Fixing hacked WordPress website is a stressful thing. Not to mention how serious the impact it has to your online business or readers. We have helped a lot of users fixing hacked WordPress website.
First and foremost, no matter which platform you’re using, WordPress, Drupal, Joomla, fully customized platform, etc, any website can be hacked.
When a website is hacked, it can affect the website’s search engine rankings, have your reputation tarnished due to some redirection of your website to porn site or other bad websites, and some of the worst case is losing the entire website data. Therefore, security for a website should be your top priority that you need to look into. That’s is also why that it’s important that you have a good WordPress hosting company, it will be even better if you can use a managed WordPress Hosting.
Now, let’s take a look at guide of fixing a hacked WordPress website.
Step 1 – Identify the Hack
When dealing with a hacked website, you’re under a lot of stress. Try to remain calm and write down everything that you know about the hack.
Here is a checklist for you to go through:
- Can you login to your WordPress admin dashboard?
- Is your WordPress website redirecting to another website?
- Does your WordPress website contain illegitimate links?
- Is Google marking your website insecure?
Write down the list as this will help you when you talk to your hosting provider or when you go down further to fix it yourself.
It’s also very important that you change your login password before you start cleaning up your website. You will need to change your password again after you have done cleaning your website.
Step 2 – Check with your Hosting Company
Most of the good hosting providers are helpful. They have experienced staff to deal with fixing hacked WordPress website on daily basis. They know their hosting environment and can guide you better when fixing the problem. So it’s good to start by getting in touch with your hosting provider.
Sometimes the hack may have affected more than just your website. especially if you website is on a shared hosting. Your hosting provider may also able to provide you additional information about the hack such as how it originated, where the backdoor is hiding, etc. We always suggest to use a dedicated hosting (non-shared hosting) if budget allows.
Step 3 – Restore from Backup
If you have backups for your website, then it may be best to restore from an earlier point when the website wasn’t hacked. This can save you a lot of times. However, if you have a blog with daily contents, or your website is an e-commerce website where there are constantly having new orders coming in, then you will be losing some data by restoring your hacked website from backup. Weigh the pros and cons before moving on with this option.
If you don’t have a backup or you don’t want to lose any data, then you will have to manually remove the hack.
Step 4 – Malware Scanning and Removal
Look at your WordPress website and remove any inactive WordPress themes and plugins. Don’t use any nulled plugins. More often than not, this is where hackers hide their backdoor to hack into your website.
Then scan your website with some for the hacks. You can install some free plugins on your website like Sucuri and Theme Authenticity Checker.
When you set these up, the Sucuri scanner will tell you the integrity status of all your core WordPress files. Means it will shows you where the hack is hiding. The most common places are themes and plugins directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.
Next run the Theme Authenticity Checker.
If theme authenticity checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.
You have two options for fixing the hack here. You can either manually remove the code, or you can replace that file with the original file.
For example, if they modified your core WordPress files, then re-upload brand new WordPress files from a fresh download or all WordPress files for that matter to override any affected files.
Same goes for your theme files. Download a fresh copy and override the corrupted files with the new ones. Remember do this only if you didn’t make changes in your WordPress theme codes otherwise you’ll lose those.
Repeat this step for any affected plugins as well.
You also want to make sure that your theme and plugin folder matches the original ones. Sometimes hackers add additional files that look like the plugin file name, and are easy to ignore such as: hell0.php, Adm1n.php etc.
There is a detailed guide on how to find a backdoor in WordPress and remove it.
Keep repeating this step until the hack is gone.
Step 5 – Check User Permissions
In your WordPress admin dashboard, look into the users section and make sure only you and trusted team members have administrator access to your website.
If there are any suspicious users, remove those users.
Step 6 – Change your Secret Keys
In newer version of WordPress, it generates a set of security keys which encrypts your password. If a user stole your password, and they are still logged into your website, then they will remain logged in because their cookies are still valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.
Step 7 – Change your Passwords
Even through you have changed your password in earlier stage. You will need to change it again.
Other than your WordPress login password, it’s better to also change your password for cPanel, FTP, database, hosting. Basically, you have to change anything that uses the same password.
It’s highly recommended to use a strong password and use a 2-factor verification login.
If you have a lot of users on your website, it’s best to force password reset for all of the users.
Hardening your WordPress Website Security
Even if you have a good security for your website, it’s good to have backup solution. If you don’t have one, get a daily backup for your website now.
Fixing hacked WordPress website can a headache. Therefore, it’s good to have a strong security on your WordPress website. Below are something that you can do to better protect your WordPress website:
- Setup a firewall and monitoring system – Sucuri is a powerful security plugin. In most cases, they block the attacks before it reaches your website.
- Switch to Managed WordPress Hosting – Most managed WordPress Hosting companies have extra features to keep your website secure. If your website is hosted with us, we do provide firewall and a defender plugin that can protect your website from being hacked.
- Disable theme and plugin editors – It’s best practise to disable file edit in WordPress. There are some plugins that can help to do this.
- Limit login attempts in WordPress – It’s important for you to limit login attempts to your WordPress admin dashboard. It means it will block the users from log in if they key in the wrong password for 3-5 times continuously.
Hope this guide will help in fixing hacked wordpress website.
Have a Professional to Do it for You
Security is very crucial for a website, especially a critical website that cannot afford to become offline. If you’re not comfortable or not familiar with dealing with codes and servers, it’s better to have a professional to do it for you.
The reason is that more often than not, hackers hide their codes in several locations, which allow them to come back again and again.
Although we have already shown you how to find and remove them in this articles, but it cannot fully cover all kind of ways of how a website is being hacked, especially the hacking techniques are also keep evolving.
