website hacked 3 steps disaster recovery plan

Website Hacked: 3 Steps Disaster Recovery Plan

Pia didn’t notice when they got their website hacked. Again. Just like it was hacked only 15 months ago.

First time when the site was hacked, Pia turned to Virtual Dream Team for help. Our web security expert cleaned the site and added additional layers of protection. In addition we performed all possible updates, and also changed all passwords with stronger ones.

Website Hacked (again). What went wrong?

And how could Pia possibly prevented their website from this disaster to happen again?

A hacked website means a hacked business. Here’s why:

  • You may lose all website data you had.
  • SEO rankings can be lost.
  • Your credibility in front of your clients will suffer.
  • You’ll put yourwebsite visitors at risk.

Truth is, more often than not we think of prevention when it is too late. Having a Disaster Recovery Plan for your website means you are one step ahead. And that plan can be the difference between getting your site clean, up and running within hours, or you ending up paying hundreds of dollars without a guaranteed outcome or even timeframe.

N.B. If at any point the post below becomes too-techy for you or you don’t to do the steps below yourself – get in touch, and we’ll run a free Health Check to evaluate your website performance and security.

Website Protection & Recovery in 5 Steps

Below is the Disaster Recovery Plan we crafted for Pia’s website. Feel free to use it as a base for your plan.

#1 Website Backup

Fastest way to recover a website is to have a reliable backup system. Depending on how often you add content to your website, select daily or monthly backups.

#2 Regular Updates

Updates are crucial for your website security. New versions add layers of protection by security patches.

What to update:

  • WordPress core must be the latest version. Prior to updating to newest version, check the plugins your website is using are compatible with it.
  • Keep all plugins up to date. If a plugin is not updated for 6+ months, consider replacing it with one that is regularly updated.
  • Theme update – be careful with this one. For safe theme update, ensure you have a “child” theme in place. Otherwise you might end up losing all customisations you had on your website.

In addition, backup your website before the updates. If anything goes wrong you can revert to that backup in no time.

#3 Security Monitoring

I will start with 2 obvious but rather neglected precautions:

  • Do NOT use “admin” as username. Same rule applies to the domain / company name or part of it.
  • Use strong passwords that contain: upper and lower case, number and special character. Use a secure password manager like LastPass, so that you don’t have to remember all your passwords.

Other good website security practices are:

  • Regularly review the website users and their roles. Remove unneeded user accounts  and downgrade role permissions where possible.
  • Delete any  unused themes and plugins.
  • Run monthly malware and vulnerability checks.
  • Install an audit plugin to monitor and record an audit trail of all changes throughout the site.

I can continue with the list, yet I will stop here because I want to keep this Disaster Recovery Plan quick and easy to action.

Following the above steps does not guarantee you’ll never have your website hacked. Maybe even the best web security expert cannot guarantee you that.

What I can guarantee though is if anything happens to your website, you will be able to get it up and running fast, keeping any type of loss at minimum.

In conclusion: Be proactive. Keep your website updated. Have a backup. It is that easy 😉

If you don’t have the time, the tools or the will to do all this by yourself, your Virtual Dream Team is here to help. Get your Free Website Health Check.