Saving Your Hacked WordPress Site

Fix, Restore, Clean, Save, Prevent
Recover your WordPress Website

Updated: April 5, 2021
By: RSH Web Editorial Staff
Hacked WordPress

Hacked WordPress

With more than 28,000,000 Live WordPress Websites It is one of the most popular platforms upon which to power websites. Being an Open Source Content Management System which is the main reason it is the most used for website development. There is an entire Global community constantly building on and improving the functionality. But the fact that it is "Open Source" also means security vulnerabilities are a constant concern

The Open Source Code Problem

The Open Source Code is why WordPress is loved by so many developers
But it is also the most serous probably for the WordPress community. Since all the coding AND security issues with any shortcomings are made Public. Hackers can keep a track of any security vulnerabilities. This is one of the biggest reasons why WordPress websites get hacked more often than any other CMS

A report by a security research company showed that nearly 27,000 WordPress Websites had been hacked in 2019


Sucuri also reported that 78% of reported hacked websites in the first quarter of 2020 were powered by WordPress
This is not to say that you should avoid WordPress when starting your website. But you have to be aware that there are risks when customizing, by adding plugins and themes

If you believe your WordPress website has been hacked it is important to remember there are many different things you can do to save your website

Steps To Take

Make sure you’re really dealing with a hacked WordPress
There are many clues that can tell you if your website has been breached by a hacker or is infected with malware

Has Google or any other search engine blacklisted your website for being insecure. You can check this by going to Is My Website Penalized or BlackListed to see your status
Do any illegitimate links or text appear on your website?
Are visitors being redirected to another website when they visit your WordPress website?
Does the “Screen of Death” appear warning visitors that your website has malware?

resources about hosting

Contact Your Hosting Company

Many of the better hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before. Get in touch with your hosting provider and follow their advice

Hire A Professional

If your WordPress website has been hacked bad or you just need it to be cleaned quickly. Hiring a professional might be the way to go. A vulnerable website only gets worse as time goes on. The faster you can get your site fixed the safe it will be

Services you can hire to fix your WordPress Website
Sucuri Complete Website Security, Protection and Monitoring
ASTRA Security Complete Website Security Suite
OneHourSiteFix Helps to clean infected sites in one hour
Fixmysite WordPress Hack and Malware Removal Service

Scanning and Removal of Malware

There are also many security plugins that you can use to scan your website for intrusions. Here are some of the best plugins that we would recommend for your website

Sucuri Plugin Security tool-set for security integrity monitoring, malware detection and security hardening

All in One WP Security A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site

iThemes Security Formerly Better WP Security

Wordfence Firewall, malware scan, blocking, live traffic, login security & more

WP fail2ban Write a myriad of WordPress events to syslog for integration with fail2ban

WPScan WordPress Security Scans your system for security vulnerabilities listed in the WPScan Vulnerability database

Security Ninja Tests security issues, malware & warns of dangerous plugins

Jetpack Backup, anti spam, malware scan, CDN, AMP, integrations with Woo, Facebook, Instagram, Google

VaultPress A subscription service offering real-time backup, automated security scanning, and support from WordPress experts

SecuPress Free Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily

Google Authenticator plugin Google Authenticator, Two Factor Authentication, OTP verification, SMS and Email

BulletProof Security Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam and much more

Defender Security Malware scanner, IP blocking, audit logs, activity logs, firewall, login security and more

Astra Web Security Firewall with malware cleanup and security audit for your WordPress

Shield Security Add expert security to all your WordPress sites with Shield Security, without being a security expert

Hide My WP Hide all common paths, wp-admin, wp-login, wp-content, plugins, themes, authors, comments Add Firewall, Brute Force protection & more

WebARX Web application firewall identifies plugin vulnerabilities and blocks malicious attacks with virtual patches

Security and Malware scan by CleanTalk Security, FireWall, Malware auto scan, online security. Security plugin

MalCare Security Smart Firewall, malware scan, login protection and more

WordPress Security Firewall, malware scan, blocking, live traffic, login security and more

WP Cerber Security Malware scanner and integrity checker. User activity log. Antispam reCAPTCHA. Limit login attempts

Loginizer WordPress security plugin which helps you fight against brute-force attacks

SecuPress Free Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily

These plugins give you the ability to scan your site for file changes and potential threats attacking your website. Enabling fire Walls and many other security measures. If you own multiple websites make sure to scan them all for malware, as one of the leading causes of reinfection is cross contamination

If you find that your website has been hacked it is important to remove the malicious code as quickly as possible
The longer your website is affected, the more your online credentials will be tarnished
If you have a daily backup service then your work is going to be easy, just go back to a version of your website before it was hacked
If you don’t have a backup, don’t worry there is still plenty you can do, but we do suggest getting some form of a backup service for any future issues


Once you have removed any malicious code from your Website you will want to ensure that your website is not hacked again

Again you will want to update all of your plugins and other software, as out-of-date software is one of the leading causes of hacks

Remove Old Plugins and addons. This is one area that is always overlooked. Not using it anymore. Get rid of it. Make sure your WordPress developer also gets the message

Never download themes and plugins from unknown or unreliable sources. It just might have been created by a hacker

Change all of your passwords just in case the hacker found their way in through one of your old passwords

If you can afford some extra security you may want to consider purchasing it or even upgrading to the premium version of the security plugins

Be careful of allocating user roles. Keep user logins monitored to make sure that everything and "everyone" is under control

Automated backup. An automated backup can make getting rid of a hacker much quicker by changing to a version you had before the hack

Use a Reliable WordPress Hosting Service to stay secure. A good hosting provider will also ensure that your website loads fast, uses fire walls and DDOS protection

See our WordPress Tutorials for more WordPress reading

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you

Tweet  Share  Pin  Tumble  Email