Recently, we were approached by an organization that had their website hacked. A few years ago, this organization hired a small web developer related to one of the principals to make their website. To make things easy and cheap, it was done with a WordPress theme and they were given limited administrative access to make their own changes. Major changes were left to the web developer. To reduce ongoing costs, a discount hosting company was enlisted to keep the monthly fees low.
Everything went along fine for a couple of years until a security hole was exploited by a random hacking attempt. Unfortunately, WordPress is susceptible to hacking attempts due to its global popularity. It is particularly susceptible if the software is not updated on a regular basis. The helpful web developer from a few years back had gone on to do other things, bought a different computer and had lost the administrative access to the WordPress install. They had not updated the software. Also, they did not have a backup of the original website to restore it back to its original appearance. It was a disaster and no one knew how to fix it.
And so, we were called in on the job. The first thing we did was establish control over the domain name. Depending on the registrar and the current owner, this can be very difficult and require the assistance of a Notary. Usually we can figure it out with a few emails and some time spent on the phone. In this case, it was only a few days and we were able to construct a temporary placeholder page and direct the domain name to point at it while we made sense of the hacked website.
We salvaged what content we could from the wreck of the existing website, did a fresh install of the software on our server and recreated the original website. All this took several thousands of dollars, cost that could have been avoided if a reputable company was hired in the first place.
Bottom Line: beware of the easy and cheap solutions – they often become complicated and expensive.