attacks.
This means following all basic security steps such as effective password control, restricted FTP access and buying into highly secure or even dedicated server hosting. Additionally, it also means continuing to make regular backups of every single page and piece of information on your blog so that you’re ready for minimal blog downtime in case of future hacks. Companies like LWG Consulting and Telus exist to help with issues after a data breach has occurred. They deal with digital forensics and can be extremely helpful after a cyber attack has occurred.