Let's Start,

Check the Severity of Attacks

The first step of the hacked WordPress website fix process, is to check to see if you can login to your WordPress admin panel.If you are unable to so, the severity is high and you may require professional help to save time and do a thorough cleanup. If you can still access the WordPress admin panel,you can move forward to the next step of the process. We recommend that you change your Wordpress website passwords before you start the clean-up.

Google Site Checker

With the help of Google's safe browsing technology, you can easily check whether a website is a potential danger to you as a user. Another option is Health check, available in the Google console through the “Health“ menu item . If Google has already identified a malicious program on the website you visit, you should have received a "This site may be hacked" warning that will disappear once the site is fixed

WordPress Scanning and Removal

There are various scanners on the web that can find and remove malware from a website. After the scan, you will get an overview of the problems encountered, such as possible spamming or unauthorized changes to the page. For WordPress users it is possible to apply plugins with useful features such as post list verification, last access and various security notifications. Hackers often hide their backdoor in themes and plugins in WordPress websites. You should look at your WordPress website and delete any inactive WordPress themes and plugins. You can learn more about the Wordpress Backdoor hack. Once you have deleted the plugins, you should rescan your WordPress website to get an updated list of issues. Our free and safe WordPress Scanner will provide the status of all of the core WordPress files to tell you where the hack may be occurring. Wordpress theme security is another important aspect of overall wordpress security. You must scan wordpress theme for malware in the first place.The most common places are WordPress themes and WordPress plugin directories, wp-content upload directories, wp-config.php, wp-includes directories, and .htaccess files. You should also run your website through a Theme Authenticity Checker, which is linked here. The theme authenticity checker will show a details button next to the theme with the reference to the infected file. It will also show you the malicious code that it found.

Restore your WordPress Website from Backup

If possible, you should restore your WordPress website to an earlier point, when it was not hacked. You can access the steps to backup and restore wordpress manually here. If you are able to restore your website, there's a good chance that you'll have your site back up and running soon.However, the downside can still be that you risk losing blog posts, new comments, etc.In this case, you still may want to manually remove the hack, depending on the length of the hack time and amount of content you have.

WordPress security plugin

There are several WordPress security plugins for protection against malware, Trojans, and rootkits. When talking about malware in WordPress, you should pay special attention.

Manual control

Another way to find and repair a hacked website is to manually review it. Files of the type .htaccess, .php and multimedia files are very popular among hackers. We advise searching for existing directories according to base64 encodings. These types of infected files can be easily identified. If you have found malware on a website, you will need to clean your computer of malicious programs and change their logins to access FTP. If the infected pages need to be cleaned or removed, the CMS must also be reinstalled. The new installation generally eliminates the main problems. However, while the above options can help you find malware and repair a hacked WordPress site, there is no guarantee of success. The constant evolution of cyber attacks makes the IT security landscape unstable. Read more about Wordpress malware removal steps here.

Update / Remove unused plugins and themes

You must update all plugins and themes. By the way, although you can have several plugins on your site and each one of them gives you different functionality, it does not make the same sense to have several themes installed. Delete all the themes you don't use and keep the active theme you are working with updated. This is how we can update themes, and plugins. To give you an overview of the process, we have divided it into a few short steps:

• Download the theme in its updated version.
• Unzip the file to access the updated theme.
• Activate maintenance mode.
• Connect with the hosting via FTP.
• Rename the theme folder with a typical name: themename-OLD.
• Upload the updated theme folder.
• Check the version of the active theme.
• Check that everything works correctly.
• Delete the old theme folder (themename-OLD).

Do a cleanup on your WordPress site and remove all unused plugins and themes. Hackers often search for outdated and disabled themes and plugins (even official WordPress plugins) and use them to gain access to your desktop or upload malicious files to your server. So one way to kind of help keep your site secures always update your plugins that way, you know hackers look for dormant plugins don't get updated in a while and they can sometimes hack into those. So by keeping your plugins updated that is one way to help protect yourself and then number Your themes you want to make sure that you don't have any extra theme files laying around in your file manager that you're not using. So it's a good idea to just delete out all the other themes because you can only use one theme at a time for your website anyways, so now these are all updated. It also helps keep your website a little bit faster because it removes, you know, all the files and stuff that could slow down your website. It's just extra space. It's taking up. So by deleting plugins that are inactive. You're also helping speed or website up a little bit. By removing plugins and themes that you stopped using (and probably forgot to update) a long time ago, you reduce risk and make your WordPress site a bit more secure.

Disable file editing

As you know, WordPress has a built-in file editor that allows you to edit PHP files. While this feature is very useful, it can also do a lot of damage. If the attacker gains access to your admin panel, the first thing they will look for is the File Editor. Some WordPress users prefer to completely disable this feature. It can be disabled by editing the wp-config.php file and including the following line of code: define( 'DISALLOW_FILE_EDIT', true ); That's all you have to do to disable file editing in WordPress. IMPORTANT: In case you want to re-enable this feature, use your hosting provider's FTP client or File Manager and remove this code from the wp-config.php file.

Replacing damaged or infected files

To remove malicious code from all infected files is only possible by replacing damaged files with new generic files. We are going to carry out the following actions in the following order, in an organized manner and without leaving any half-done steps so that no trace of the malware remains:

• Replace the website's WordPress files with the WordPress files downloaded directly from the official website
• Replace the folders of all the plugins with the files downloaded in .zip files from the WordPress repository
• Replace the theme files with the theme files downloaded from the official source.
• It is recommended, instead of replacing, deleting and pasting the new files to ensure proper cleaning.

Once this is done, it is possible that our website is already more or less secure and that we can access it in a normal way through the web browser. You must bear in mind that if you have made important modifications to the theme code or the plugin code in relation to the originals downloaded from official sources, you are going to lose them and you must do them again.

Reinstall everything

You will need to reinstall the plugins, themes, and WordPress itself after backing up everything. When you extract content from your wp-content folder, only use the image files that you have archived. It is too risky to download Java or PHP files because they can be compromised without your knowledge. Afterward, perform a full virus scan of your computer to make sure that there is nothing more to worry about.

Check User Permissions from WordPress Admin

Do your diligence on providing access to the correct users in your team for your WordPress website. You may check the users section of WordPress to limit the administrator access to your website.

Disable Cookies from WordPress Admin

You must ensure that the cookies are disabled moving forward to prevent further hacking. Once a user logins using the permissions, he or she will remain logged in until the cookies are invalid. You must first create a new set of secret keys. You need to generate a new security key. You must add this newly generated key to your wp-config.php file.

Download a new version of WordPress

It is essential to install a new version of WordPress to be sure to get off to a good start. You must also download the latest versions of your plugins, because the hacker may have introduced scripts into your plugins.

Rescan website

WP Hacked Help is the best way to rescan WordPress-based websites for malware, website blacklist, injected SPAM, defects, and malicious code online. In no time, we will scan and give results, whether your website is infected or not. It is one of the best scanners to discover malware, viruses or malicious code present in your theme, Wp core files, or plugins. Not only do we provide the best wordpress malware removal service, but it also provides experts advice to remove malware from your site without breaking your WordPress website plugins or themes.

Backup clean copies of website files

We are going to use FileZilla for this example. Once you cleaned your WordPress site from malware, follow these steps:

• Access FTP Accounts in your CPanel to find the credentials you need to configure FileZilla. If you forgot or didn't set your password, click Change account password to do so.
• Go to File -> Site Manager -> New Site . Fill in the hostname, username, and password fields with the information you collected earlier, but leave the rest of the settings as is. Once done, press Connect.
• Once a connection is successfully established, you can right-click on the public_html folder on your site to Download it .
• While you wait for your WordPress files to download, you can make a backup of your database through phpMyAdmin. Also, FileZilla will notify you once the file transfer is complete, so don't worry!

Change Your Passwords One More Time

You need to update your WordPress password, cPanel / FTP / MySQL password, and any other place that you might have used this password for maximum security. You must ensure that all users who have access to the website have also changed their passwords. We hope this guide helped you repair and fix your hacked WordPress site.