STEPS TO FIX YOUR HACKED WORDPRESS WEB SITE

There are several levels of severity of the hack and the checklist below can help you get started on identifying the extent of the issue. You may use our free customized WordPress site scanner to get a list of issues to resolve for your hacked site.

Step 1. Check the Severity of Attacks

The first step of the hacked WordPress website fix process, is to check to see if you can login to your WordPress admin panel.If you are unable to so, the severity is high and you may require professional help to save time and do a thorough cleanup. If you can still access the WordPress admin panel,you can move forward to the next step of the process.We recommend that you change your Wordpress website passwords before you start the clean-up.

Step 2. Restore your WordPress Website from Backup

If possible, you should restore your WordPress website to an earlier point, when it was not hacked. You can access the WordPress website restoration steps here. If you are able to restore your website, there's a good chance that you'll have your site back up and running soon.However, the downside can still be that you risk losing blog posts, new comments, etc.In this case, you still may want to manually remove the hack, depending on the length of the hack time and amount of content you have.

Step 3. WordPress Malware Scanning and Removal

Hackers often hide their backdoor in themes and plugins in WordPress websites. You should look at your WordPress website and delete any inactive WordPress themes and plugins. You can learn more about the "Backdoor method" here. Once you have deleted the plugins, you should rescan your WordPress website to get an updated list of issues. Our free and safe WordPress Scanner will provide the status of all of the core WordPress files to tell you where the hack may be occuring.

The most common places are WordPress themes and WordPress plugin directories, upload directories, wp-config.php, wp-includes directories, and .htaccess files. You should also run your website through a Theme Authenticity Checker, which is linked here. The theme authenticity checker will show a details button next to the theme with the reference to the infected file. It will also show you the malicious code that it found.
You have two options for fixing the hack here.

Option 1: You can either manually remove the code.

Re-upload the brand new WordPress files that are infected from a fresh download or all WordPress files to override any infected files.

Option 2: You can replace that file with the original file.

Download a new, fresh copy of the file and replace the infected or corrupted file with the newly downloaded copy.

Any of the affected plugins will require the same steps to clean up. You should, therefore, also repeat this process for the plugins.

It's also important to ensure that your theme and plugin folder names match the original ones. In many cases, hackers may add additional files that may appear to be plugin names, and are easy to ignore such as: hell0.php, Adm1n.php etc. Keep repeating this step until the file is clean.

Step 4. Check User Permissions from WordPress Admin

Do your diligence on providing access to the correct users in your team for your WordPress website. You may check the users section of WordPress to limit the administrator access to your website.

Step 5. Disable Cookies from WordPress Admin

You must ensure that the cookies are disabled moving forward to prevent further hacking. Once a user logins using the permissions, he or she will remain logged in until the cookies are invalid. You must first create a new set of secret keys. You need to generate a new security key. You must add this newly generated key to your wp-config.php file.

Step 6. Change Your Passwords One More Time

You need to update your WordPress password, cPanel / FTP / MySQL password, and any other place that you might have used this password for maximum security. You must ensure that all users who have access to the website have also changed their passwords.

We hope this guide helped you fix your hacked WordPress website.

WHAT DO WE SCAN AND WHY

  • We scan your WordPress website for penetration attacks from a 360 degree view, to ensure complete analysis of potential issues.
  • We check with well established blacklists to check if your WordPress website is listed.
  • Our deep scanner performs a through analysis to check for signs of infection.

WPHackedHelp has over 15 years of WordPress experience. Our goal is to be the best in WordPress cleanups. Hackers often leave back doors which most clean up services do not clean up. We take advantage of our experience to carefully analyze all of the files to make sure we catch every issue on your WordPress website.

Testimonials

Question and Comments

Our dedicated support staff is available 24/7 to answer your questions.

Contact Us

1-888-331-5797

Email Us

help@WPHackedHelp.com