How to Recover Hacked WordPress Website

The biggest tragedy any website owner can face is when their website gets hacked. This can be a nightmare in terms of negative impact it makes to the business of your website. Due to large popularity of WordPress site it is a favorite target for hackers. The saddest part when your website is hacked is losing the trust of your visitors. Longer your website is down more traffic will be diverted. All the energy, time, money and effort you put through to build your website are in the edge of getting lost. In this article we will discuss about how to recover hacked WordPress website.

Why someone hacks

Even if your website’s popularity is low, you can still be the target of hackers. There is rarely any reason needed for hacking. It happens because it is possible. May be there are security loopholes, outdated resources, vulnerabilities that may have invited hackers to your website. Mostly automated scripts called robots do the hack. They attack random websites checking for their vulnerabilities.

Signs to know if your website is really hacked

  1. If you find spam in websites header and footer that contains advertisements and redirects for things like pornography, drug, illegal services, then your website is surely hacked.
  2. Enter site:yoursite.com in Google search. Obviously replace yoursite with the name of your hacked website. If you find some unrecognized pages or malicious contents in search result, then may be your website is hacked.
  3. If many of your users and visitors complain or report about being directed to malicious websites then chances are your website is hacked.
  4. Reports or warning from host company about your website being spamy and malicious.

How to Recover Hacked WordPress Website

  1. Scan your local environment:

    The source of attack may be lying in your local computer. Make full anti-virus/malware scan on your local machine

  1. Backup whatever available:

    You can backup your infected database and other files for future investigation. Also if you accidentally deleted any important files during removal of hack, you can use this backup to restore.

  1. Restore from backup before it was hacked:

    If you have recent backup of your website which is not effected by hack then you can easily restore the site from an earlier saved files. This can be a very good solution for static websites that do not change its content very often but if you have a dynamic websites like blog or news portal then recovery from backup may end up losing contents.

  1. Delete all plugins:

    Delete anything in wp-content/Plugin/ directory. This will delete your entire plugins from the website. You can always download fresh plugin from WordPress repository again.

  1. Delete inactive themes:

    Delete all inactive themes from wp-content/themes directory leaving the active theme your website is using. You have to correctly identify the current theme your website is using and delete all other themes.

  1. Re-upload core files:

    Check your core files wp-includes and wp-admin. Since these files can be the target of hacker it is a better to replace your hacked wp-includes and wp-admin folder with fresh WordPress installation files.

  1. Remove old installation folders and outdated backups:

    If you have old WordPress installs and backups in your server, then they may be infected too. Generally these WordPress install or backup files are kept making a separate subdirectory like ‘old/’. Any hacker can easily access these files, infect it and plant your backdoor here. So, check these files and delete them if you suspect them being malicious.

  1. Change security keys:

    There is a set of security keys used for encrypted password. Once you have been hacked you have to change those security keys. You can manually generate security keys and upload it to wp-config file or you can use plugins like Sucuri to change security keys.

  1. Change user permissions:

    Make sure you and your trusted users are the only ones who have administrator access to our site. If you find any suspicious and unknown users then delete them.

  1. Check htaccess file:

    Check htaccess file for any suspicious codes. If you have never edited your htaccess file, then it is better you create a new htaccess file.

  1. Reset passwords to stronger one:

    Change your cPanel, FTP and database passwords with a stronger password.

  1. Restore media files upload folder:

    If you have backup of your upload files then delete all the files inside hacked upload folder and reupload them from the backup files. If you don’t have a lot of images or other media, you can re-uploading them from offline sources into the /uploads directory.

Using Tools to clean infected files from a hacked WordPress websites

Sucuri WordPress Security Plugin

sucuri-plugin

sucuri to recover hacked WordPress website

It’s a wonderful free WordPress plugin that provides various security features for your website. You can use it to scan for malwares in your core files. It can identify the places where hack is hiding. It also helps you with post hack activities like changing security keys, resetting passwords and resetting plugin and themes.

Wordfence

Wordfence is a very popular WordPress security plugin with more than 1 million active installs. You can use Wordfence to scan for Trojans, malwares, backdoors and other security threats. Check out the steps how to scan your website using this plugin.

  1. Install and activate the Wordfence security plugin from WordPress plugin repository.
Also Read:   How to Integrate Tawk.to Live Chat Feature in WordPress for Free

wordfence-plugin

  1. Go to the wordfence options page, and select everything you want to scan. Finally hit scan button.
  2. In the scan result you can find the list of infected files. Examine all the suspicious files and manually delete the harmful codes.
  3. Wordfence also provides a option to see the changes in original files and current files. Check for changes in core files, plugin and themes files. You can use wordfence to repair the suspiciously changed files.

How to recover hacked WordPress website using wordfence scanning

Here are the few common places where hackers target to hide their backdoor.

  1. Themes and plugin directories
  2. Wp-config.php
  3. Upload directories
  4. htaccess files

Things to do after recovery

If you have recently recovered your site after being hacked, to make sure you never get hacked again you can perform the following actions.

  1. Use firewalls and Monitoring System:

    Make your WordPress Security system stronger by using firewalls and Monitoring System. You can use various security plugin like All In One WP Security & FirewallWordfence .

  1. Invest in great web host:

    Switch to better web hosts like managed WordPress hosting, Sucuri Better hosting companies provide you better security and support.

  1. Update themes and plugin:

    A lot of updates come by filling up the security loopholes which might have been in previous versions. Outdated plugin and themes can be the gate for entry for hackers. So always update your themes and plugin and delete any inactive plugin. Use trusted plugins and themes only.

  1. Hide version number of your WordPress from visitors:

    Hiding WordPress version number adds a security layer to website. You can see our article “Steps to Remove WordPress Version Number Easily

  1. Disable Theme and Plugin Editors from WordPress Admin Panel:

    You can disable the feature to edit themes and plugin from admin panel to be safe from hackers and clients screwing your site.  In wp-config.php file just add the following code:

 define( ‘DISALLOW_FILE_EDIT’, true);
  1. Limit Login Attempts in WordPress:

    Limiting login attempts can save you from Brute Force attack and various other kinds of hacking attempts. Checkout our article “How to Limit Login Attempts in WordPress Website

  1. Password Protect your Admin Directory

    Adds an additional layer of password to your WordPress admin area

  2. Use notification plugins:

    Install notification plugins like WordPress File Monitor to receive notifications every time your files are edited.

  1. Disable PHP Execution in certain directories

    This adds additional layer of security .

  1. Backup:

    Have good backup plans like VaultPress, UpdraftPlus etc. You can also use FTP and hosting provider backup system.

External helps that you can take

Hire professionals

If you are not comfortable working with codes and servers then the best thing you can do is hire professionals who are WordPress back end developer to clean your hacked website for you. Sometimes hackers hide their code in multiple locations which can create trouble in future if not completely removed. So hiring a professional can be a effective solution.

Contact your host

Contacting your host can help you identify if the hack is actual hack or loss of service. If you are using shared hosting, hack may have affected your host too so co-operate with your host to clean effected parts. Give all the information you have about the hack to your host so they can help you. If you have a good hosting company that has good support system, then you can get all the help you need to recover your website from your hosting company.

Hacking is a sad reality which no one can deny. If your website is also hacked do not panic. Remember, with right technique and good preparation, you can recover your hacked website completely. We hope the techniques mentioned in this article will be useful for you to recover hacked WordPress website.

The following two tabs change content below.

Kantiman Bajracharya

Kantiman Bajracharya is a freelance web developer. He is a computer geek who has a Bachelor’s degree in Computer Engineering. He has earned lots of satisfied customers while working for numerous successful projects. He is also a WordPress theme creator and web article writer. On free time he likes reading philosophy books, traveling and playing chess.

Share This Post