My Website has Been Hacked – Where’s that Website Disaster Recovery Plan?

To fail to plan is a plan to fail

Yes, we’ve all heard that expression before. And we probably chuckled and moved on.

Dilbert cartoon on disaster recovery plansBut if you don’t have a website disaster recovery plan you really are courting disaster. After all, they’re not difficult to come up with and creating one is just common sense.

Anything can cause your website to be damaged irreparably: a server melt-down, a database corruption and, of course, when it’s hacked.

Think of it this way: if your hosting provider suffered a catastrophic event, for example an earthquake or a tsunami, and was completely wiped out, or your site was taken over by hackers, how would you get people to see it?

Without a disaster recovery plan, you wouldn’t.

And think of the hundreds of hours of work you have put in to developing your website to where it is today – fancy having to re-do all that work..?

Probably not.

A disaster recovery plan outline

So let’s look at what you need to include in a disaster recovery plan.

The first point to keep in mind is that you need to plan broadly for 2 different scenarios:

  1. Your website has been hacked – it has a malware infection or hacker intrusion
  2. A natural disaster (e.g. your hosting provider has disappeared in an earthquake) that does not involve a malware infection or a hacker intrusion

Your plan will be a bit different for each, so let’s deal with the easy one first: the natural disaster.

A natural, catastrophic disaster happens

Here are the things you need to have in place to deal with this scenario:

1. Backups:

Disks being backed up in a safeAbsolutely the first priority is to ensure you have a clean, recent backup of your entire website. This is the basis of all recovery plans.

This should be a full site backup (database and all site files) and it should be stored anywhere except on the server where your website sits.

I store website backups on Google Drive, Dropbox and my local offline storage – I do not leave them on the server where my website sits. Why?

Because:

  1. If the server melts down you won’t be able to get to your backup file
  2. If the backup files are on the server the hackers can hack them too

Full backups of your entire site should be set up to run on a schedule, automatically, at least once a week. If you make any updates to your site (either to content or to the design and layout) between the scheduled backups then, of course, you should take a manual backup at the time.

Even if you make no changes to the site you still need to do the weekly backup in order to capture the latest software updates, because these are happening all the time.

An important point: you also need to check your website each and every day to make sure it’s in good condition. I’ll expand on this later.

2. Login credentials

A complete list of all the usernames and passwords associated with operating your website.

A login screenThis includes the admin logins for all users on the site, login details for your domain registrar (it’s always a good idea to get your domain and your hosting from different providers), login details to your hosting provider control panel (remember that some hosting providers have different login details for billing) and login details for accessing the server via FTP so you can get at your site files.

These can be stored anywhere (I would recommend using a password manager). However you store them make sure you have them all, because you will need them to restore your site.

If you can quickly lay your hands on the latest clean backup of your website, and all the login details associated with operating it, you will be able to restore your site within an hour or two, either on your current hosting provider or another one if you need to move.

Your website has been hacked and contains malware

There are some extra things to do if your website has been hacked.

Firstly, though: I mentioned earlier that you need to check your website each and every day, and here’s why:

You need to know at the earliest possible moment if your website has been hacked.

If you don’t know the site has been hacked and you back up a hacked version then, when you come to restore the site, you will be restoring a hacked website.

That won’t help you, and the hackers will have a little smile to themselves.

So be sure to check your website each and every day.

Ok, so as far as preparing for the eventuality that your website is hacked you do, of course, need to take the same steps I referred to earlier in preparing for a natural disaster.

In addition to those, though, there are some other things to do, once you’ve discovered the hack:

  1. Run scans on the computers of everyone who accesses the site to make sure no keyloggers have been installed. Doing this first is important because if an infected computer is used to carry out the following steps you risk re-infecting the site
  2. Restore the latest clean version of your website
  3. As soon as it’s up and running change every password that is associated with running the website – all those logins that I listed earlier
  4. In addition to those passwords, change the password on your computer and the computers of everybody who has a user account on the website
  5. Contact your hosting provider, explain that your site was hacked and ask if they can see from the server logs how the hackers accessed the site
  6. Go to Sucuri’s Site Check page, enter your site’s URL and scan the site for malware. If the site contains malware that means you have restored a hacked site. You can either try restoring an earlier backup or contact Sucuri and ask them remove the malware
  7. When the results are displayed scroll down a bit and check the Website Blacklist Status on the right
  8. If the site has no malware but is blacklisted you will need to contact whichever organisation has blacklisted it and ask for a reassessment. You could ask Sucuri to take care of this, but it is something you can do yourself as long as there’s no malware on the site

In conclusion…

Having your website hacked is horrible. It makes you feel personally violated.

But if you have a plan that you can work through it will ease some of the stress and allow you to focus on cleaning everything up.

Remember that prevention is always better than cure, so you may want to go through some of the other articles on security to make sure you’re protecting yourself as best you can.

Has your website been hacked? Do you have a disaster recovery plan? Let us know in the comments, and if I need to clarify anything let me know in the comments as well.

Is your WordPress website as secure as it could be? Take a look at the WordPress security products I have reviewed (I use all of them):

Cheers,

Martin Malden

Martin Malden
Owner – WP Security Basics

{ 0 comments… add one }

Leave a Comment