How to Fixing Your Hacked WordPress Site
Have you noticed something unusual on your WordPress site? Is your WordPress site got hacked?
If you are wondering why your site is looking different or behaving unusually, it may be because your site got hacked. Don’t panic; You have to keep calm to fix your WordPress site.
In this post, we’ll explain How to Fixing Your Hacked WordPress Site and infected with malware?
Why did your site get hacked?
WordPress is the most used CMS globally and powers over 40% of all websites. Because of its popularity, it frequently became a target of hackers.
When your WordPress site gets hacked, you can lose your SEO rankings, expose your readers to viruses, and, worst, lose your entire site data. In order to fix this issue, you can follow the steps stated below:
Put Your Site in Maintenance Mode
At first, You can hide your WordPress site from the general public until you fix the hack.
In case, You don’t want visitors to find your site in its hacked state, and you also don’t want them to see it while you’re fixing it. So put it into maintenance mode.
There are plugins that allow you to put your site into maintenance mode, like SeedProd.
The site will look as if it’s experiencing scheduled maintenance instead of being fixed after a hack.
If you do not feel like doing it, you can skip this.
Create a backup (Recommended)
We advise you to create a full site backup before making any changes if you don’t have a recent backup of your site. So that you can have access to all your files and content if something goes wrong.
Take Professional help.
Safety is a serious matter; if you face a serious hack and you are not comfortable dealing with codes and servers, you can take professional help.
Hackers are very smart. They hide their scripts in different locations on your site so that they can use them to come back again and again.
Although we will discuss how to fix it, you can use professional help to get rid of it easily.
You can use Sucuri, which is a cloud-based paid service for website security and performance. Its Security experts will fix the hack for you.
If you don’t like to feel like spending money, you can move ahead.
Follow the steps to fix your hacked WordPress site manually.
Step 1. Identify the Hack
First of all, keep calm and note down what you observe about the hack.
Here’s is a good checklist you can follow:
some signs that your site is hacked:
- Are you able to log in to your site?
- Is your site looking different without changing anything? For example, the homepage is replaced with any other static page or new content added to it.
- Is your site redirecting to any other site?
- Are you or your users noticing a warning in your browser When you try to access your site?
- When you search for your website, Is Google giving an alert that the site may have been hacked?
- You have received an alarm from your security plugin of a violation or an unexpected change.
- Your hosting provider has warned you about unusual activity on your account.
If you notice anything like this, It will help you to talk with your hosting company.
Step 2. Change your password
It is important to change your passwords before you start the clean-up steps. You will also have to change your passwords after fixing the hack.
Step 3. Contact your Hosting Company
Many hosting providers are generous, and they can help to bring you out of this situation. They have experienced staff who can handle these hacks. They can guide you better with detailed instructions.
Sometimes the hack may have affected other sites, too, especially if you use shared hosting. Then, your hosting provider may be able to give you additional details about the hack, like how it originated, where the backdoor is, etc.
There is a possibility that your host will resolve the hack for you.
Step 4. Restore from Backup
If you recently backup your WordPress site before the hack, it will be good to restore from the point when the site was safe. If you can do this, then you’re lucky enough.
However, if you have a daily content blog, you may risk losing blog posts, new comments, etc. In that case, look at the pros and cons.
In case you don’t have a backup and you don’t want to lose the content, then you have to remove the hack manually.
Step 5. Malware Scanning and Removal
In most cases, the hackers hide the backdoor in the plugins or theme files.
A backdoor is a method of avoiding login formalities and gaining access to the site/server while remaining undetected.
Visit your WordPress site and delete any inactive WordPress plugins and themes.
Then you have to install the free plugins on your websites like Sucuri WordPress Auditing and Theme Authenticity Checker (TAC) and set them up on your site.
The Sucuri scanner will show you the integrity status of your core WordPress files. It will tell you where the hack is actually hiding.
Usually, the common places are themes and plugin directories, wp-config.php, wp-includes directory, uploads directory, and .htaccess file.
Then, run the Theme Authenticity Checker, and this will show your results like this:
If the theme authenticity checker finds any doubtful or malicious code in your themes, it will display a details button next to the theme regarding the theme file that is infected. It will also detect the malicious code it found.
You have two options to fix the hack here. First, You can manually remove the code, and second, you can replace that file with the original file.
For example, if they changed your core WordPress files, then re-upload new WordPress files from a fresh download to override any affected files.
Similarly, do this with your theme files. Download a fresh copy of it and override the corrupted files with the new ones.
Note: Do this only if you did not make changes in your WordPress theme codes, or else you will lose those.
Repeat the step for any affected plugins too.
Step 6. Check for User Permissions
Navigate to the user’s section in your WordPress and make sure only you and your trusted team members have admin access to the site.
If you see any doubtful users there, go ahead and delete them.
Step 7. Change Your Passwords AGAIN
Now, you have already changed your password in step-1, but you have to change the password again.
Update your WordPress password everywhere if you used the same password on other places such as cPanel / FTP / MySQL password, etc.
We advise keeping a strong password for security purposes.
Secure your WordPress site for future
To better protect your site, you must follow the tips stated below.
- Use a Website Firewall and Monitoring System – Sucuri is a cloud-based paid service for website security and performance. They prevent the attacks before reaching your server and thoroughly monitor your site.
- Switch to Managed WordPress Hosting – The managed WordPress hosting companies make an effort to keep your site secure and analyze any unusual behavior on your account. They help you to get out of any issue while providing you with good hosting services. We recommend Hostkicker or WPEngine.
- Limit Login Attempts in WordPress – You must limit login attempts to secure your site from hackers. You must look at our tutorial on how to limit login attempts in WordPress.
- Keep Your Site Updated- It’s important to keep your site up to date. Keep your theme, plugins, or WordPress itself updated, as it will often include security patches.
- Don’t Install Insecure Plugins or Themes – while installing WordPress plugins or themes in the future, make sure they have been tested with your WordPress version and that you are downloading them from a secure site. Don’t buy them from third-party sites.
To Conclude- If your site is behaving unusually and is not under your control, probably your site got hacked. To fix this you can take professional help or follow the steps stated above. We hope this post helped you fix your hacked WordPress site.
If you are experiencing any other error on your site, you can fix it by following the steps told in our other article on what to do when you are logged out of the WordPress admin area.