What to Do When Your WordPress Site is Hacked

Finding out that your WordPress site is hacked can be devastating. You’ve spent a lot of time, effort, and energy into building up your site, only to find it defaced, taken down, or worse. You may have followed every step to prevent your site from becoming a hacker target and still got hacked. It happens far more often than you might think. The good news: you can recover. Try to stay calm so you can properly assess the situation and get your site cleaned and back online in no time.

Step 1. Check the Damage

A hacked website can mean a lot of different things. Record everything you can about the hack.

  • Can you still log into the backend of your site?
  • Is Google marking your site as insecure?
  • Is your website redirecting to another website?
  • Do you see any malicious content on your site that you don’t recognize?

Step 2. Local Clean Up and Password Reset

One of the ways you might have been compromised is through malware on your local environment, usually that means your personal computer. Make sure your local environment is clean and secure before making any major changes.

  • Scan your machine with a full anti-virus/malware program like Avast or Kaspersky to check for malware. Try to check with a new anti-malware program, as viruses can learn to evade the detection of your currently installed program.
  • Reset your password to something different at this point, regardless of whether or not you were locked out of your admin panel.
  • Change your passwords before clean up.
  • Make sure you have a backup copy of your site.

Step 3. Contact the Experts

Your website administrator or web developer should be the first expert you contact. If you don’t have someone you can call, your hosting provider is the second best option. Hosting providers deal with similar issues on a daily basis and, in the case of shared hosting, they might be able to narrow down the issue or take steps to prevent the issue from impacting other sites. Your hosting provider may also be able to provide you with a list of infected files as well as help guide you through the cleanup process. If you don’t have a clean backup, or you have content you don’t want to lose, you might want to try a manual clean up instead.

Step 4. Scanning Your Site

You may have been able to get a list of affected files through your hosting provider or through Google Webmaster Tools. In this case, you can go through the list of affected files and delete or replace them through your cPanel File Manager. Again, this may be too technical for some of our readers, contact your web developer if you need help, but at least be aware of this.

Step 5. Check User Permissions

Look in the Users section of WordPress and delete any suspicious users you don’t recognize.

Step 6. Reset Your Security Keys

WordPress Security Keys help encrypt information stored in a user’s cookies. This means if a hacker is still logged into your site, they will remain logged in unless you reset your secret keys and disable the cookies. Reset your secret keys to make sure a hacker does not have access to your site even after you’ve reset your password.

Step 7. Reset Password Again

You should reset your password again at this point. Be sure to update all of your passwords, from WordPress to cPanel to FTP and MySQL. Reset all of your passwords in order to make sure your site is secure.

You may have your website back at this point, but it’s always good to protect yourself as best as you can from future attacks. Make sure your website administrator keeps your security up to date and updates your WordPress core, theme, and plugins regularly. Consider switching to managed WordPress hosting to be extra secure. There is no way to guarantee you’ll be safe from hacker attacks, but by keeping everything up to date and performing routine backups, you can minimize the risk of getting hacked.

If you have any questions about site security or how to tackle updating and cleaning up your website, feel free to contact us.