Hacked WordPress: Effective steps to recover your site

Every day there are more cyber attacks, which means that more than 800,000 people are victims of them every year. With so many cyber threats spreading across the web, there is a chance that one of them infiltrates your WordPress website.

However, you should not panic if your WordPress site has been hacked. In this article, we’ll go over 11 steps to recover your website and prevent future hacks.

Let’s start by clarifying if the problem is a WordPress hack.

Signs of a hacked WordPress website

It is not always easy to diagnose a hacked website. Check the following signs to understand if your site has been hacked:

• You can’t get into the WordPress admin panel.
• There is content and design that you have not uploaded.
• There is a sudden drop in traffic.
• The web page redirects users and sends spam emails.
• Browser block list warnings appear when visiting your WordPress website.
• Your WordPress files have disappeared.
• Server logs detect unusual activity and visits from unknown locations.
• A new member with administrator rights has been added without your consent.
• Your security plugin notifies you of a possible breach.

How to hack a WordPress site

Below are some of the most common cyberattacks that can take advantage of WordPress security vulnerabilities:

• rear doors: malware that bypasses authentication procedures to access core WordPress files.
• Brute force attacks: a hacking method that uses trial and error to guess login credentials.
• Cross Site Scripting (XSS): a code injection attack that executes malicious scripts in the code of a website.
• SQL injection attacks: a hacking method that involves the injection of code that targets vulnerable SQL requests.
• Malicious Redirects: a backdoor that redirects your website visitors to a suspicious website.
• Pharmaceutical Hacks: an SEO spam attack that infects your website with malicious content. As a result, your website will start to rank for these spammy keywords, damaging your brand reputation.
• Denial of Service (DoS): an attack designed to shut down a website or network by overwhelming the target system with requests.

Reasons why a WordPress site gets hacked

You may be wondering why your website has been hacked. Here are the top three reasons hackers might see your WordPress website as a prime target for their cyberattacks.

Insecure login credentials

The infected have weak passwords, such as “12345”, “picture1” and “password”. While a strong password does not guarantee immunity from hacking, strong login credentials add another layer of security to your website and personal information.

outdated software

Outdated core files, plugins, and WordPress themes are one of the most common causes of hacked websites. Keeping your WordPress installations up to date is essential, as software updates come with security patches that fix vulnerabilities from the previous version. Without updates, hackers can take advantage of those vulnerabilities to gain access to your WordPress site.

Poor website code

Low-quality WordPress plugins and themes often have poor code, which introduces vulnerabilities to your WordPress site. Therefore, we recommend that you purchase your themes and plugins from the official WordPress repository or from trusted marketplaces that offer regular updates and technical support.

11 solutions to fix a hacked WordPress website

After confirming that your WordPress site has been hacked, it’s time to fix the problem. In the next section, we will explain how to clean a hacked WordPress site in 11 easy steps.

1. Put WordPress in maintenance mode

If you still have access to your WordPress dashboard, put your website into maintenance mode immediately. Doing so will prevent visitors from opening your hacked WordPress site, protecting their personal information and device from whatever is attacking it. You will also preserve brand credibility by not allowing a hacked WordPress site to come to light.

users can activate maintenance mode through their hPanel control panel. They just have to navigate to Board in the section of wordpress of hPanel and click on the option maintenance mode.

2. Reset WordPress password

If hackers access your website, your login credentials will be compromised. Therefore, the best first step to fixing your hacked site is to reset your WordPress admin, FTP, database, and hosting account passwords.

Many password management tools, like , offer a generator that you can use to create strong passwords and keep them safe. The ideal password should be at least 16 characters long, including letters, numbers, and symbols.

We also recommend enabling two-factor authentication and limiting login attempts to add additional layers of protection to your WordPress login credentials.

3. Update WordPress

Before trying to fix your hacked website, it is best to update your old WordPress installations. This helps prevent hackers from exploiting site vulnerabilities to undo your fix, keeping your site safe after the hack.

Professional Tip

Check out our article on if you need help. We also recommend that you update your themes and plugins, as cyber-attacks often infiltrate WordPress through outdated plugins and theme files.

4. Disable plugins and themes

Deactivating your plugins and themes and then reactivating them one by one allows you to reduce infected installations. Once you discover the faulty installations, disable and remove them.

This would also be the perfect time to remove WordPress installations that are not being used on your website. Having unnecessary themes and plugins installed on your site can create hotspots for malware to carry out WordPress hacks, even if they are down.

Additionally, you should uninstall plugins and themes obtained outside of the official WordPress theme and plugin directories, as these types of software have a higher risk of carrying malicious code.

Here are the steps to deactivate a plugin:

1. go to Plugin -> Installed Plugins from your WP admin panel.
2. To deactivate a plugin, click the option Deactivate under the.

3. To disable multiple plugins at once, check the box next to the chosen ones and select Deactivate in the dropdown menu. click on Apply.

5. Reinstall WordPress

If none of the above steps work, your core WordPress files may be infected. In this case, you will have to reinstall the core files and start from scratch.

The easiest way to do this is through the WordPress admin panel. go to Desk -> updates and click the button Reinstall.

Before starting a new WordPress installation, make sure of your website. Avoid overwriting your old website backup version with the new one. Later you will be able to compare the hacked WordPress system files with the clean version to identify and remove suspicious files.

6. Remove new WordPress users with admin privileges

One of the most common signs of hacked WordPress sites is the appearance of new users with admin privileges. If you see any newly added administrator accounts that you or other website administrators don’t recognize, please delete them immediately.

7. Scan for malware

There are two ways to remove malware from hacked WordPress websites: manually or by using a malware removal plugin. We recommend opting for the latter, as performing the manual process incorrectly can make the situation worse.

Follow our article on how to use both methods. The article also highlights the best WordPress security plugins with malware removal features for you to consider.

8. Disable PHP execution

Hackers can create backdoors into WordPress sites by uploading files with malicious code to the folder Upload. Disabling PHP execution prevents them from executing those infected files.

First, and add the following code in it:

deny from all

Then upload the file .htaccess to the folder wp-content/uploads/ within your root directory, either or using a File Manager.

9. Clean WordPress Database

After cleaning your WordPress installations, the next step is to review your database logs. Delete any records containing malicious code and new records you don’t recognize to prevent hackers from creating backdoors via database injection.

Keep in mind that doing this process manually is risky and time consuming, especially if you have a lot of records. Also, the site could be irreparably damaged if you accidentally delete the wrong records.

For this reason, we recommend choosing one of the for this process.

10. Clean WordPress Sitemap

A sitemap is a blueprint that helps search engines find and crawl your website content. If it gets hacked, chances are your search engine rankings will drop. That’s why it’s worth regenerating a new sitemap when dealing with WordPress malware attacks.

The easiest way is by using a WordPress plugin. Then, submit the new sitemap to Google for crawling through the Google Search Console. Keep in mind that it can take up to two weeks for the search engine to crawl your web page.

11. Contact your hosting provider

If your website is running on shared hosting, there is a chance that the problem is coming from another site on the same web server. Contact your hosting provider to see if the security issues affect more than just your site.

At a minimum, your hosting company should be able to regain access to your WordPress site or provide web logs to help narrow down the timing of the breach.

A plays an important role in ensuring that a website’s performance and security are of the highest quality. If you think your current web host can’t mitigate WordPress hacker attacks, it’s time to find a new one.

Consider getting a , as it usually offers security measures specifically created to protect the site’s files and installations…