Saving Your Hacked WordPress Site

Fix, Restore, Clean, Save, Prevent

Recover your WordPress Website

Remove Malware and Clean your Website

Updated: August 12, 2023
By: RSH Web Editorial Staff

Contact Us

Hacked WordPress

Hacked WordPress Website

With more than 28,000,000 WordPress Websites. It is one of the most popular platforms upon which to power your site. Being an Open Source Content Management System, which is the main reason it is the most used for website development. There is an entire community constantly building on and improving the functionality. But the fact that it is an Open Source Software also means security vulnerabilities are a constant concern.

The Open Source Code Problem

The Open Source Code that WordPress uses is why it is loved by so many developers.

But it is also the most serous problem for the WordPress community. Since all the coding and security issues with any shortcomings are also made Public.

Hackers can keep a track of any security vulnerabilities. This is one of the biggest reasons why WordPress websites get hacked more often than any other Content Management System.


A report by a security research company showed that nearly 1.6 million WordPress Websites had been hacked in 2021.

Sucuri also reported that 78% of reported hacked websites in the first quarter of 2020 were powered by WordPress
This is not to say that you should avoid WordPress when starting your website. But you have to be aware that there are many risks when adding plugins and themes.

If you believe your WordPress website has been hacked, it is important to remember there are different ways to save your website.

Steps To Take

Make sure you are really dealing with a hacked WordPress
There are many clues that can tell you if your website has been breached by a hacker or is infected with malware.

Do any strange links or text appear on your website?
Are visitors being redirected to another website when they visit your WordPress website?
Does the Screen of Death appear, warning visitors that your website has malware?

Has Google or any other search engine blacklisted your website. You can check this by a manual search to see if you are blacklisted.

Simply perform a search on Google with the following parameter:


Contact Your Hosting Company

Most all hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before. Get in touch with your hosting provider and listen to their advice
But be careful if they want to charge extraordinary fees. Could be a sign they are farming out the difficulty and jacking up the price. Always check with dedicated WordPress professionals.

Restore A Previous Version

If you are in the habit of backing up your WordPress website. This could be the best thing you could do. Restore a previous version of your website from before the hack.

Keep in mind when you do restore from a backup, your entire website will revert to that version.
But it is most likely worth gaining a clean website versus the headaches of being hacked.

WordPress Backup Plugins

Hire A Professional

If your WordPress website has been hacked bad or you just need it to be cleaned quickly. Hiring a professional might be the way to go. A vulnerable website only gets worse as time goes on. The faster you can get your site fixed, the safe it will be.

Services you can hire to fix your WordPress Website.

Sucuri Complete Website Security, protection, and monitoring
OneHourSiteFix Helps to clean infected sites in one hour
Fixmysite WordPress Hack and Malware Removal Service.


If the infection is a part of a WordPress Theme. Try installing install a fresh copy. If you are not using the theme, uninstall it. If you’re unable to clear the threat through this method, try contacting the theme’s developer for guidance.

If the above suggestions do not help, we suggest using a different theme. You can find thousands of good, clean themes at

Scanning and Removal of Malware

There are also many security plugins that you can use to scan your website for intrusions.

Here are some of the best plugins that we would recommend for your website.

All in One WP Security

A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site. Gives you Login Security Tools, to keep bots at bay and protect your website from brute force attacks.

iThemes Security

Formerly Better WP Security. WordPress Security plugin with 30+ ways to protect and secure your site.


includes an endpoint firewall, security scanner, login security, alerts, centralized management, malware scan, blocking, live traffic, login security & more.

WP fail2ban

Write a myriad of WordPress events to syslog for integration with fail2ban.

WPScan WordPress Security

Scans your system for security vulnerabilities listed in the WPScan Vulnerability database.

Security Ninja

Tests security issues, malware & warns of dangerous plugins.

Sucuri Plugin

Security tool-set for security integrity monitoring, malware detection and security hardening.


Backup, anti spam, malware scan, CDN, AMP, integrations with Woo, Facebook, Instagram, Google.


A subscription service offering real-time backup, automated security scanning, and support from WordPress experts.

SecuPress Free

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

Google Authenticator plugin

Google Authenticator, Two Factor Authentication, OTP verification, SMS, and Email.

BulletProof Security

Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam and much more.

Defender Security

Malware scanner, IP blocking, audit logs, activity logs, firewall, login security and more.

Shield Security

Add expert security to all your WordPress sites with Shield Security, without being a security expert.

Hide My WP

Hide all common paths, wp-admin, wp-login, wp-content, plugins, themes, authors, comments Add Firewall, Brute Force protection & more.


Web application firewall identifies plugin vulnerabilities and blocks malicious attacks with virtual patches.

Security and Malware scan by CleanTalk

Security, FireWall, Malware auto scan, online security. Security plugin.

MalCare Security

Smart Firewall, malware scan, login protection and more.

WordPress Security

Firewall, malware scan, blocking, live traffic, login security and more.

WP Cerber Security

Malware scanner and integrity checker. User activity log. Antispam reCAPTCHA. Limit login attempts.


WordPress security plugin which helps you fight against brute-force attacks.

SecuPress Free

Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

These plugins give you the ability to scan your site for file changes and potential threats attacking your website. Enabling fire Walls and many other security measures. If you own multiple websites, make sure to scan them all for malware, as one of the leading causes of reinfection is cross contamination.

If you find that your website has been hacked, it is important to remove the malicious code as quickly as possible
The longer your website is affected, the more your online credentials will be tarnished
If you have a daily backup service then your work is going to be easy, just go back to a version of your website before it was hacked
If you don’t have a backup, don’t worry, there is still plenty you can do, but we do suggest getting some form of a backup service for any future issues.


Once you have removed any malicious code from your website, you will want to ensure that your site does not get hacked again.

Again, you will want to update all of your plugins and other software, as out-of-date software is one of the leading causes of hacks.

Remove Old Plugins and add-ons. This is one area that is always overlooked. Not using those plugins or themes anymore?. Get rid of them. Make sure your WordPress developer also gets the message.

Never download themes and plugins from unknown or unreliable sources. It just might have been created by a hacker.

Change your passwords just in case the hacker found their way in with one of your old passwords
And if you changed web designers or companies that no longer work on your site.

If you can afford some extra security, you may want to consider purchasing it or even upgrading to the premium version of the security plugins.

Be careful of allocating user roles. Keep user logins monitored to make sure that everything and "everyone" is under control.

Automated backup. An automated backup can make getting rid of a hacker much quicker by changing to a version you had before the hack.

Use a Reliable WordPress Hosting Service to stay secure.

A good hosting provider will also ensure that your website loads fast, uses fire walls and DDOS protection.

See our WordPress Tutorials for more WordPress reading.

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
If you need specific help with your account, feel free to contact us anytime
Thank you

Tweet  Share  Pin  Email

More Articles Of Interest

Whether you’re a small business, freelancer or just starting out, we can help you get up and running with our website hosting solutions