WordPress users, listen up, Alison Gianotto has a few suggestions you should listen to (and maybe prepare for ahead of time) to do when your WordPress blog gets hacked.
It happens to most bloggers at some point your Wordpress blog gets pwned, and you're not sure where to even start. [...] This article will deal with how to restore your Wordpress install, and perhaps more importantly, where to look to try to determine the nature of the attack so that you can make sure it won't happen again.
She talks about what kind of impact a hack could entail - lost time spent restoring, site downtime, etc - and a few things you can do to help minimize these problems:
- Keep Wordpress and Plugins Up to Date
- Ask Your Web Host Where Your Log Files Live
- Backup, Backup and Backup again
- Early Detection Equals Better Reputation Damage Control
She also talks about what to do in the aftermath - finding out exactly what happened, disable all incoming traffic, check modifications dates and record the information. Only then should you restore from backups and keep an eye on the logs for anything suspicious.