Your eCommerce site has been hacked and you don’t know how to recover?
Your eCommerce site has been hacked and you do not know how to recover? With the massive growth in cyber-crime, it’s a sad fact that it’s highly likely to become a question of “when” rather than “if”. Discover in this article the action plan designed step by step, to recover your website from a hack, that SMEs can easily follow.
First of all, stay calm. You can recover. It’s important to remain calm because in times of stress like having your web site hacked people tend to do ill-advised things. There are stories of someone who “freaked out” that they thought their site was hacked and deleted everything on their server, only to realize that they also deleted all of their backups. Or the person who initialized an entire site wipe and reinstall of a brand new server, when it turned out they only needed to replace a semi-colon in one of their files.
Change all your passwords
Change all FTP passwords, email passwords and passwords for any administrative portion of your website. It is possible your password has been comprised or stolen from your computer. After changing your FTP password it is important that you do not save your password within your FTP software, web design software, or in email. In other words, write down your password on paper and do not save in your software (at least for the next couple of months).
Restore your eCommerce site from Backup
Sometimes it is too difficult to identify the malware of the malicious script, it becomes easier to simply restore you eCommerce site from a unaffected backup. This is where BackupBuddy comes to the rescue to make sure you are never far away from a recent backup.
Don’t forget that as soon as you restore an un-hacked backup, you need to make sure to update all plugins, themes, and WordPress core before continuing. You don’t want to restore a backup only to have it hacked 15 minutes later because you didn’t update a vulnerable plugin.
Apply the latest patches to your content management system
A content management system, like WordPress or Joomla, may have plugins or components which require periodic updates. Make sure to check and maintain the latest versions of plugins and components on a regular basis. You don’t want to restore a backup only to have it hacked 15 minutes later because you didn’t update a vulnerable plugin.
Make a New Backup
Now that you have a restored site with all of your fixes in place, it is now time to make a new fresh WordPress backup and take a much deserved break.
Once Site is Back to Functioning Correctly, Change Passwords Again
After you’ve done all the above tasks, don’t forget to change the passwords for your WordPress User accounts AGAIN just to verify that during your restoration and fixing period someone wasn’t able to gain access to an account to watch what you were attempting to fix.
Protect yourself against future attacks
Run regular scans on your perimeter servers to ensure that your systems are not vulnerable. Use these results to fix any flaws as quickly as possible, fixing the most high-severity vulnerabilities first and working down the list to the least severe vulnerabilities. Ensure your operating systems and any software are kept up to date.
So there are preventative steps and practical actions for SMEs to tackle the scourge of cyber- criminals. The advice is to not panic, but follow the steps to limit your exposure.
Engaged in IT security at the beginning of the Internet revolution, I’m acting as security consultant and security architect for accounts in banking and eCommerce.