This guide explains exactly what to do when our scanner has recently turned up security threats on your site or if you suspect your site has been hacked.
Review WordPress Security Best Practices
If you’re running a modest, personal site, you might want to first ensure you’re following best general security practices. This guide from the codex offers some solid tips.
Contact your host
Your host manages your server so the sooner they are aware the more actions they can take on their end to protect your site. In some cases, your host may be the one notifying you of the hack. In that case, work with them to get a list of hacked files and identify the hack. Getting access to server logs can help identify where the entry point might have been as well.
Update any out of date plugins or themes
Always running the latest versions of your plugins, themes, and WordPress itself, will go a long way in keeping your site safe and sound. At VaultPress, we highly recommend using something like Jetpack Manage to make this easier to take care of.
Remove unused plugins or themes
Even if a theme or plugin isn’t active on your site, the files for these extensions will remain on your server and can pose risks if they remain out of date or a threat is found. We highly recommend removing any unused plugins or themes as a result!
Make sure you are using the latest version of WordPress
In the same way using the latest version of plugins and themes gives you the best chance at site security, using the latest version of WordPress also will go a long way.
Reinstall WordPress core
VaultPress’ security scanner will catch any changes to WordPress core but, if you aren’t using a plan that includes our scanner, we recommend reinstalling your core files. You can do this by heading to Dashboard > Updates > Reinstall Now.
Reset all of your passwords related to your site
By resetting your passwords, you will help close down on any backdoor pathways a hacker might have. We recommend resetting passwords related to all aspects of your site from your email account to your hosting account to your site login. Ultimately, we recommend always using unique and complex passwords! Here are some tips for choosing a strong one.
Have questions? Feel free to reach out to support for more personalized assistance. We’re happy to help!