There is no failsafe method of running a WordPress site. Even if you adopt the best security measures, your WP site can still suffer from infiltration. Though you cannot prevent such scenarios completely, you can always find ways to fix a hacked WordPress site with this step-by-step guide.

Step# 1: Identify

To begin with, look for these signs which can tell you, if your website has been hacked:

  • Your homepage has content or other elements that should not be there, or the page looks defaced.
  • Your site URL is being redirected to another web address.
  • When you are landing on a URL, the browser shows a warning stating a ‘security risk due to a malicious script running’.
  • You cannot receive or send emails using your WP mail server.
  • Your site analytics shows a sudden rise or fall in the traffic to your site/any page on the site.
  • You are constantly logged out of your WP admin account.
  • You discover spam accounts using your WP admin login.
  • There are unnecessary files and scripts appearing on your WP-content folder.
  • There are too many HTTP requests, making your website slow and unresponsive.

If you see any or all of the above scenarios, then it’s time to fix your hacked WP website right away.

Step # 2: Clean up

To clean up your hacked site, adopt the following measures:

  1. Discover which areas have been hacked. You can scan WordPress and look for any threats in the root folders or locate any malicious codes. Search engines like Google also have their own diagnostic tools (Google Transparency Report) which lets you check the security status of your site.
  2. If you have more than one website on the same server, then it is better to scan all the sites and diagnose possible infections if any. To prevent other sites from getting affected by the site that is hacked, it is essential to isolate your web accounts.
  3. Clean up manually or opt for any available WP Security solutions. To manually remove malware, you have to access the infected core files like wp-config.php, or wp-content folder, databases, and custom files. To prevent any recurrence of infections, you also need to remove the hidden backdoors.
  4. Restore your site data from a backup. A regular backup of your WP site helps with exact restoration. If you have partnered with a good WordPress hosting provider, you can benefit from daily automatic backups of all your website resources.
  5. Once you fix the hack, run an update and reset your WordPress configuration. Next, manually update the CMS version, plugins, extensions, etc.
  6. Don’t forget to change your login details and replace with a more secure password.
  7. Take preventive measures to protect your site from further risks of being hacked. You can use advanced security tools that can help you keep unwarranted access at bay.
  8. Assess your hosting environment and check for any vulnerability there. A secure hosting solution can prevent your WordPress site from being hacked.

Fixing a hacked site once will not keep your site safe forever. That is why as a website owner, you should make it a practice of regularly running security checks, automatic backups, and look for a safe hosting platform, so your business keeps running uninterruptedly.