Incidents of hacking are on the rise, with some 30,000 sites daily being turned into hosts of spam email, malware, or other unsavory content. Several times a year, we receive a panicked call to clean out a hacked WordPress website.
It’s never fun for anyone involved, but we like putting clients at ease, and there are steps you can take to protect your site.
Hacked website woes
There are many detriments to having a hacked website, extending much further than the obvious security risks. Even a few days of leaving your site under a malicious party’s control can damage your search engine ranking badly.
Google will notice that your site is serving suspicious content and issue warnings to searchers. This is a surefire way to damage trust in your company, especially for first-time visitors. All of the unrelated content generated by the spammer will negatively affect your SEO and lower your search rankings for the terms you care about.
Most of the calls we get occur when a site crashes under the load of the spammer’s scripts. Consider how this runs against the spammer’s best interests — most commandeered sites will attempt to show no signs of being compromised.
Update frequently
The best way to protect your website is to frequently update WordPress and all plugins. Even disabled plugins can pose a security risk if they’re out-of-date.
Though updates generally come packed with security fixes, it’s possible that new features can break your intended user experience. Whenever you perform updates, it’s important to QA your site afterward. Go through every page and check for bugs. Make sure that contact forms are still working as intended. Reading patch notes before applying updates can help you figure out what you’re getting into. It never hurts to double-check everything’s working properly.
Keep regular backups
Sometimes, a fully up-to-date site can still be hacked. This is called a zero-day exploit. In this case, having a backup of your website is key. With a backup, you can easily restore your site to its clean state and apply whatever fixes are recommended for the exploit.
When backing up, make sure to get copies of both your files and your database. Keep them in a location separate from your website — you don’t want your only backup to be removed by the hacker!
Need help?
If this seems like too much to worry about, never fear! Treefrog offers a site maintenance plan. It includes quarterly offsite backups, updates, and corresponding QA. Interested in protecting your site? Shoot us a line.
Let Us Help