Let me give you a brief introduction of what happens to your WordPress website when you’re hacked. At this moment, I’m unable to show you any access to any hacked website because AWS has already blocked browser access to compromised sites, but I certainly can show you a little of what goes on within the terminal itself.
Hackers Add Unwanted Files Into Your Server Which Further Compromises Your System
As you can see, my personal project website was heavily compromised as hackers added a plethora of files into folders which serve PHP pages.
Within these pages, they added another layer of Javascript code that either point you to spam, phishing sites, or anything that they want:
So when your visitors enter your website, they could be redirected to other URLs or pages that benefit them instead of you. As you expect, this can be very damaging to your business.
Hackers Could View Passwords That Are Used In Your WordPress Setup
Remember that your WordPress typically requires a MySQL server as a database:
So if hackers can add files to your server, they most likely can read files from them too. The wp-config.php file would contain all these important details, and if you don’t use proper security protocols for your MySQL setup, your entire MySQL database could be compromised as well.
As you can see, this kind of issue can escalate into system-wide problems.
Compromised Systems Are Difficult To Troubleshoot
It is extremely difficult to eradicate such problems easily. It isn’t like your local machine where you can install antivirus software and have it clean your system. There isn’t an easy way to find out which files are culprits for propagating the problem, and even if you can remove them with your eyes, hackers find ways to embed hidden files into the system.
I have seen hackers masquerading scripts as image files.
How does a system get compromised? It could be anywhere from:
- WordPress themes or plugins that have innate vulnerabilities
- Not adhering to good security practices with passwords, user authentication, and authorization within your systems
In many cases, it is simply easier to delete everything, reinstall and restore the data back into its previous state. The damage can be widespread, and in worst-case scenarios, entire virtual machines or physical servers might have to be replaced.
In big corporations, the company employs security teams to prevent such cases from happening. However, most small business owners are unaware of such problems, and they can only appreciate security measures only if they are bitten.
Ignorance is certainly not bliss in this regard, and I would like to re-iterate 2 options for you if you have software or websites that you host:
- Get an expert and pay a periodic maintenance package that keeps your systems healthy
- Subscribe to software-as-a-service (SaaS) products
If you insist on doing it yourself, then make sure you’re properly equipped and skilled to do your own security measures. I’ve been doing software engineering for years, and I can safely say I’m average at best because this isn’t my focus area in terms of my expertise. It would be better to leave these matters to experts and focus on your business instead.
There Is A Silver Lining For WordPress Sites
WordPress is built from PHP, and PHP applications are very easy to restore because they are stateless. Stateless just means that PHP works by an engine that interprets code, and you don’t have to compile code for your websites or applications to work.
So if you have been backing up your data and files religiously, it is super easy to restore your WordPress sites into a previous working state.
Ensure that your maintenance plans include a backup for data and files, and you should be able to recover for a compromised system.
