Portal Home > Knowledgebase > Website Hacked? > After the clean up. What to do after your site is fixed.

After the clean up. What to do after your site is fixed.

If you are reading this page then you are on your way to being proactive and actively taking steps to help reduce the risk of reinfection. While no-one can promise you the risk will ever be zero, we can work together to ensure that its as low as possible.

"Will this guarantee I won’t get reinfected? No, but you’ll make it so difficult that the probability of reinfection will be minimal."

1. Update your website(s)! If you are using WordPress, Joomla (or any other CMS), and it is not already using the stable current version, take a minute to update please. Why? Because out-of-date software is leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type.

2. Change your FTP, SFTP (or SSH) password. Choose a good and strong password.

3. Change your CPANEL / administrator password. Most people forget this, but its just as crucial a step. If you don’t have a CPANEL, we’re referring to the administrator account for your hosting provider.

4. Change your CMS administrator password. If you are using WordPress, Joomla, osCommerce or any CMS, change your administrator password. Take a minute to check and verify you know all the users in your panel.

Now is a good time to clean up accounts, so remove any users with admin access that are not necessary. This is also a good time to force password resets for all users.

Joomla users: http://docs.joomla.org/How_you_reset_an_administrator_password%3F 

WordPress users: http://codex.wordpress.org/Resetting_Your_Password Drupal users: http://drupal.org/node/44164

5. Change your database password. If you are using a CMS (WordPress, Joomla, etc…) change your database password. Please be sure to update your configuration file – Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If you’re not familiar with handling changes in your database and configuration files, contact your host.

*If you don’t know how to change your passwords (specified above), Send us a support ticket. Support Ticket

6. Run a virus scan on your personal desktop/laptop. In a lot of cases we see that websites are compromised via local environment (notebooks, desktops, etc..). Its why we always ask you take a minute to run an Anti-Virus product. If you’re OK with spending a little money, we recommend Kaspersky for Windows and MAC, and Sophos and F-Secure for Windows. You can also try Avast, MSE, Spybot that are free alternatives and very good. Here is the bottom-line, it doesn’t matter how many times your site gets cleared, if your desktop is not clean, your site can get reinfected quite easily.

7. Start doing backups of your site. After the site is clean and secure, a very good practice is to do daily backups. If you are using WordPress, check out BackupBuddy. For everyone else, a remote FTP backup service is recommended (CodeGuard or SiteVault are popular solutions).

8. Sucuri Security WordPress Plugin.  If you’re a Sucuri customer that uses WordPress, it’s in your interest to install this tool for a number of reasons. You can read details on the preventative steps offered in the plugin here:http://sucuri.net/services/preventive. Installation is easy: http://sucuri.net/wordpress-security-plugin-installation and most importantly, it’s free to all Sucuri customers :)

9. Clean your garage. Too often the issues we see plaguing our clients are caused by “soup kitchen” servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server.

10. Uptime monitoring. Simply login to your Client Area, then go to the Portal tab and then on to the link for Server Status. If you do not know which server you are on in your cluster reffer to your latest hosting email with all your login and server information. Also, If you need to check often if your sites are down, we recommend signing up for UpMonkey: http://upmonkey.net

11. Web Application Firewall (WAF) There is a growing number of software vulnerabilities affecting all platforms – WordPress, Joomla, Drupal, vBulletin and many more – trying to keep up with it can be very challenging. To address this we have build a new product, CloudProxy, designed to help virtually patch and harden all websites. You can get more information on the product here: Sucuri CloudProxy. This not included in your normal plans and is considered a preventive service.


Powered by WHMCompleteSolution