It is a great monday morning, not just because it is the first working day of the week, but also the first day of a new month. You are rushing out just so you could beat the traffic and get to the office early enough for the Skype meeting with your UK clients. You had a great weekend and silenlty wishing 2 more days could be added to the weekend because you can still take Saturday's barbecue somewhere in your sub-conscious (lol).

Your phone rings, it's Chinedu Abdullahi, your colleague, a hardcore JAVA programmer. Expecting that he is only calling to wish you a new month, but he has another news, a not-too-good one.

"Hello my padi, how far? Shebi na you do that Joomla site for that Abia state senator? What of that wordpress blog for that Comedian? Na you build that church Drupal site too, bah? The ecommerce platform wey dey hot for Naija so wey them use Magento build, shebi na You?

Bros, no vex ehn, they've all been hacked by a german hacker overnight.

Even the JAVA project wey we do for that south-south state too, everything don go!"

You dropped the phone in shock, you wanna slump. Prah!!!! YOU HAVE BEEN HACKED!.

I've been there, it is better called the "Moku, Mogbe, Modaran" moment! Though not as bad as I have stated above, but like the americans do say "Shit Happens"! I just want to share with you, from experience, the steps I think you need to follow after you have been hacked. Even if it is your Facebook or Yahoo account that has been hacked, same naa ni!

Action 1: TAKE A DEEP BREATH, LIFE AIN'T OVER YET!:

When you notice you have been hacked, don't panic, don't slump, just get a sit, and plan a recovery from the attack. Remember that popular C.Ronaldo freekick posture? Yes, That is what you need. Don't rush, crying cannot solve a thing in this hood, only thinking and proper action does, and so you need your mental faculty to be 100% active. GET SETTLED!

Action 2: REPLACE YOUR SITE WITH A COVER-UP PAGE:

You don't want your client to notice their site has been hacked, you want to manage this issue as best as possible. As a developer, you should always have a "Under Construction" template somewhere in your archive. Quickly pull down what you have left of your site and replace the home page with an "Under Construction" Template.

Action 3: FISH OUT THE COMPROMISED "FILES":

When you are robbed, you will want to know which Lock or window gave access to the burglar, same goes for the web: download all your files and database, scan through everything, check what is different from the backup copy you have on your local hard drive (if you don't have a backup, please start crying already, lol). Go through your server log, a precious hint can hide somewhere in there. Once you can fish out the correct files, dont just replace them, Fix them permanently. Check with your webhost to be sure there are no backdoors on their server. Find other sites that are hosted on the same server and see if they suffer from same. Remember, google is always your friend. .

Action 4: CHECK FOR NEW SECURITY FIXES AND UPDATE:

From Wordpress to Joomla, from Opencart to CSCart, there is always a security and/or bug fix every once in a while, check to be sure that your site software version is not months or even years behind the latest fix. Update all plugins and extensions.

Action 5: TRY TO HACK YOURSELF AFRESH:

This is probably the most interesting part. Now that you have been able to do a little bit of damage repair, think like a villian and try to damage everything again.

ACTION 6: FIX, FIX, FIX!!!:

If you still notice loopholes, fix them. Call on your developer friends to help you with it, especially those ethical hackers that you know, you can even pay them to do that. Quickly google the security threats of the application you're using and see the best ways to fix them.

ACTION 7: GET BACK TO NORMALCY:

Now you can upload everything back and expect little or no more headache.

I know all I have said is actually easier said than done, but all the same, it has to be done. I have tried as much as possible to rid this article of technical web development and programming jargons, so as not to bore non-programmers.

Are there things I have missed? Is there a point you like? Is there something wrong with the article, please feel free to share in the comment box below.

You can tweet at me @HisRoyalWebness, Like my Facebook page (http://www.facebook.com/HisRoyalWebness), or better still, add me up on BBM: 764D3767.

Nice share...

Nice post.. My experience... I use wordpress

Visited my blog one day and just like play like play... It refused to load.... Fine no time to panic...

1) typed my URL in Google... Result was "sitename hacked by Niger delta bla bla"
I was like "what the Bleep?" My naija people do this to me? Okay

2) entered my control panel then checked my database and found a user that I don't have there before. I only have two registered users and I own both usernames so where does the third man come from? I deleted the muthafucka user name from my database.

3) Tried loading my site.. No reaction.. Then I paid attention to the sites being loaded in the bar below my browser and found 4shared being loaded. 4gini? On my blog?

That was when I realised this one na real hack. No be just username being compromised. My site is being redirected somewhere else. Fine.

4) Checked my hard drive and found an old backup... But it was a few months old...

5) logged in thru FTP to my site and downloaded the latest backup on my server ( I use a plugin "wp backup" for automatic backup on a daily or weekly basis.

6) back to control panel to delete all database and files then upload new ones from the backup

7) prevention of future occurrence: hardened my wp installation and prevent scripts from running in my uploads folder ( Google is your friend)

finally... Installed a plugin to ban you after two failed login attempts and also ban any IP that ain't referred by some website and certain countries IP.

Sorry for the formatting am on mobile still lying on bed feeling lazy.. ( its good to run your own biz and super good to have people do the hard part

@realugee, thanks. @sunnedee, that is good to know. WP-Security is a good wordpress securiyy plugin, JHackGuard is another good one for Joomla. As webmasters and programmers, we can't afford to play down on site security.

HisRoyalWebness: @realugee, thanks. @sunnedee, that is good to know. WP-Security is a good wordpress securiyy plugin, JHackGuard is another good one for Joomla. As webmasters and programmers, we can't afford to play down on site security.

One of my sites using WP Security was hacked.. Since then I haven't been using it.

Great write up.

HisRoyalWebness: @realugee, thanks. @sunnedee, that is good to know. WP-Security is a good wordpress securiyy plugin, JHackGuard is another good one for Joomla. As webmasters and programmers, we can't afford to play down on site security.

abeg, all those plugins, na free??

@Chrylich. Yes

Nice post.

There's this cron job I constantly run on websites managed by me. It notifies me everytime a file/folder gets modified.

HisRoyalWebness: @Chrylich. Yes

Oh! Ok..

HisRoyalWebness, can i mail you??

Yes pls, use the contact form on www.hisroyalwebness.com

Hmm...*Yawns*...to those relying heavily on open source CMS there is no amount of protection that can save you, there is always a backdoor to any website, and I repeat it again THERE IS ALWAYS A BACK DOOR. Its worse if you build your fortune on CMS especially the wordpress and co. Even almight google have close to 500hackers on standby should anything happen. You are however still at low risk if your site is custom built but you can still be hacked too. Even Nairaland is not immune

@cbrass. The goal is not to say CMS are more secured or prone to attack. Just about any site can be hacked, but when it happens, you don't want to be caught without a backup plan.

HisRoyalWebness: @cbrass. The goal is not to say CMS are more secured or prone to attack. Just about any site can be hacked, but when it happens, you don't want to be caught without a backup plan.

alryt bro

Chrylich:

abeg, all those plugins, na free??

Yes. Go to WordPress.org/plugins and search

cbrass: Hmm...*Yawns*...to those relying heavily on open source CMS there is no amount of protection that can save you, there is always a backdoor to any website, and I repeat it again THERE IS ALWAYS A BACK DOOR. Its worse if you build your fortune on CMS especially the wordpress and co. Even almight google have close to 500hackers on standby should anything happen. You are however still at low risk if your site is custom built but you can still be hacked too. Even Nairaland is not immune

You are quite right bro. If a hacker decides to hack you... Unless you are a good hacker yourself there is no stopping it.

But the aim of these security measures is to prevent random hacks or those automated hacks

Slyr0x: Nice post.

There's this cron job I constantly run on websites managed by me. It notifies me everytime a file/folder gets modified.

Yes. Some security plugins have this feature but I disabled it cos it can flood your inbox with unnecessary alerts e.g. if you are using a cache plugin.

Thanks Hats. You all have made mine day.