I’ve been hacked a couple of times and had about 3 client websites hacked in the past. Its the most frustrating and sickening tragedy and the last time it happened I vowed that it would never happen again. More than anything, when you realise your site has been hacked it’s the helplessness you feel. The panic is unbearable as you desperately try and get your site back. One site of mine was hacked so the homepage was just a black screen with text saying “YOU’VE BEEN HACKED”. It then had links to porn sites and the hacker’s facebook page!! The hacker was someone in Malaysia. I looked at his page and was so shocked to discover that there’s a whole community of them. I felt very naive! They hack sites and then share what they’ve done. I reported the facebook profile to Facebook but they didn’t care. I noticed a few comments on the hacker’s page from people asking why he’d hacked them! Thankfully this wasn’t a serious hack. Your hosting company will shut down your account if they detect any malicious files on your website. They do this to prevent any further damage and they will not allow your website back up until you have confirmed the site is safe. It was easy for me to repair this hack. I went straight into the c-panel and checked the files in the public folder. There I found a new index page that the hacker had managed to publish on my server. I deleted it and my site came back. I then noticed that some of the file permissions were set to 777, which mean read, write, executable. The hacker had been able to access the files because it was set to 777. (Read more about understanding file permissions here. ) I then changed the permissions and this kept future hackers away.
This website was hacked a few years ago. They didn’t put malicious files on they just hacked into my hosting and deleted my files! After that I moved my hosting to Cloud Next. I now pay every year for “Stop the Hacker” software and I install WordFence on all my WordPress Sites. I make sure that all my sites are kept up to date and I create very difficult passwords. I only give users 3 attempts to remember their password. If a hacker is trying to access the site they only have 3 attempts to get the password right and then they are blocked for 2 months. If they get the user name wrong first time they are blocked instantly. The only way a hacker is going to get into one of my sites is if someone gives them the login details!
Wordfence is by far the best security plugin you can have for your WordPress site. Without them I wouldn’t feel safe!