Fixing Hacked WordPress Site

Fix Your Hacked WordPress WebSite

Reality about running a websites is that sometimes they do get hacked. Because our WordPress site has been hacked a few times in the past and we know exactly how stressful it can be.

Not to mention hours lost and the impact it has on your business, search engine rankings etc. Over the past years, we have helped our users recover their hacked WordPress sites.

WordPress Login Screen

Things to Know Before We Start

First and foremost, no matter which platform you’re using, Static HTML, WordPress, Drupal, Joomla, etc — any site can be hacked!

When your WordPress site is hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn sites or other bad websites, and worst lose your entire site data.

If your website is a business, then security should be one of your top priorities.

A crucial elements is that you have a good WordPress hosting company.

If you can afford it, then absolutely use managed WordPress hosting.

Make sure that you always have a WordPress backup solution such as BackWPup which is a free plugin that allows you to create a complete WordPress backup for free in place.

One of the most important is to have a robust web application firewall such as Sucuri. We use their services on our websites.

This information is great if you haven’t been hacked, if you’re reading this, then you have. Before you do anything try to remain as calm  and backup your database.

Let’s take a look at the step by step guide on how to fix your hacked WordPress.

First Step is Have a Professional Do it for You – we provide WordPress restore after hacks.

Security is a serious matter, and if you’re not comfortable dealing with codes and servers, then it’s almost always better to have us do it.

Hackers can hide their scripts in multiple locations which allows hackers to come back over and over again.

Although we will show you how to find and remove them later in this article, a lot of folks want to have the peace of mind knowing an expert properly cleaned their website.

Security experts charge anywhere between 200 to 250 which is outrageous for a small business or hobbist.

Now this may seem like a promotion of Sucuri, but it’s really an honest recommendation. We personally know the team at Sucuri, and we wouldn’t be recommending them if we didn’t trust them with our own websites.

Step 1. Identify the Hack

When dealing with a website hack, you’re under a lot of stress. Be calm and write down everything that you can about the hack.

The following checklist to run down through:

  • Can you login to your WordPress admin panel?
  • Is your WordPress site redirecting to another website?
  • Does your WordPress site contain illegitimate links?
  • Is Google marking your website as insecure?

This will help you as you talk with your hosting company or even as you go down the steps below to fix your site.

Also it’s crucial that you change your passwords before you start the clean up. You will also need to change your passwords, when you’re done cleaning.

Check with your Hosting Company

Good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.

The hack may have affected more than just your site, specially if you are on shared hosting enviroment. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc.

Restore from a Backup

Restore a backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked.

However if you have a blog with daily content, then you risk losing blog posts, comments, etc..

Worst case, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you should manually remove the hack.

Malware Scanning and Removal

Check your WordPress site and delete any inactive WordPress themes and plugins. This is where hackers hide backdoor.

Backdoor is a method, often secret, of bypassing normal authentication. Hackers will always upload a backdoor. This allows them to regain access even after you find and remove the exploited plugin.

Find it then scan your website for the hacks.

You should install the following free plugins on your website: Sucuri WordPress Auditing tool and Theme Authenticity Checker (TAC).

With these use Sucuri scanner to tell you the integrity status of all your core WordPress files. In other words, it shows you where the hack is hiding.

The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.

Next run the Theme Authenticity Checker, and it will display your results like this:

The theme authenticity checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.

At this junction you have two options for fixing the hack. You can either manually remove the code, or you can replace that file with the original file.

If they modified your core WordPress files, then re-upload brand new WordPress files from a fresh download or all WordPress files for that matter to override any affected files.

Your theme files will need replacing or over writing. Download a fresh copy and override the corrupted files with the new ones. Do this only if you didn’t make changes in your WordPress theme codes otherwise you’ll lose those changes too.

Repeat this step for any affected plugins as well.

You also want to make sure that your theme and plugin folder matches the original ones. Sometimes hackers add additional files that look like the plugin file name, and are easy to ignore such as: Hell0.php, Admin.php etc.

Keep repeating this step until the hack is gone.

Step 5. Check User Permissions

Look into the users section of WordPress to make sure only you and your trusted team members have administrator access to the site. Get rid of old users.

If you see a suspicious user there, then delete them.

Change Your Secret Keys

WordPress generates a set of security keys which encrypts your passwords. Now if a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.

Change Your Passwords

Update your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used this password.

We highly recommend that you use a strong password. All numbers digits and special characters

If you have a lot of users on your site, you will want to force a password reset for all of them.

A hacker target your uploads  folder

Must Use Plugins

Must Use Plugins i have found with WordPress.

For your website to be in with a chance to rank well you must use a caching plugin.

It will help you site to display faster and speed does matter with google.

There are a lot of things you can do to optimize your WordPress website, however installing a cache plugin will have a great effective on your content loading times.

Basically when someone visits your website, they need a lot of information to be transferred form your web host to their browser. They need to send a request for images, Javascript, and CSS. They also have to retrieve your content from the WordPress database. All of this contributes to your total page loading time.

A wordpress powered platform, generates content dynamically. This means that it requests fresh information about a page every time a visitor views a page. This can be unnecessary as when an article has been published, it only changes when an administrator, editor, or author, goes in and modifies it, i compere it to going to the shop for bread in the first run and returning to the shop later for milk.

Caching plugins address this issue by creating a static version of your content and delivering it to visitors. This can reduce your page loading time significantly.

You could see an improvement in overall website performance of on average ten times.

Remember to clear your cache for a consistent visitor experience.

W3 Total Cache Plugin

W3 Total Cache

W3 Total Cache is the cache plugin I use on my WordPress websites. It is also the second most popular cache plugin in the repository.

After activating the plugin, you may need to configure some files for it to function fully.

Change the permissions of your wp-content folder to 755 and also modify your .htaccess file.

By adding lines of code to it.


The plugin helps you with the whole process by displaying notification messages and alerts if any part of the installation process needs to be completed, W3 Total Cache will advise you of what still needs to be done.

The number of features that W3 Total Cache offers is impressive. There is very little that the plugin cannot do but it can be overwhelming. Thankfully, the default settings should be ok for most WordPress users, therefore you do not need to modify any settings.

You have to be comfortable editing WordPress core files but its worth it.