I never thought it would happen to me.
Our WordPress site was hacked last week and it was freakin’ annoying. Luckily, we were able to get everything back before any real harm was done and I learned a lot during the process.
Now, I’m here to pass this hard-won wisdom on to you.
Keep reading to learn the precautions that kept us (somewhat) safe, the warning signs you need to know, and how we got Slight North back after losing control.
The Warning Signs
I woke up on Friday and immediately jumped on Slight North for an unrelated reason. The page was agonizingly slow to load and I eventually gave up, thinking it was an issue with the internet in my room.
The site looked fine on desktop which gave me a false sense of security, but I quickly realized something was wrong.
I checked multiple sites like Down For Everyone or Just Me? and they all reported that Slight North was up and running fine. Finally, I tried a mobile site simulator and it showed that the mobile pages weren’t loading correctly for them either – the photos and formatting weren’t showing up at all.
However, my biggest clue was the inability to sign into my WordPress account.
Instead of logging in, it redirected me to a completely new URL and reported that the site took too long to respond. When I tried to change the password, WordPress reported that it had no record of my email or username.
That’s when I knew for sure that our site was hacked.
A completely accurate representation of our experience
Where to Find Help
I looked to a few different places for help after our WordPress site was hacked and some were better than others.
First, I chatted with my hosting platform but they didn’t see the problem. Before I realized I had been hacked they suggested turning off my theme (which didn’t help) and finally told me that they saw nothing wrong on their end and that was that.
Then, I tried emailing the customer support with my theme to see if they knew the problem but had to wait hours for an answer.
Finally, I made my way to the WordPress support forums. If you suspect you’ve been hacked, chances are that other WordPress sites have as well. I found the forums were active and people were reporting the exact same issues I had.
Multiple threads contained helpful advice including a link to the WordPress FAQ on what to do when you’re sites been hacked and free website scanners like Sucuri that can tell you if malware has been installed on your site.
How Our WordPress Site Was Hacked
From my limited understanding, the GDPR compliance plugin we used was compromised and a bot was able to get into our site through it.
They added themselves as a user, got admin privileges, and changed the username and password for our WordPress login so Daniel and I lost access.
Then, it seems the plan was to amass all the login credentials the bots stole and return to the sites to use the new usernames and passwords to get back in again.
How We Regained Control
Once I knew exactly what we were looking for (thanks to the helpful information on the WordPress forums), Daniel and I chatted with our hosting company again.
Basically, with their help we accessed the “behind the scenes” of our site through our cpanel, removed the new users (who were quite obvious with names like Troll and a string of numbers), uninstalled and reinstalled WordPress and finally changed all of our passwords.
As expected, we got two emails from WordFence (a protective plugin) the next day reporting that the users had comeback and tried twice to login again with their stolen info. Because we had acted fast and changed the passwords, though, they were locked out both times and gave up.
The Precautions That Helped Protect Slight North
After the mass hack, WordPress users were reporting that their sites were completely down and scanners were turning up malware on them.
Luckily, that wasn’t the case for us. Only our mobile version was down and every scan I ran on Slight North came up clean.
I think this was due to Daniel’s extra precautions.
First, I recommend paying for an SSL certificate. These can be bought and installed through your hosting company and cost around $10 per year. SSL is important because it not only protects your site but is also good for SEO.
If you don’t have one, Google will label your site as “not secure” in the top right side of the search bar every time someone clicks to it. Because we have it installed, you can see that Slight North gets a little locked picture instead. 🙂
Second, install the WordFence Plugin. The free version has a firewall, a “real-time threat defense feed” and more to keep you in the know when it comes to your site’s security.
Obviously, these two things didn’t keep us 100% safe but I think they both helped limit the damage.
I know this makes it sound like I was calm, cool and collected throughout the ordeal but I was anything but.
From waking up and being unable to access the mobile pages, to discovering that our WordPress site was hacked, to recovering everything was about ten hours. I felt so much uncertainty and anxiety and I wouldn’t wish that feeling on anyone.
A few years ago my mom’s WordPress site was hacked in the same way during the holidays. They lost a lot of revenue because it went down during the busiest season of the year, and afterward they switched to Squarespace.
I haven’t made a decision yet, but I’m exploring new options now too. I should probably fork out the money for the Premium version of the WordFence plugin as well…
Of course, I’m open to your suggestions! If you’ve been hacked before I would love hear your security recommendations and the steps you took to recover your site in the comments below.