Your Site Has Been Hacked, Now What? Michele Butcher CantSpeakGeek.com WPSecurityLock.com @Michele_Butcher Slides can be found at: http://mlb.pw/WCSD2015 @Michele_Butcher
WordPress Specialist at WP Security Lock Head Geek at Can’t Speak Geek Sometimes a designer of pretty websites and graphics Southern Illinois Meetup Co-Organizer Beginners and Intermediate WordPress Instructor at John A Logan College Michele Butcher @Michele_Butcher
First option: Pay someone else to clean it. There are many options out there who will clean your site. Here is who I suggest. WP Security Lock https://wpsecuritylock.com Sucuri Security http://sucuri.net/ @Michele_Butcher Hack Repair http://hackrepair.com
Second Option: Clean it yourself • Cheapest • Most time consuming • No one knows your site better than you do • You just have to know what to look for I do not suggest this if you are not comfortable reading HTML, PHP, and CSS. @Michele_Butcher
This is a good time to make an audit of everything on your site and delete what is not being used. You can always add other themes and plugins back later when you need it. @Michele_Butcher
Check your users! • You could have unwanted users • Delete the unwanted guests immediately • if you use “admin” as a username, delete it and make a new user name • Delete all users that are no longer using your dashboard (Old devs, designers, guests) • Only give others the access they need, not what they want. A guest blogger should never be an admin, only a contributor. @Michele_Butcher
Add some Security to your site • iThemes Security or iThemes Security Pro • Jetpack (BruteProtect and VaultPress) • WordFence • Sucuri Firewall Some trusted plugins @Michele_Butcher
Change your login information • WordPress Logins and passwords • cPanel Logins and passwords • Database logins and passwords (Remember to change them in your wp-config.php) • Hosting Logins and passwords @Michele_Butcher
When it comes to usernames and passwords, here are a few tips. • NEVER use “admin” as a username and “password”as the password. NEVER on anything! • The harder a password is to remember, the harder is to hack • Use something like LastPass, 1Password, or KeyPass to store your passwords @Michele_Butcher
A note on updating If you use a theme and/or plugin that was purchased from Envato, Theme Forest, or Code Canyon please mark the box under each purchased item on the download page to be notified by email of updates. That is the only way they notify their customers of updates. This is part of the reason the RevSlider Soak Soak infection was so high. @Michele_Butcher
Only use trusted and supported themes and plugins Do NOT use a theme or plugin • That has not been updated in more than a year • No one is responding in the support forums • If it shows that it does not work in the current version of core @Michele_Butcher
Start Making Backups • Backup Buddy • BackWPUp • VaultPress (Jetpack) • Check with your hosting company to see if they do backups as well • iThemes Security (free and Pro) will do database backups @Michele_Butcher
Speaking of backups… Save them somewhere other than your server. Most have options to send them to an Amazon S3 account, Dropbox, email, or download to your machine. @Michele_Butcher
Lastly, be active with your site. You know your site best. If something does not feel right, look into it. Also, do not ignore your website. No one likes a zombie website. @Michele_Butcher
Thank you! Michele Butcher http://CantSpeakGeek.com https:WPSecurityLock.com @Michele_Butcher Slides can be found at: http://mlb.pw/WCSD2015 @Michele_Butcher
michelebutcher
hirokiotsuka
carta_engineering
line_developers
odasho
makamaka
takahashikazutaro
yayoi_dd
kentosuzuki
xibuka
uzulla
onk
sat
keathley
zakiwarfel
jakevdp
bcantrill
yeseniaperezcruz
roundedbygravity
morganepeng
jmmastey
orderedlist
colly
swwweet
chrislema