Fixing Your Hacked WordPress Site

When your WordPress site was hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn or other bad neighborhood websites, and worst lose your entire site data. You might check your site have any Common Signals That WordPress Site was Hacked and continue to read these step-by-step guide to resolve . In this article, we will show you how to fixing your hacked WordPress site.

Step 1: Identify the Hack

When dealing with a website hack, you need to keep calm and check your website have got any issue as in this article:

Then contact to your hosting company as steps below to fix your site (Don’t forget to change your passwords before you start the clean up and when you’re done cleaning all isses)

Step 2: Check with your hosting provider

Good hosting providers usually have experienced staff who deal with these kind of things on a daily basis, and their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.

If you are on shared hosting, the hack may have affected more than just your site. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc. And in some cases the host might clean up the hack for you.

Step 3: Restore from Backup

We recommend you to backup your website usually because if you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked

In worst case, if you don’t have any backup and you don’t want to lose the content, you can manually remove the hack.

Step 4: Malware Scanning and Removal

Look around your WordPress site and delete any inactive WordPress themes and plugins. This is where hackers hide their backdoor.

The common methods that used by hackers are always upload the backdoor (it is by passing normal authentication and gaining the ability to remotely access the server while remaining undetected). This allows them to regain access even after you find and remove the exploited plugin.

Once you have done that, now go ahead and scan your website for the hacks.

You can use these free plugins on your website: 6Scan Security, Wordfence Security, Theme Authenticity Checker, Timthumb Vulnerability Scanner, WP Antivirus Site Protection

These plugins could help you detect and fix security error related to malicious code.

Step 5: Check User Permissions

Look in the users section of WordPress to make sure only you and your trusted team members have administrator access to the site.

If you see a suspicious user there, then delete them.

Step 6: Change Your Secret Keys

If a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.

Step 7: Change Your Passwords AGAIN

You need to change your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used this password one more time, with a strong password.


We hope this article helped you understand how to fixing your hacked WordPress site.  If you have any further questions for us, don’t hesitate to put it up in the comments.
See you again in orther tutorials!

Leave a Reply

Your email address will not be published. Required fields are marked *