Your security scans have come back positive and it’s confirmed: your website has been successfully infiltrated. And when it comes to WordPress, “hacked” is never a word you want to hear. What do you do? Let’s walk you through the process of how to clean a hacked WordPress site and what next steps you should take to recover.
We all know, WordPress is the most popular platform. Because of sheer volume and the number of WordPress websites online, it’s the most hacked CMS on the web. That’s one of many reasons why it’s so important to learn to keep your site secure.
But even if you have basic security implemented on your website, people with malicious intent can still find access points through numerous tricks and loopholes in your website’s code.
Suppose we find ourselves in a worst-case scenario and someone has gained access to your WordPress website. What now?
1. Stay Calm
How do you clean a hacked WordPress site? Well, the first step is to take a deep breath. Having WordPress hacked isn’t the end of the world and all is not lost. Being stressed or angry will do you no good and it takes your concentration away from recovering your website. Let’s put our energy into finding solutions.
2. Locate The Hack
Go through this quick list of questions. Ask yourself:
- Are you able to log in to your WordPress Admin Panel (yourwebsite.com/wp-admin)?
- Is your website redirecting you to some other website?
- Does your WordPress website contain any illegal links?
- Has Google already marked your website as insecure?
Record your answers to each question and make sure that you’ve noted everything for the next step below.
3. Contact Your Hosting Company
Many of the good hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before, so they should be well-equipped to help. That’s why before doing anything yourself, get in touch with your hosting provider and follow their advice.
If your website is hosted on a shared server, this is also how you can see if the hacker gain access to your website through another site on your server. In this scenario, your hosting provider can provide you with answers like how the hack was starts and spread. Also, there’s a good chance they can tell you where the backdoor to your website is from where the hackers found their way in.
Hopefully, your hosting company is responsible enough to help you clean up your site after a hack (or not let it happen in the first place). If not, you have other options.
4. Hire A Professional
If your website has experienced a bad attack or you just need it to be cleaned quickly, hiring professional help might be the way to go. A vulnerable website only gets worse as time goes on, so the faster you can get your issues fixed, the safe your website will be.☠️ If your website has experienced a bad attack or you just need it to be cleaned quickly, hiring professional help might be the way to go. #WordPress Click To Tweet
This is most likely the best solution for you if you don’t consider yourself tech-savvy, or you just don’t want to mess anything up while you’re trying to clean your site. It’s easy to make things worse instead of better in these situations, so if you’re not comfortable making significant changes to the backend of your site, it may be time to ask for support.
One excellent option for this is Malcare. They are a complete WordPress security solution to protect your online identity. It is developed from the ground up after analyzing over 240,000 websites over the last 2+ years. MalCare ensures that your business is always protected and available to your visitors.
It comes with a powerful scanner that will never slow down your website and goes beyond just signature matching to find new and complex malware which usually go undetected in other popular scanners.
MalCare comes with a one-click automatic malware removal feature that surgically cleans all traces of malware permanently from the website. They also have an intelligent plugin-based firewall that protects your website from bad traffic by using the collective intelligence of its network of sites.
Finally they have an intuitive site management module that lets you manage your themes, plugins, users and WordPress core for better security of your website.
And then there are the great reviews left online for Malcare! If your website is hacked, they’re definitely one of the go-to solutions.
Joe, our Head Buff, also got the chance to hang out with the Team from Malcare at WordCamp Europe 2018. They’re some of the friendliest people he’s met in the WordPress space and are driven by making malware cleanup frictionless for their customers.
— Akshat Choudhary (@akshatc) June 13, 2018
If you’re looking for a team to fully manage the security of your WordPress website instead of an automated system, WP Buffs implement and optimize iThemes Security Pro on your website for free as part of our care plans. So that’s always an option!
But if you’re not interested in bringing on help or want to tackle this problem yourself, the next steps are below.
5. Restore A Previous Version
If you’ve made a habit of backing up your site, this could be the golden moment for you. You must restore a version of your website from before the hack.
When you restore an old backup of your site, always remember that your entire website will revert back to that version. Any content that you published, images you added to a gallery or general changes you made to the website will be lost. But, that’s most likely worth gaining a clean website back.
After you successfully restore the old version of your website, remember that it’s still vulnerable to attack! Time to add some serious security features to your site to avoid any malicious activity going forward.
If restoring your website will remove too many valuable changes, it’s possible to do a manual clean of your code as well.
6. Scanning & Removal of Malware
If any plugins or themes are not updated regularly, then there’s a chance that hackers could use outdated files to access your WordPress website. Once they’re in, they can then create a backdoor to more easily access your website in the future.
A backdoor refers to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected.
The first work for a smart hacker is to establish a backdoor so that he can regain the access after you locate and remote the first point of entry (usually a vulnerability in an outdated plugin or theme). That’s why it’s so important to have a WordPress security audit log plugin installed on your website so you can track any changes made to your website in real-time.
One of the best way to avoid hackers accessing your website through outdated plugin or theme files is simply to keep everything up-to-date! Many plugin updates become available specifically because an older version had a security flaw, to updating will help you avoid this altogether.
To help you pinpoint any backdoors or malicious code installed on your website without your permission, always install and activate a WordPress security plugin that will regularly scan your website. Plugins like iThemes Security will easily find the location of the backdoor and then you can remove it manually.
7. Check Your User Permissions
You must check the user permissions of all your WordPress users. Double check that only you and your team members have access to admin accounts and that the permissions of other users haven’t been tampered with.
If you find any suspicious new users, remove them immediately.
8. Change Passwords and Secret Keys
Be sure to change all the passwords related to your WordPress site. That includes the password to access your WP dashboard, cPanel, MySQL database, FTP and any others that could help someone access your website.
If a password generator is available, be sure to use it to ensure your password is strong, unique and not easy for a hacker to guess.
Then, change your secret keys and salts to reassure that your WordPress website is safe and secure. The iThemes security plugin makes this extremely easy!
We’re big fans of iThemes, but read CollectiveRay’s Wordfence vs Sucuri comparison if you’re deciding between those two plugins.
After taking these steps, the hack has been cleaned and your WordPress website is secure. But that doesn’t mean that they won’t try it again. WordPress security has to be a continuous effort because those with malicious intent will never stop trying to gain access to your site.
In addition to maintaining your own WordPress site, it’s time to take security into your own hands and learn what it takes to keep your site safe.
Want to give your feedback or join the conversation? Add your comments 🐦 on Twitter.