Subscribe:   Posts   |   Email   |   Facebook   |   Twitter

Internet Marketing and Web Development in Higher Education and other tidbits…

Disaster Recovery Plan – To Have Something to Fall Back On When Hackers Strike

15 Aug 2014

written by Samuel Dawson

Disaster Recovery Plan – To Have Something to Fall Back On When Hackers Strike

You are trying to log in to your WordPress site and then a message pops up on your screen; “Danger, Malware ahead”, your screen goes white and your entire site has been filled up with errorful messages. Now, what would you do? Have you ever wondered how would you deal with it? You might break into cold sweat, press your panic buttons and find yourself scrambling  hard to get your WordPress site back up and running.

Being an owner of a WordPress site, taking preventive measures and improving your site is recommended, but it’s equally recommended that you are prepared against hackers by having a reliable disaster-recovery plan for your site. Having a disaster-recovery plan determines how quickly and seamlessly, you’ll be able to find your way out of this situation.

So, in this article, we’ll illustrate you all the steps you need to follow to fix up or cleaning your WordPress site.

1. Go for Asset Evaluation

The first thing you can do is to analyze which part is of utmost importance of your website. Of course, you’ll say, “My entire website is important”, but here we are talking about those assets which add success and value to your business. Here, the need is to think of all the crucial components of your website and then sort out those which are critical than the others. This way you can create an action plan as per the weight you’ve assigned to each component.

For example, if you are running an online shopping website that has custom themes and plug ins,  including a contact form that is not very much popular among your visitors. From the entire website, it’s the shopping cart from where you earn your revenue, since, your website is built to sell products. You can select this area first and start evaluating your asset.

2. To Whom You Can Ask for Help

Once you’re done with the asset evaluation process, you can now analyze whom you should contant to fix the situation. You can contact:

  • Your Web Hosting Provider

Almost every WordPress host provides a certain kind of security support. In many cases, they are the once who inform you that your site has been hacked and provide you with some diagnostic tools. Not only this, they can also offer you some useful services such as your website’s backup, plugins, security audits, early malware notifications and many more.

  • Your theme and Plugin Developers

For those who have used themes and plugins developed by third-party agents, it’s recommended to get a deal signed by them for providing support in case your themes and plug ins have been hacked.

3. Have a Disaster-recovery Plan

A disaster-recovery plan is a reliable tool that tells you not only how to recover your WordPress site but also steps to restore your site in its normal working status quickly.

The easy-to-implement plan includes:

  • Creating an investigation checklist
  • Listing down the disaster scenarios
  • Determining the recovery actions to be taken for each scenario

What You Need to Do in a Disaster-recovery Plan

1. Investigation Checklist

This is one of the most crucial steps to determine whether there is any security risk. And if there is one, of what kind it is. People normally go for checklist procedure when they or their uptime tracking services observes that the site is not working properly, so to make sure that if any genuine problem exists, it can be fixed quickly.

Points to remember:

  • The checklist only helps you to know whether any persistent issue exists in your website and needs mitigation immediately.
  • There are several components involved when we request for a page over a browser, and a large chunk of them are not in our control. So, you can’t take them all along.

Once you are done with your checklist, it’s time to move towards listing down the possible scenarios of web disasters and what course you can take to evade them.

2. Disaster Scenarios and Their Fixes

Scenario tells you what kind of disasters your website might be exposed to. Once you’ve determined this, you can take corrective measures as per the level of severity. And, the actions required to fix them.

Most Common Scenarios are:

  1. Hosting provider Service Goes Down – A website’s downtime can happen owing to a lot of reasons, but if, instead of lasting for a few minutes, it lasts for hours or days, it’s time to take good, hard look at the services being delivered to you by your web hosting provider.
  2. Your Site is Hacked- Now this is a pretty much unrecoverable disaster that requires a complete restore to get fixed up.
  3. If the WordPress Update Leads to Comaptibility Issues – This one occurs when you over-zealously install an update, without paying heed to the fact that your theme and plugins may toss compatibility issues at you. And if that indeed happens, you obviously would need to restore your website to its pre-update state.

Web security is a complex process. No matter whether you are a newbie or seasoned developer, it takes hours to find the right solution to restore the lost functionality of your website. So, it’s always good to be aware of the disasters and get yourself equipped with all the necessary tools to manage it and thus resurrect your hacked website.

As a mandatory step, you have to take the back up of your hacked website, and this can be done using the command

mysqldump -uMYWEB -pPASSWORD DB_NAME > /home/MYWEB/DB_NAME.sql

Then, take the backup of the SQL dump and also the folder where your website’s core files are  saved:

tar zcvf backup_hacked.tar.gz /home/MYWEB/DB_NAME.sql /home/MYWEB/public_html

If you know your way around the cPanel, taking the backup of your entire site should be a breeze. Or simply, seek help from someone who knows.

Make Sure That Your Website Your Search Engines Rankings Remain Unpeturbed

  • And here is when you need to place your website in the maintainence mode. Simple create a .maintenance file and add the following code to it: <? $upgrading = time(); ?>
  • Apache mod_rewrite wills erve the purpose even better and redirect all the requests being made to your custom HTML maintenance page. The “requests” involve the ones made by visitors as well as by search engine bots. To initiate it,  you will have to create a page by the name of maintenance.html. This page will then be uploaded on your theme’s root folder. Use this cpde for the purpose:

<title>Down For Maintenance</title>
     <style type=”text/css” media=”screen”>
          h1 { font-size: 55px; }
          body { text-align:center; font: 30px Helvetica, sans-serif; color: #255; }
     </style>

<h1>Website is under maintenance</h1>

     <p>Oops, Sorry! The website is being upgraded.</p>

Now, Create a file, maintenance.enable, in the same folder and add these lines to the .htaccess file:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123.56.89.12
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
RewriteCond %{DOCUMENT_ROOT}/maintenance.enable -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /maintenance.html [R=503,L]
ErrorDocument 503 /maintenance.html
Header Set Retry-After “14400”
Header Set Cache-Control “max-age=0, no-store”

Following that, you need to throughly scan your archives to find out if there are any records pertaining to the hacking attack. And onc the vulnearibilities are sorted out, you can breathe a sigh of relief. Yes, hacking of your website demands pressing the panic buttons. But, all is not lost.

The content of this post is licensed: The post is released under a Creative Commons by-nc-sa 3.0 license


About the author

Samuel Dawson

Samuel Dawson is a creative web design expert of HTML to Wordpress Conversion with vast experience in Research and development vertex of web technologies. He use to write different Markup conversion processes while working with Designs2HTML Ltd. and socialize it through social media platforms.

This post was written by Samuel Dawson


Proud Member of BlogHighEd University Web Developers eduStyle

© .eduGuru - Internet Marketing and Web Development in Higher Education and other tidbits…. Powered by Wordpress.