When your website gets hacked, it immediately begins to affect your Google rank in search results. Hacks can happen any day, even with freshly updated WordPress files and plugins, and it only takes one day for Google to spot your malware and drop your site off the search results. Even with the best SEO services, a hacked website will lose rank and reputation fairly quickly. The following is an easy step-by-step tutorial for removing and preventing malware. After you have changed all log-in and password information for all website users and your server and host accounts, follow these directions:
1. Keep Your Site Updated
Keeping all your WordPress files and plug-ins updated will not fully prevent a hacker attack, but it will lessen the chances. However, an update will not remove already installed malware, it will just reduce the possibility of a successful intrusion attack for a short amount of time.
2. Keep Your Site Backed Up
Remember to back up your database too. While you can install a plug-in to do this for you, every plug-in leaves yet another door open for hackers. Simply back up your clean database and WordPress files every time you add new content. Make updating, cleaning, and backing up your site part of your weekly routine. An unattended website leaves a “we are not home” sign on your website’s doors.
3. Always Keep a Copy of Your Backup
Don’t just back up your site and files to your host server, download a clean backup file to your computer in a sandboxed file. Worst case scenario means you can simply dump your entire site and re-upload a clean file, sort of like erasing your hard drive and reinstalling the operating system will clean up deep malware issues.
4. Keep Copies of Everything
It will be difficult to recover some images and files if things go wrong. Keep a habit of keeping a record of everything you upload to your website. It will be easier to track down any lost or missing files with meticulous record keeping. If you did not create the original PHP, zip, or plug-in, remember to keep a list of where you got those files from and download a fresh copy, just in case any of your files have been compromised.
5. Delete Directory Files
Remember to delete host service directory files before uploading a new WordPress installation. If you don’t know how to do this, contact your host’s customer service and have them walk you through directory service file deletions. When you go to reinstall your WordPress program and then theme and plug-ins, and finally your files, you now have any hidden infected files.
6. Keep It Fresh
Remember to regularly update your WordPress version, install and design, and update or replace plugins. If your site has been hacked, it is a wise idea to find all new sources for theme and plug-in files to avoid accidentally using a theme or plug-in file that was secretly infected the last time. Also, if recovering from a full site wipe due to an infection, re-upload all your files fresh from your computer via the file transfer settings within your new copy of WordPress software.
7. Get Your Database Updated Too
Remember to further secure your website by regularly updating your WordPress files and serve files. Also, consider running your site with an SSL encryption.
8. Repair Collateral Damage
After you are sure that your site has a clean install and is free of malware then you can feel free to go back in and fix any formatting issues, posting issues, and damages to the files you reinstalled.
Lastly, remember that hacker attempts are more likely on certain host service companies. Usually the big name hosts are the first to get successfully hacked. If you have been hit, consider moving your site to another host service that has tighter security.