4 Things You should do to Prevent any Hack

Posted on by Mario

5-things-you-should-do-to-prevent-any-hacks

It seems like hackers always find a way to attack any sites, if your website is one of them, don’t be upset, re-upload it immediately and do these 4 things right after you find your site is hacked in order to prevent any hack attempt in the future before calling any web developer expertise to solve your problem.

  1. Understand what just happened

When your site has been hacked, there are number of possibilities that may happen regarding to this, first it can be to poor maintenance or due to bad plugins. If you have no idea, if your websites have been hacked or not, you can take a look several hints that can give you signs that you are being hacked:

  • Google has blacklisted your website;
  • Google search result pages show ”this site may be hacked”;
  • Your host has disabled your site;
  • Customers notify you via their local AntiVirus applications;
  • Your website is not behaving correctly or generating odd errors.

Bear in mind that knowing what happens to your website is half the battle since hackers try to hack your website all the time.

  1. Brace Up Your WordPress Security

There are a lot of things you can do, but at least address the following:

  • Generate New Security Keys for WordPress

Step 1 is to copy/paste these codes in your wp-config.php:

define(‘AUTH_KEY’,         ‘>f8WY(G1ED*-uk)mPxG*!6a~^J2toVWSIFOshT${gn|oT t|v8aba<Fh;pFP`yid’);

define(‘SECURE_AUTH_KEY’,  ‘<iR+Ar.`VQ!3HYa#R+AI*MC2Sc,${6v_.L#$t4;)%eZ=@|.b>b:qy|@X]Vb3W|RH’);

define(‘LOGGED_IN_KEY’,    ‘1E>><mq?hvpmS{3D#KF1|x#.rc6sCQHZTZ}*;*Z2t6T*f_z#jGlbzSf@DvLgckKU’);

define(‘NONCE_KEY’,        ‘OXcWKI/9xDf@$yMB27+o/L&bnAROa%Ve4|Ir]6qa+y8p.`}>`I1b7)dmaDi{$?[Z’);

define(‘AUTH_SALT’,        ‘Mb<5yV36&|SS#!gC#^jw*8|)hL-EP@M(mPuAe+;18D|Ju3+Jh239)tRwX4HD([7o’);

define(‘SECURE_AUTH_SALT’, ‘E*1|=#nsgx_Q{:GKa|sJ|Q!>14W&)LEccK-[[ K[=sQM%<D|*UDhq>qOzY5.rw=`’);

define(‘LOGGED_IN_SALT’,   ‘DE[?b$ZN/A25@0_lLnMD>+_$jeEqEFo=>t?-qa{GY4D-2PZD[`C2l.j2Zi(N)~dd’);

define(‘NONCE_SALT’,       ‘bWnj/%_FEz]zF*j9njk^FY?uwDkQU^|c-Tu!Vm3S_U[#c2kaTb+F.vcu=[Jx4wn+’);

Save the file and the first step is done.

  • Reset Your User Passwords

In some cases, hackers will try to attack your sites brutally by guessing your username and password, so please don’t use ‘admin’ as your username and ‘12345’ as your password. In fact, it is important to change your password after a hack and secure it with a complex structure, such as combine upper/lowercase, use special characters and numbers.

  • Reinstall the core

Another important recommendation is to remove and reinstall the WordPress core manually. Instead of updating/reinstalling feature via your dashboard, you can use your favorite FTP/SFTP client and manually replace the files. Usually the attackers like to embed their files deep in your file structures, and a very common is within the core directories (i.e., /wp-admin/ and /wp-includes/).

  • Reinstall your plugins

It may sound too drastic, but this is the only way that you can do to make sure no malicious code remains on your website, this act means a fresh reinstall and hope all the additions and insertions of the hack disappear.

  1. Restore a BackUp after the Hack

Solid backups are necessary to restore your website quickly after a hack. It might require you a few updates, but in this way, you can keep your site up and running.

  1. Keep Your Website Up-to-Date

Older version of WordPres is vulnerable from hacker’s target this is why you need to stay away from plugins without updates in the last two years. You can figure out the version of your WordPress in readme.html file or sometimes even right in your source code.

The point is to keep your plugins and WordPress up to date, this advice applies for activated and deactivated plugins since these are just as vulnerable. Only by this way, you can make sure to update all of your software after a hack.