The reality about running WordPress websites is that they could get hacked. This step by step guide will help you to fix your hacked WordPress site.
Follow the steps below to clean up your hacked WordPress site
Step 1: Identify the how the clean hacked wordpress website got Hacked
Below is a good checklist to run down through:
- Can you login to your WordPress admin panel?
- Is your WordPress site redirecting to another website?
- Does your WordPress site contain illegitimate links?
- Is Google marking your website as insecure?
- Write down the list because this will help you as you talk with your hosting company or even as you go down the steps below to fix your site.
Also it’s crucial that you change your passwords before you start the clean up. You will also need to change your passwords, when you’re done cleaning the hack.
Step 2: Check with your Hosting Company
Most good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.
Step 3: Restore from Backup
If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked. If you can do this, then you’re golden.
However if you have a blog with daily content, then you risk losing blog posts, new comments, etc. In those cases, weigh the pros and cons.
Worst case, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you can manually remove the hack.
Step 4: Malware Removal
Look at your WordPress site and delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.
Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing. This allows them to regain access even after you find and remove the exploited plugin.
Once you have done that, now go ahead and scan your website for the hacks.
The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.
Step 5: Check WordPress User Permissions
Look in the users section of WordPress to make sure only you and your trusted team members have administrator access to the site.
If you see a suspicious user there, then delete them.
Step 6: Change The Secret Keys
Since WordPress 3.1, WordPress generates a set of security keys which encrypts your passwords. Now if a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.
Here are some more things you can do to better protect your site
- Disable Theme and Plugin Editors – It’s a best practice.
- Limit Login Attempts in WordPress
- Password Protect your the WordPress Admin Directory
- Disable PHP Execution in certain directories
Always keep your WordPress core, plugins, and themes up to date!