There are several levels of severity of the hack and the checklist below can help you get started on identifying the extent of the issue. You may use our free customized wordpress site scanner to get a list of issues to resolve for your hacked site.
The first step of the hacked Wordpress website fix process, is to check to see if you can login to your WordPress admin panel.If you are unable to so, the severity is high and you may require professional help to save time and do a thorough cleanup. If you can still access the WordPress admin panel,you can move forward to the next step of the process.We recommend that you change your Wordpress website passwords before you start the clean-up.
If possible, you should restore your Wordpress website to an earlier point, when it was not hacked. You can access the Wordpress website restoration steps here. If you are able to restore your website, there's a good chance that you'll have your site back up and running soon.However, the downside can still be that you risk losing blog posts, new comments, etc.In this case, you still may want to manually remove the hack, depending on the length of the hack time and amount of content you have.
Hackers often hide their backdoor in themes and plugins in
Wordpress websites. You should look at your WordPress website and
delete any inactive WordPress themes and plugins. You can learn
more about the "Backdoor method" here. Once you
have deleted the plugins, you should rescan your Wordpress website
to get an updated list of issues. Our free and safe WordPress
Scanner will provide the status of all of the core Wordpress files
to tell you where the hack may be occuring.
The most common places are Wordpress themes and Wordpress plugin directories, upload directories, wp-config.php, wp-includes directories, and .htaccess files. You should also run your website through a Theme Authenticity Checker, which is linked here. The theme authenticity checker will show a details button next to the theme with the reference to the infected file. It will also show you the malicious code that it found.
You have two options for fixing the hack here.
: You can either manually remove the code.
Re-upload the brand new WordPress files that are infected from a fresh download or all WordPress files to override any infected files.
: You can replace that file with the original file.
Download a new, fresh copy of the file and replace the infected or corrupted file with the newly downloaded copy.
Any of the affected plugins will require the same steps to clean up. You should, therefore, also repeat this process for the plugins.
It's also important to ensure that your theme and plugin folder names match the original ones. In many cases, hackers may add additional files that may appear to be plugin names, and are easy to ignore such as: hell0.php, Adm1n.php etc. Keep repeating this step until the file is clean.
Do your diligence on providing access to the correct users in your team for your Wordpress website. You may check the users section of WordPress to limit the administrator access to your website.
You must ensure that the cookies are disabled moving forward to prevent further hacking. Once a user logins using the permissions, he or she will remain logged in until the cookies are invalid. You must first create a new set of secret keys. You need to generate a new security key. You must add this newly generated key to your wp-config.php file.
You need to update your WordPress password, cPanel / FTP / MySQL password, and any other place that you might have used this password for maximum security. You must ensure that all users who have access to the website have also changed their passwords.
We hope this guide helped you fix your hacked WordPress website.
WPHackedHelp has over 15 years of WordPress experience. Our goal is to be the best in WordPress cleanups. Hackers often leave back doors which most clean up services do not clean up. We take advantage of our experience to carefully analyze all of the files to make sure we catch every issue on your WordPress website.
"My blog was hacked and I learned that the hard way. I needed help cleaning up and upgrading my website. WPHackedHelp.com was quick to respond, had fast turn around time and English speaking support staff. I was always informed on the status of my request."
Laurie - Allusions Designs, CA