BloggingPlatforms - Website, Mobile, Social media

WordPress Website Hacked? 6+ steps to prevent

wordpress website hacked


WordPress website hacked?

Oh Lordy, Lordy! It was ugly. Smelled something awful. Turned my stomach.wordpress website hacked

You’re probably wondering what the bellyaching’s about.


My WordPress website was down last week. The worst of it, I had been feeling rather smug. Two years and no problems with website. Isn’t that typical?

What’s more frustrating, I had actually implemented several security measures. However, as I determined later, it was already too late.

The hack actually happened around early February. The culprit, a new *plugin that I installed. I had done my due diligence. The plugin had checked out, it was being supported & updated. The plugin users gave it a good rating & review. To clarify, the owner of the plugin didn’t hack me, he just had a serious breach in his software. I have made him aware of it.

I spent the half of the week doing research on how to recover a hacked website. Altogether, what a massive hassle. I consider myself fairly competent maneuvering around the internet, with a fair knowledge of using WordPress. Yet, I struggle to understand php & html coding on WordPress. If the instructions are extremely simple and detailed I can follow along.

It finally boiled down to I was over my head. I started putting feelers out looking for assistance. As I lay NOT Sleeping late or rather early Thursday morning, 3am. It suddenly dawned on me.  What if I changed the theme? Would that be a quick solution?

Already awake, I jumped up and by 5am I had a basic website up, with my content transferred to a new theme. I will lose the old theme. Not too terribly upsetting in the scheme of things, since I had already decided to change themes.

Here are what I consider best practices for keeping your website and content safe.

  1. Back-up, back-up, BACK-UP. – the worst of it, back-up’s were happening as scheduled.  With only 2 weeks of backup history, the breach happened prior to those 2 weeks.  Sigh.. Really 2 weeks.
  2. Implement a security plugin that watches for malware and virus.
  3. Keep every theme, plugin & wordpress up to date.
  4. In fact, updating is not enough. Often times the plugin creator will let that project drop and no longer support it. Check on your installed plugins, otherwise it could be suspect for hacking. How to check this vulnerability out:
    1. Login to your WordPress [YourWebsite] Dashboard
    2. View Installed Plugin directory on your WordPress [YourWebsite] Dashboard
    3. View details – click on View details, this will pop up a screen, determine when the plugin was last update
    4. View support forum – click on support forum to discern, if support issues are being resolved by the plugin owner.
    5. My rule of thumb for suspicious plugins – if 6 months have gone by with no update & no support. I recommend searching for a newer plugin.
    6. Apply this same rule of thumb when researching potential new plugins.
  5. Audit the activity on your website – be aware of anyone trying to access your website
  6. Protect against spammers

My recommended plugins for safety measures

  1. Wordfence Security  Anti-virus, Firewall and High Speed Cache. Free plugin.
  2. Updrafts Backup & Restore simplifies backup and with one click restoration, this is my go to backup. Free version, with paid version available.
  3. WP Security Audit log keeps an audit log of everything that is happening on your WordPress. Free and Premium versions.
  4. BruteProtect is a security plugin that guards against botnets by connecting its users to track every failed login attempt across all installed users of the plugin. This plugin is free, with a Pro version in beta.
  5. Askimet checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.  The Personal website is free, Business websites are $5 a month.
  6. Growmap Anti Spambot Plugin adds a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. Free plugin.

Donating and purchasing plugins – These creators spend a lot of time on their products, free or otherwise. Something I have no inclination to ever, ever do. We all want to be paid for what we do, this is my encourage to do just that.

*Not sure what a plugin is. My website is a website. Which allows me to choose a theme and add on software (plugins) to customize my website. I decided not to name the plugin, because the creator is actively trying to fix the issue.


Photo credit: Malik M.L. Williams

2 thoughts on “WordPress Website Hacked? 6+ steps to prevent

  1. Hi Gina,

    Oh wow, that’s never fun to deal with. I’m going to knock on wood though that I have never personally been hacked but my hosting service has which of course affected every blog that was hosted with them.

    Luckily for me I had my backup and was able to go back to the day before and reload everything. That hosting company had been having a lot of problems with their servers so I eventually moved yet again and have been very happy and feeling secure where I am.

    This is one of the reasons I tell people to not load their blogs down with so many plugins. They forget to check for updates regularly and then something like this can happen. Then again, it’s not our fault that the developer isn’t staying on top of things so my heart goes out to you and everyone else that had to deal with this nightmare. Bless your heart, I’m so sorry this happened but I’m sure you’re glad it’s behind you now.

    I did want to share one thing with you. This is my second visit to your blog today and your images aren’t loading. I’ve read your entire post and commented and none of them have loaded yet, not even your author box image. Thought you might want to know.

    Thanks for sharing this with us and I’ll be sure to let my friends know to stay on top of their plugins too.

    Have a great day and glad you’re back up and running.


    1. Hey Adrienne,

      I noticed the image problem also. I found the culprit and it has been deactivated for now.

      I constantly struggle with too many plugins. I don’t even want to say how many. But I am diligent and remove stuff quickly that seems to be an issue.

      I have been trying to learn a little as I go along on php and css, but I have a long way to go.

      Since I wrote this, I have also changed hosting websites. Which runs a lot of the security and malware themselves. This helped me to drop 3 plugins. Yea! though I am thinking about adding the audit log viewer back in, too see if I really need it.

Comments are closed.