While it’s not something you ever wanted to deal with, a hacked WordPress site happens to nearly everyone, but the good news is the situation can be fixed.
You took precautions, or maybe you didn’t, and got hacked.
Now what do you do?
The first step is to not give in to panic. Easier said than done, we know.
Be patient and be ready to work through the process one step at a time. Before long, you’ll be back online and your visitors will never know anything happened.
Step 1. Temporarily Take Down Your Hacked WordPress Site
When you first realize your site’s been hacked, you don’t know for sure which files are infected or where the hack originated from. If the hack is due to a security flaw on your host’s server, uploading a backup won’t fix the problem.
It’s better to put up a “site undergoing maintenance page” versus visitors finding out your WordPress site has been hacked. Plus, you don’t want your visitors to also end up getting hacked while trying to view your site.
If you have a developer/programmer that you work with, contact them and have them take down the main site, replacing it with the “site undergoing maintenance page”.
If you don’t have a developer on your team, contact your host. Often, they have procedures in place for taking down a hacked WordPress site and putting up a maintenance page while they also figure out what the issue is. The service might be part of your hosting fee or it might cost you a little something.
If your host is not an option, and you are comfortable using FTP, we have compiled an html and php versions of a generic “site undergoing maintenance page”, that you can download and use while working your way through the rest of the steps.
Remember to first move, the entire website files away from public_html and/or the root folder of your website, before using the “site undergoing maintenance page”.
Download: Down for Maintenance.zip
Step 2. Restore From Your Latest Backup
Go through all your backup files to the point when your site was working correctly. However, remember that the issue may have been there before you noticed.
Scan the files with antivirus software to ensure there aren’t any malicious extra files. Here is a list of WordPress plugins you can use to scan your backup files for issues.
If you need any assistance taking down or restoring WordPress, contact your host for assistance as each host might have a slightly different process.
Add a new directory and install the latest version of WordPress. Sometimes, this is as simple as using your hosts’ automated install scripts. Almost every WordPress hosting service, offers a One Click WordPress install and in the process, you can select new directory for the installation.
Next, install a fresh copy of all plugins and themes, exactly as your old site. You’ll want to start fresh with these.
If you don’t have a recent backup, you can connect your new WordPress installation with your old one to retrieve data from your database. Contact your host for a step by step walkthrough on how to do this on their server. The most popular method is to open phpMyAdmin, export the data from your old database and import it back into the new one.
Change all passwords to ensure you’re not leaving any open access points for hackers.
Delete old accounts and the old WordPress installation once you’ve successfully migrated your data and all your content is accounted for.
Step 3. Check Plugins And Themes
Go through your list of plugins and themes. Are there any you don’t need any longer? Are there any plugin that have not been updated in more than a month or 2? If any were the cause of the hack, don’t reinstall them. Find an alternative. Install the latest versions of your theme and plugins.
Step 4. Find The Root Cause
Why did your site get hacked?
Was it a plugin, your theme, an outdated version of WordPress or something on your host’s end?
This is the point where you want to figure out what happened so you can prevent it in the future. And it’s a good time to understand what else could happen to your site in the future.
Running a full virus scan, as we mentioned earlier, on your site’s files should help you discover if any files are infected. Go through all security permissions to see if any files or directories weren’t properly locked down. Here is the official WordPress guideline for file permissions.
Contact your host for further insight. The last thing you want is to restore from a backup only to still have the same vulnerability.
Going Forward: Hire A Professional Developer or A Good Hosting Provider
The easiest way to fix your hacked WordPress site is to expect it to happen and having people on your team that can resolve the issue. This is especially true if you don’t have a recent backup or aren’t sure where the hack originated from. It’s the best way to clean up your site and get back online as quickly as possible.
No website, including WordPress sites, is 100% secure. All you can do is use security software and plugins, use strong passwords, maintain regular backups and always keep your site updated. If, or to be more realistic, when the worst does happen, rest assured that you can recover.