Saving Your Hacked WordPress Site

Fix, Restore, Clean, Save, Prevent
Recover your WordPress Website

Remove Malware and Clean your Website

Updated: March 10, 2022
By: RSH Web Editorial Staff
Hacked WordPress
Menu

Hacked WordPress Website

With more than 28,000,000 WordPress Websites It is one of the most popular platforms upon which to power websites. Being an Open Source Content Management System which is the main reason it is the most used for website development. There is an entire community constantly building on and improving the functionality. But the fact that it is a Open Source Software also means security vulnerabilities are a constant concern

The Open Source Code Problem

The Open Source Code that WordPress uses is why it is loved by so many developers

But it is also the most serous problem for the WordPress community. Since all the coding and security issues with any shortcomings are also made Public

Hackers can keep a track of any security vulnerabilities. This is one of the biggest reasons why WordPress websites get hacked more often than any other Content Management System

wordpress

A report by a security research company showed that nearly 1.6 million WordPress Websites had been hacked in 2021

Sucuri also reported that 78% of reported hacked websites in the first quarter of 2020 were powered by WordPress
This is not to say that you should avoid WordPress when starting your website. But you have to be aware that there are many risks when adding plugins and themes

If you believe your WordPress website has been hacked it is important to remember there are different ways to save your website

Steps To Take

Make sure you are really dealing with a hacked WordPress
There are many clues that can tell you if your website has been breached by a hacker or is infected with malware

Do any strange links or text appear on your website?
Are visitors being redirected to another website when they visit your WordPress website?
Does the Screen of Death appear warning visitors that your website has malware?

Has Google or any other search engine blacklisted your website. You can check this by a manual search to see if you are blacklisted

Simply perform a search on Google with the following parameter:
site:domainname.com

Blog Hosting

Contact Your Hosting Company

Most all hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before. Get in touch with your hosting provider and listen to their advice
But be careful if they want to charge extraordinary fees. Could be a sign they are farming out the problem and jacking up the price. Always check with dedicated WordPress professionals

Restore A Previous Version

If you are in the habit of backing up your WordPress website. This could be the best thing you could do. Restore a previous version of your website from before the hack.

Keep in mind when you do restore from a backup your entire website will revert back to that version.
But it is most likely worth gaining a clean website versus the headaches of being hacked.

WordPress Backup Plugins

Jetpack - WordPress Backup Plugin
Backup Migration - WordPress Backup Plugin
WP Staging Backup - Duplicator and Migration
BackWPup - WordPress Backup Plugin
UpdraftPlus - WordPress Backup Plugin
XCloner - WordPress Restore and Migrate
Backup Guard - WordPress Backup and Migrate Plugin
Prime Mover - Backup and Migration

Hire A Professional

If your WordPress website has been hacked bad or you just need it to be cleaned quickly. Hiring a professional might be the way to go. A vulnerable website only gets worse as time goes on. The faster you can get your site fixed the safe it will be

Services you can hire to fix your WordPress Website

Sucuri Complete Website Security, Protection and Monitoring
OneHourSiteFix Helps to clean infected sites in one hour
Fixmysite WordPress Hack and Malware Removal Service

Themes

If the infection is a part of a WordPress Theme. Try installing install a fresh copy. If you are not using the theme uninstall it. If you’re unable to clear the threat through this method try contacting the theme’s developer for guidance.

If the above suggestions do not help we suggest using a different theme. You can find thousands of good clean themes at WordPress.org

Scanning and Removal of Malware

There are also many security plugins that you can use to scan your website for intrusions.

Here are some of the best plugins that we would recommend for your website

All in One WP Security - A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site

iThemes Security - Formerly Better WP Security

Wordfence - Firewall, malware scan, blocking, live traffic, login security & more

WP fail2ban - Write a myriad of WordPress events to syslog for integration with fail2ban

WPScan WordPress Security - Scans your system for security vulnerabilities listed in the WPScan Vulnerability database

Security Ninja - Tests security issues, malware & warns of dangerous plugins

Sucuri Plugin - Security tool-set for security integrity monitoring, malware detection and security hardening

Jetpack - Backup, anti spam, malware scan, CDN, AMP, integrations with Woo, Facebook, Instagram, Google

VaultPress - A subscription service offering real-time backup, automated security scanning, and support from WordPress experts

SecuPress Free - Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily

Google Authenticator plugin - Google Authenticator, Two Factor Authentication, OTP verification, SMS and Email

BulletProof Security - Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam and much more

Defender Security - Malware scanner, IP blocking, audit logs, activity logs, firewall, login security and more

Shield Security - Add expert security to all your WordPress sites with Shield Security, without being a security expert

Hide My WP - Hide all common paths, wp-admin, wp-login, wp-content, plugins, themes, authors, comments Add Firewall, Brute Force protection & more

WebARX - Web application firewall identifies plugin vulnerabilities and blocks malicious attacks with virtual patches

Security and Malware scan by CleanTalk - Security, FireWall, Malware auto scan, online security. Security plugin

MalCare Security - Smart Firewall, malware scan, login protection and more

WordPress Security - Firewall, malware scan, blocking, live traffic, login security and more

WP Cerber Security - Malware scanner and integrity checker. User activity log. Antispam reCAPTCHA. Limit login attempts

Loginizer - WordPress security plugin which helps you fight against brute-force attacks

SecuPress Free - Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily

These plugins give you the ability to scan your site for file changes and potential threats attacking your website. Enabling fire Walls and many other security measures. If you own multiple websites make sure to scan them all for malware, as one of the leading causes of reinfection is cross contamination

If you find that your website has been hacked it is important to remove the malicious code as quickly as possible
The longer your website is affected, the more your online credentials will be tarnished
If you have a daily backup service then your work is going to be easy, just go back to a version of your website before it was hacked
If you don’t have a backup, don’t worry there is still plenty you can do, but we do suggest getting some form of a backup service for any future issues

Conclusion

Once you have removed any malicious code from your Website you will want to ensure that your website is not hacked again

Again you will want to update all of your plugins and other software, as out-of-date software is one of the leading causes of hacks

Remove Old Plugins and addons. This is one area that is always overlooked. Not using those plugins or themes anymore?. Get rid of them. Make sure your WordPress developer also gets the message

Never download themes and plugins from unknown or unreliable sources. It just might have been created by a hacker

Change your passwords just in case the hacker found their way in with one of your old passwords
And if you changed web designers or companies that no longer work on your site

If you can afford some extra security you may want to consider purchasing it or even upgrading to the premium version of the security plugins

Be careful of allocating user roles. Keep user logins monitored to make sure that everything and "everyone" is under control

Automated backup. An automated backup can make getting rid of a hacker much quicker by changing to a version you had before the hack

Use a Reliable WordPress Hosting Service to stay secure.

A good hosting provider will also ensure that your website loads fast, uses fire walls and DDOS protection

See our WordPress Tutorials for more WordPress reading

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you

Tweet  Share  Pin  Tumble  Email

More Articles Of Interest