When your WordPress site gets hacked, you are more likely to panic due to the risk of loss of data. Unfortunately, an estimated 2,200 cyberattacks happen every day, and over 800,000 people are targeted every year. As hackers are actively looking for their next target, your website can easily fall victim. In this article, we provide a quick guide on what to do if your website is hacked and restore it to full functionality.
A hacked website can be frustrating, especially because it happens when you least expect it. Although it is not easy to diagnose a hacked website, the following signs can be key indicators:
If you are dealing with a hacked WordPress site, the main goal is to recover and restore it to optimal operating conditions. Here is a simplified guide on how to fix a hacked WordPress site:
The first thing you need to do is to put your site in maintenance mode if you still have access to your WordPress dashboard. This will prevent visitors from opening your hacked WordPress site, ensuring that your personal information and device are safe from the attacker. This is also an effective way of preserving your brand’s credibility by not letting a hacked WordPress site go live.
Your login credentials will likely be compromised if hackers gain access to your website. Resetting your WordPress admin, database, FTP, and hosting account passwords is crucial to fixing a hacked website. With a password management tool, you can create a strong password while keeping it safe for retrieval.
Once you have regained access to your website and reset passwords, update your old WordPress installation before attempting to fix it. Updating all your installations helps in preventing hackers from exploiting your site’s vulnerabilities to undo your fix. Make sure you also update your themes and plugins to block out further cyber-attacks.
To narrow down infected installations, deactivate your plugins and themes. Then start reactivating them one by one, and if you discover any faulty installations, deactivate and delete them. At this step, also remove unused WordPress installations as they can create access points for malware to execute WordPress hacks.
If you cannot recover your WordPress site after following the previous steps, it may mean that your WordPress core files are infected. For this step, reinstall the core files and start fresh. Go to the WordPress admin dashboard, then updates, and click on the Reinstall button. Make sure to back up your website files first and avoid overwriting the old backup version with the new one.
The appearance of new users with admin privileges is one of the most common signs of a hacked website. If you notice newly added admin accounts that you don’t recognize, remove them immediately.
You can remove malware from hacked WordPress websites either manually or with a malware removal plugin. However, it is best to use a plugin as the manual process can worsen the situation if done incorrectly.
Sometimes, hackers upload a file with malicious code to your website to create backdoors. You can prevent them from executing those infected files by disabling PHP execution. To do this, create an .htaccess file and add the following code to it:
<Files *.php>
deny from all
</Files>
Upload the new .htaccess file to the wp-content/uploads/ folder in your root directory using a File Manager or by configuring an FTP client.
The next thing you need to do is to go through the records in the database. Here is how to clean a hacked WordPress site. Remove any records containing malicious code and new records you don’t recognize. This process is done manually, which is risky and time-consuming when you have to go through tons of records. If you accidentally delete the wrong records, the site might break beyond repair.
For websites that run on shared hosting, the security issue may come from another site on the same web server. By contacting your hosting provider, they can check whether the issues affect more than just your site. They can also help you recover access to your WordPress site or provide web logs to help narrow down the time of the breach.
Having your WordPress site hacked can be so frustrating. Although you can aim to mitigate the damage and take steps to recover your WordPress site, there are a lot of issues involved. By working with our experts at WP Depend, we will ensure your hacked website is fully recovered and restored to optimal performance. Contact us now for a detailed plan.
A seasoned technology writer and marketing consultant with over a decade of experience helping businesses grow online. I specialize in content marketing, SEO, web design, and e-commerce development. I am enthusiastic about using cutting-edge technology to acquire high-quality traffic, generate leads, and increase sales for my clients.
