My Website has Been Hacked – Where’s that Website Disaster Recovery Plan?

To fail to plan is a plan to fail

Yes, we’ve all heard that expression before. And we probably chuckled and moved on.

Dilbert cartoon on disaster recovery plansBut if you don’t have a website disaster recovery plan you really are courting disaster. After all, they’re not difficult to come up with and creating one is just common sense.

Anything can cause your website to be damaged irreparably: a server melt-down, a database corruption and, of course, when it’s hacked.

Think of it this way: if your hosting provider suffered a catastrophic event, for example an earthquake or a tsunami, and was completely wiped out, or your site was taken over by hackers, how would you get people to see it?

Without a disaster recovery plan, you wouldn’t.

And think of the hundreds of hours of work you have put in to developing your website to where it is today – fancy having to re-do all that work..?

Probably not.

A disaster recovery plan outline

So let’s look at what you need to include in a disaster recovery plan.

The first point to keep in mind is that you need to plan broadly for 2 different scenarios:

  1. Your website has been hacked – it has a malware infection or hacker intrusion
  2. A natural disaster (e.g. your hosting provider has disappeared in an earthquake) that does not involve a malware infection or a hacker intrusion

Your plan will be a bit different for each, so let’s address the one that’s easiest to deal with first: the natural disaster.

A natural, catastrophic disaster happens

Here are the things you need to have in place to deal with this scenario:

1. Website backups:

Disks being backed up in a safeAbsolutely the first priority is to ensure you have a clean, recent backup of your entire website. This is the basis of all recovery plans.

This should be a full site backup (database and all site files) and it should not be stored on the server where your website sits.

I store website backups on Google Drive, Dropbox and my local offline storage – I do not leave them on the server where my website sits. Why?

Because:

  1. If the server melts down you won’t be able to get to your backup file
  2. If the backup files are on the server the hackers can hack them too

Full backups of your entire site should be set up to run on a schedule, automatically, at least once a week, and stored off line.

If you make any updates to your site (either to content or to the design and layout) between the scheduled backups then, of course, you should take a manual backup at the time.

Even if you make no changes to the site you still need to do the weekly backup in order to capture the latest software updates, because these are happening all the time.

An important point: you also need to check your website each and every day to make sure it’s in good condition. I’ll expand on this later.

2. Login credentials

You need a complete list of all the usernames and passwords associated with operating your website.

A login screenThis includes:

  1. The website admin logins for all users on the site
  2. The login details for your domain registrar (you may need to set your site up on new hosting, so the DNS details will need to be changed)
  3. The login details to your hosting provider control panel (remember that some hosting providers have different login details for billing)
  4. Your database username and password
  5. The login details for accessing the server via FTP so you can get at your site files
  6. The login details for all email accounts on the domain (account)

These can be stored anywhere, but I would recommend using a password manager. The reason for recommending a password manager is because, since you are using it regularly, the login details it holds will be up to date.

Of course, you can store these login details anywhere – on an Excel sheet for example. However, it will then be imperative that you keep that sheet up to date whenever any of your passwords change (and remember, some sites require that you change your password every so often).

However you store them, make sure you have them all, and that they are up to date, because you will need them to restore your site.

If you can quickly lay your hands on the latest clean backup of your website, and all the login details associated with operating it, you will be able to restore your site within an hour or two, either on your current hosting provider or another one if you need to move.

Your website has been hacked and contains malware

There are some extra things to do if your website has been hacked.

Firstly, though: I mentioned earlier that you need to check your website each and every day, and here’s why:

You need to know at the earliest possible moment if your website has been hacked.

If you don’t know the site has been hacked and you back up a hacked version then, when you come to restore the site, you will be restoring a hacked website.

That won’t help you, and the hackers will have a little smile to themselves.

So be sure to check your website each and every day.

Ok, so as far as preparing for the eventuality that your website is hacked you do, of course, need to take the same steps I referred to in preparing for a natural disaster.

In addition to those, though, there are some additional things you will need to do, once you’ve discovered the hack:

  1. Run scans on the computers of everyone who accesses the site to make sure no keyloggers have been installed. Doing this first is important because if an infected computer is used to carry out the following steps you risk re-infecting the site
  2. Restore the latest clean version of your website
  3. As soon as it’s up and running change every password that is associated with running the website – all those logins that I listed earlier (in Login Credentials above)
  4. In addition to those passwords, change the password on your computer and the computers of everybody who has a user account on the website
  5. Contact your hosting provider, explain that your site was hacked and ask if they can see from the server logs how the hackers accessed the site. Take any extra steps that are necessary based on the information they give. For example, if the hack was via a plugin you will at the very least need to update it, but you may need to remove it
  6. Go to Sucuri’s Site Check page, enter your site’s URL and scan the site for malware. If the site contains malware that means you have restored a hacked site. You can either try restoring an earlier backup or contact Sucuri and ask them remove the malware
  7. When the results are displayed scroll down a bit and check the Website Blacklist Status on the right
  8. If the site has no malware but is blacklisted you will need to contact whichever organisation has blacklisted it and ask for a reassessment. You could ask Sucuri to take care of this, but it is something you can do yourself as long as there’s no malware on the site

If you have easy and quick access to all the information you need to carry out those steps, then you will be well placed to deal with any disasters that befall your website.

In conclusion…

So to summarise, here’s what you need:

  1. A complete, up to date list of the usernames and passwords for all logins related to operating your website (see the list above)
  2. A current, clean backup of your website – a complete backup, including the database and all system files. If you have additional folders on the site containing downloads remember that those must be included
  3. The complete list of people who have access to the site, so you can make sure they check their computers for malware, and change their passwords
  4. Access to a site scanning service to check your site for malware once you have restored it

Having your website hacked is horrible. It makes you feel personally violated.

But if you have a plan that you can work through it will ease some of the stress and allow you to focus on cleaning everything up.

Remember that prevention is always better than cure, so you may want to go through some of the other articles on security to make sure you’re protecting yourself as best you can.

Is your WordPress website as secure as it could be? These are the products I use to secure my websites and recover in the event of a hack:

Cheers,

Martin Malden

Martin Malden
Owner – WP Security Basics

{ 2 comments… add one }
  • Matt Lin May 11, 2020, 10:16 pm

    Hi Martin,

    I am using a WordPress website at the moment, and I did update it to the latest version once the notification jumps out when I log in. And I also download the current and clean backup for my entire site. Did I miss something for my website, in your opinion?

    You are correct that having a plan beforehand does make it easier to recover, especially for people who generate passive income streams online. I cannot imagine what it would be like if my website gets hacked without understanding the way to restore it, so your article does educate me a lot.

    Cheers,
    Matt

    Reply
    • Martin May 12, 2020, 8:42 am

      Hi Matt,

      Having a clean backup is a key part of the recovery plan, but you also need to make sure your site cannot be hacked by the same hacker a second time – a re-infection.

      That’s why it’s just as important to have all those username and password details I listed above, and that you change the passwords on all those accounts.

      That won’t guarantee that you site won’t be hacked again (no site is ever 100% secure), but it greatly reduces the risk.

      Cheers,

      Martin.

      Reply

Leave a Comment