There isn’t anything quite like getting an email from your website host telling you that your site is suspended because it’s sending out a zillion* spam emails a minute. My first reaction to that usually involves a battle of feeling hopeless and being frustrated that I just got handed anywhere from a few hours to a few days worth of work.
After the dismay and irritation subside, the facts remain that you need to take action. If you have listened to everyone and made sure you have backups, you are in luck. You won’t have as much work to do. Hopefully. However, if the local backups are infected, you might need to get the server backups.
Digging through logs to find when and where the injection occurred, is a good start. Then you can work backwards to find what allowed it access to your site. In WordPress, the most likely issue is an out of date plugin.
Plugins can make your WordPress site become a powerhouse, and some sites depend heavily on plugins to function. If you don’t keep up with your plugins, you can let in nefarious characters without even knowing it. Hackers can access your site, or worse…your server, and then use it to infect others, send out spam, etc.
The best way to keep your site secure is to make sure you keep up with the following:
- Keep your plugins and WordPress installations up to date by doing frequent updates
- Review your plugins to see if they are still maintained by the developers. Abandoned or neglected plugins will be a magnet for hackers
- If you have access to your server control panel, set up any security measures possible.
- Install a security plugin such as iThemes Security. By using available settings, you can hide the backed, make all files unwriteable, eliminate common openings used by hackers, etc.
If you aren’t sure how to do the outlined steps above, please feel free to contact us about doing it for you.
* ok, maybe that’s an exaggeration, but it might as well be accurate at that point.