Saving Your Hacked WordPress Site

Fix, Restore, Clean, Save, Prevent
Recover your WordPress Website

Remove Malware and Clean your Website

Updated: March 10, 2022
By: RSH Web Editorial Staff
Hacked WordPress
Menu

Hacked WordPress Website

With more than 28,000,000 WordPress Websites. It is one of the most popular platforms upon which to power your site. Being an Open Source Content Management System, which is the main reason it is the most used for website development. There is an entire community constantly building on and improving the functionality. But the fact that it is an Open Source Software also means security vulnerabilities are a constant concern.

The Open Source Code Problem

The Open Source Code that WordPress uses is why it is loved by so many developers.

But it is also the most serous problem for the WordPress community. Since all the coding and security issues with any shortcomings are also made Public.

Hackers can keep a track of any security vulnerabilities. This is one of the biggest reasons why WordPress websites get hacked more often than any other Content Management System.

wordpress

A report by a security research company showed that nearly 1.6 million WordPress Websites had been hacked in 2021.

Sucuri also reported that 78% of reported hacked websites in the first quarter of 2020 were powered by WordPress
This is not to say that you should avoid WordPress when starting your website. But you have to be aware that there are many risks when adding plugins and themes.

If you believe your WordPress website has been hacked, it is important to remember there are different ways to save your website.

Steps To Take

Make sure you are really dealing with a hacked WordPress
There are many clues that can tell you if your website has been breached by a hacker or is infected with malware.

Do any strange links or text appear on your website?
Are visitors being redirected to another website when they visit your WordPress website?
Does the Screen of Death appear, warning visitors that your website has malware?

Has Google or any other search engine blacklisted your website. You can check this by a manual search to see if you are blacklisted.

Simply perform a search on Google with the following parameter:
site:domainname.com.

Blog Hosting

Contact Your Hosting Company

Most all hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before. Get in touch with your hosting provider and listen to their advice
But be careful if they want to charge extraordinary fees. Could be a sign they are farming out the difficulty and jacking up the price. Always check with dedicated WordPress professionals.

Restore A Previous Version

If you are in the habit of backing up your WordPress website. This could be the best thing you could do. Restore a previous version of your website from before the hack.

Keep in mind when you do restore from a backup, your entire website will revert to that version.
But it is most likely worth gaining a clean website versus the headaches of being hacked.

WordPress Backup Plugins

Jetpack - WordPress Backup Plugin
Backup Migration - WordPress Backup Plugin
WP Staging Backup - Duplicator and Migration
BackWPup - WordPress Backup Plugin
UpdraftPlus - WordPress Backup Plugin
XCloner - WordPress Restore and Migrate
Backup Guard - WordPress Backup and Migrate Plugin
Prime Mover - Backup and Migration

Hire A Professional

If your WordPress website has been hacked bad or you just need it to be cleaned quickly. Hiring a professional might be the way to go. A vulnerable website only gets worse as time goes on. The faster you can get your site fixed, the safe it will be.

Services you can hire to fix your WordPress Website.

Sucuri Complete Website Security, protection, and monitoring
OneHourSiteFix Helps to clean infected sites in one hour
Fixmysite WordPress Hack and Malware Removal Service.

Themes

If the infection is a part of a WordPress Theme. Try installing install a fresh copy. If you are not using the theme, uninstall it. If you’re unable to clear the threat through this method, try contacting the theme’s developer for guidance.

If the above suggestions do not help, we suggest using a different theme. You can find thousands of good, clean themes at WordPress.org.

Scanning and Removal of Malware

There are also many security plugins that you can use to scan your website for intrusions.

Here are some of the best plugins that we would recommend for your website.

All in One WP Security - A comprehensive, user-friendly, all in one WordPress security and firewall plugin for your site.

iThemes Security - Formerly Better WP Security.

Wordfence - Firewall, malware scan, blocking, live traffic, login security & more.

WP fail2ban - Write a myriad of WordPress events to syslog for integration with fail2ban.

WPScan WordPress Security - Scans your system for security vulnerabilities listed in the WPScan Vulnerability database.

Security Ninja - Tests security issues, malware & warns of dangerous plugins.

Sucuri Plugin - Security tool-set for security integrity monitoring, malware detection and security hardening.

Jetpack - Backup, anti spam, malware scan, CDN, AMP, integrations with Woo, Facebook, Instagram, Google.

VaultPress - A subscription service offering real-time backup, automated security scanning, and support from WordPress experts.

SecuPress Free - Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

Google Authenticator plugin - Google Authenticator, Two Factor Authentication, OTP verification, SMS, and Email.

BulletProof Security - Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam and much more.

Defender Security - Malware scanner, IP blocking, audit logs, activity logs, firewall, login security and more.

Shield Security - Add expert security to all your WordPress sites with Shield Security, without being a security expert.

Hide My WP - Hide all common paths, wp-admin, wp-login, wp-content, plugins, themes, authors, comments Add Firewall, Brute Force protection & more.

WebARX - Web application firewall identifies plugin vulnerabilities and blocks malicious attacks with virtual patches.

Security and Malware scan by CleanTalk - Security, FireWall, Malware auto scan, online security. Security plugin.

MalCare Security - Smart Firewall, malware scan, login protection and more.

WordPress Security - Firewall, malware scan, blocking, live traffic, login security and more.

WP Cerber Security - Malware scanner and integrity checker. User activity log. Antispam reCAPTCHA. Limit login attempts.

Loginizer - WordPress security plugin which helps you fight against brute-force attacks.

SecuPress Free - Protect your WordPress with SecuPress, analyze and ensure the safety of your website daily.

These plugins give you the ability to scan your site for file changes and potential threats attacking your website. Enabling fire Walls and many other security measures. If you own multiple websites, make sure to scan them all for malware, as one of the leading causes of reinfection is cross contamination.

If you find that your website has been hacked, it is important to remove the malicious code as quickly as possible
The longer your website is affected, the more your online credentials will be tarnished
If you have a daily backup service then your work is going to be easy, just go back to a version of your website before it was hacked
If you don’t have a backup, don’t worry, there is still plenty you can do, but we do suggest getting some form of a backup service for any future issues.

Conclusion

Once you have removed any malicious code from your website, you will want to ensure that your site does not get hacked again.

Again, you will want to update all of your plugins and other software, as out-of-date software is one of the leading causes of hacks.

Remove Old Plugins and add-ons. This is one area that is always overlooked. Not using those plugins or themes anymore?. Get rid of them. Make sure your WordPress developer also gets the message.

Never download themes and plugins from unknown or unreliable sources. It just might have been created by a hacker.

Change your passwords just in case the hacker found their way in with one of your old passwords
And if you changed web designers or companies that no longer work on your site.

If you can afford some extra security, you may want to consider purchasing it or even upgrading to the premium version of the security plugins.

Be careful of allocating user roles. Keep user logins monitored to make sure that everything and "everyone" is under control.

Automated backup. An automated backup can make getting rid of a hacker much quicker by changing to a version you had before the hack.

Use a Reliable WordPress Hosting Service to stay secure.

A good hosting provider will also ensure that your website loads fast, uses fire walls and DDOS protection.

See our WordPress Tutorials for more WordPress reading.

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
If you need specific help with your account, feel free to contact us anytime
Thank you

Tweet  Share  Pin  Tumble  Email

More Articles Of Interest

We have been providing reliable and affordable web hosting services to our customers since 1997. Offering the best hosting solutions with security and reliability