For most of the part, WordPress is highly secure.
The chances of a well-maintained WordPress website being hacked are minimal, and that’s one of the reasons why 26% of the internet site around the world uses WordPress as their CMS.
But can we say WordPress is hack-proof?
Hell no. It can be hacked, and it happens loads of time.
Considering you’re reading this article, I assume you’re one of the victims, and your WordPress website has been hacked.
It is a stressful condition, but you need to be calm. Consolidate your mind that everything is alright and make yourself as relaxed as possible.
There are good chances that being in stress you will take some wrong decisions leading to more harm to your website.
Before we try to recover your website, let us make sure your site has been (actually) hacked.
How to Tell if Your Website is Hacked
If you nod for any of the situations below, then your site is hacked.
- Security Warnings – If you’re using any of the security plugins like Sucuri, then it’ll send a warning if it detects unusual activities. Most of the times, blog owners avoid these warning but you shouldn’t. If you see a warning, quickly evaluate it to check what’s causing the issues.
- Website Redirections – If your site is getting redirected to any other internet site (mostly porn, illegal contents, etc.) then you can be sure that someone has got unauthorized access to your WordPress site.
- Unable to Login – In certain situations, an attacker would steal your login information and change it. If suddenly out of nowhere you’re unable to login to your WordPress dashboard then it implies your website has been compromised.
- Taken Down by Host – Web hosts use algorithms to detect the unusual behavior of a site and is most likely to take your website down if anything suspicious occurs. However, a good host will inform you in advance and also help you get your site back.
- Other Signs – Few other possible signs of a site being hacked are –
- Google marking the site as insecure/compromised
- Security warnings from Browsers
- Strange links from your site pointing to non-desirable sites
- Sudden spike in traffic
- Displaying pop-ups that you didn’t implement
- If you’re observing one or more of the above situations, then it is time for you to be worried. You need to take quick actions before the situation gets worse.
Steps to Fix a Hacked WordPress Website
As stated before, the first thing to do is to calm down. Settle down and follow the below steps to repair a hacked WordPress site.
1. Talk to Your Web Hosting Company
Your very first bet is to speak to your web hosting company. A good web host takes the security of the client’s website as a priority and will most likely help you fix it.
They have experienced security experts who might have faced the exact situations before and will quickly take necessary actions.
Also, in a shared hosting environment, the host will be more interested in knowing what caused the hack. If the hack leads to the server, then all the website hosted on the server will be compromised.
Moreover, talking to your web host gives you a clearer idea of what needs to be done.
2. Change Your Security Password
A no-brainer. The very first thing you do when you’re suspicious about the hack is to change your WordPress login password.
Changing your password will restrict the hacker from further accessing your dashboard. While the changes won’t be recovered, it will save the site from getting more vulnerable.
3. Scan for Malware
If you’re on your own, then the next important thing to do is to scan your WordPress website for any possible malware.
There are many plugins available, but I recommend using Sucuri plugin. Here are the steps you need to follow to scan your site for malware using Sucuri –
- Login to your WordPress dashboard and install Secure Plugin (if not available)
- Go to Sucuri Security > Malware Scan
- Click on ‘Scan Website’ button
Once the scan completes, Sucuri will show a warning if it detects any active malware (as shown below.)
Image Source – Sucuri
Click on ‘Request Malware Cleanup’ button and follow the steps to remove common malware.
4. Replace Malicious Files
If you have found malicious files on your server, then the easiest way is to delete the compromised files and replace with the original ones.
For instance, you can do a fresh install of WordPress without affecting your site content. It will most likely replace all the core files (except the files in directory wp-content.)
Go to Dashboard > Updates and click on ‘Re-install Now’ button.
5. Restore from the Previous Backup
If for some reasons, reinstalling WordPress does not fix the malicious files, then you need to restore from a previous backup manually.
But for this to work, you need to have a backup file available. If you have used a WordPress backup plugin like Updraft Plus or Backup Buddy, then congratulate yourself.
You can easily restore your site from a point when it wasn’t hacked. Although it may erase some of the latest articles published, it will secure your website.
If you do not have a handy backup, then check if your web host has a policy to back up your site monthly/weekly (most of the good WordPress hosting providers like Godaddy does.)
6. Check User Accounts
Have a thorough look in your WordPress users section and identify if there’s anyone you didn’t add with administration access to your site. If there’s any such user account, then delete it right away.
Also, make sure to provide administrative access to only those whom you trust.
7. Change Your Password, Again!
I know you did this in the beginning, but I want you to do it again.
But this time, it’s not only your WordPress login password but overall modifications. You need to change the password of the following:
- WordPress Dashboard
- FTP Login
- CPanel Login
- Web Hosting Account
- Admin Email Address and
- Domain Registrar (if separate from web hosting)
It ensures and gives you a satisfaction of complete security for future.
8. Hire A Professional
While many prefer to do things on their own and save money, there are few not familiar with scripts, coding, and technical aspects.
For those, hiring a professional to recover a hacked website is the optimal solution. It may cost a bit higher, but it is a sure shot way to deal with a hacked site.
Also, hackers sometimes hide the malicious scripts in unusual ways which are hard to detect for plugins and regular users like us. These malicious scripts allow hackers to come back anytime and cause damage to your site.
A professional security guy will give you a peace of mind and often saves a lot of time.
Final Words
Precaution is better than the cure.
Don’t wait for your website to be hacked. Prioritize the security and install security plugins, take backups while you still can.
I hope this guide has helped you fix your hacked website. Share your thoughts in the comments section below.