Budget WordPress websites, what could go wrong?
Back Posted on 14 Apr 2016
3 things you need to recover from from a website hack
- recent backups of your website database and files
- control panel access and passwords if you manage your own hosting and domain
- a reliable web developer
Recovery from a website hack will be faster and less stressful if you have these available.
One of the dangers of working from home is people know they can reach you whenever they need.
Even so when the phone rang at 10pm one evening I wasn't expecting a business call. Especially not from an acquaintance who hadn't been in touch for years.
Being so late I knew immediately this wasn't going to be good news. And as the story unfolded suspicions were confirmed.
Like many small businesses this client doesn't have a huge marketing budget and the promise of a WordPress website for a few hundred bucks was too attractive an offer to pass up.
But the risks associated with choosing an inexperienced web designer soon became apparent.
The website was hacked.
I started outlining the process to clean up and recover after an intrusion but was cut short.
There was nothing left to clean.
Instead of isolating and fixing the problem the designer panicked and deleted the entire website.
Files, database, the lot, gone.
Then the web designer went to ground.
Fortunately my client kept a comprehensive email archive and found the control panel passwords among them.
He also used his own hosting provider who managed to locate an old database backup.
This gave us some of the website text but no code to display it on a website.
So a plan was hatched. The goal; to put a new website in place in under a week, on a secure platform using the original content and an updated graphic look. And make it mobile friendly. And keep costs manageable.
This is what we did:
- Restore the database and hook it up to a free WordPress theme. This got website running again in a basic format so customers could access contact details and support information
- Select a framework to replace WordPress that is statistically more secure than WordPress . We chose MODX
- Create a new graphic look and add the recovered text content along with sourcing new images to replace those that were lost
The new website went live within the week. We even found time to update the content so that it focused more on helping customers. And the images were free.
This was an enjoyable project to be involved in. The sense of urgency ensured it kept good pace and it's always nice to be able to help when someone has been let down.
A note about WordPress
As the title says the hacked website was built on WordPress . And since the original web designer deleted everything there was no opportunity to identify the source of the issue.
It could have been a poorly written or unpatched WordPress plugin, a compromise on another website on the same server or even a malicious user gaining access to the hosting control panel.
WordPress itself was not the issue. Poor configuration, maintenance and understanding of the platform led to the website being hacked.
Take aways
- Think carefully before buying a website based on price alone. The risk of down time will outweigh the potential saving in the longer term
- Always ask for a copy of all your onlines and offline assets when your website is ready to launch. All website files, database, logos, fonts and photos should be included
- Make sure regular file and database backups are taken and store them yourself. Don't rely on others to keep them for you
- Make sure your website software and plugins are updated regularly
- Use a password manager so you always know where your login details are
Useful resources
If your WordPress website has been hacked the recovery process is described in the official documentation: Help, my WordPress website was hacked.