Home
How to perfectly fix a hacked WordPress website?

How to perfectly fix a hacked WordPress website?

Last updated on December 26, 2024 Tips and Tricks, WordPress No Comments

How to perfectly fix a hacked WordPress website?

Every website faces risks from online threats like hacking, and mishandling such incidents can lead to severe consequences. Over 90,000 attacks per minute target WordPress websites. For example, a hacked business website may lead to unauthorized access to internal systems, resulting in financial loss, compromised client data, and a damaged reputation.

In WordPress, hacked sites often show specific signs. Recognizing these can help you quickly mitigate the threats and restore your website before more damage is done.

Signs Your WordPress Website is Hacked

1. Unable to Log Into the WordPress Dashboard

Your site could be hacked if you can’t log into your WordPress dashboard even though you’re entering the correct username and password.

This often happens when a hacker gains control of admin accounts and changes the credentials, preventing the website owner from accessing the dashboard and blocking unauthorized access.

2. Unknown Redirection

If your website suddenly redirects visitors to an unfamiliar page, it’s a sign that it may have been hacked. Hackers often do this to lead people to phishing or malware-filled sites for further attacks.

They might also redirect traffic to spammy websites for profit or harm your search engine ranking. This method is also commonly used for online vandalism and defacing websites.

3. Unexpected Content Changes

If you see changes to your website’s content, it’s a strong sign that it might have been hacked. Hackers may add harmful links to trick visitors.

These changes can be harder to notice than sudden redirects. Hackers sometimes replace the entire page to vandalize or send a message.

4. Sudden Traffic Drop

If your WordPress site is hacked, you might see a drop in traffic because of unknown redirects. Changes to your content can also hurt your SEO, causing fewer visitors.

Additionally, if hackers add malware or use your site for harmful activities, Google may remove it from search results, leading to a big drop in organic traffic.

5. Unknown Admin Accounts

After breaking into your WordPress site, hackers can create new admin accounts. These accounts allow them to control and change your website from within.

To catch any suspicious users, regularly check all accounts and their permissions through the admin dashboard.

6. Warnings on Google and Browsers

If your website gets hacked, Google will show a “This site may be hacked” warning in search results.

In addition, Google Chrome may display a “Deceptive site ahead” message if your website’s security is at risk. If you see this warning, check your site’s status using the Google Safe Browsing tool.

How to Fix a Hacked WordPress Website

1. Keep WordPress in Maintenance Mode

If you can still access your admin dashboard, turn on maintenance mode immediately. This will stop visitors from accessing your hacked WordPress site and keep them safe from any harm.

You can enable maintenance mode by editing the functions.php and .htaccess files and using the plugin.

2. Reset Your WordPress Password

If hackers have accessed your website, your login details are no longer safe. To protect your site, reset the passwords for your WordPress admin, database, and hosting accounts.

If you can still log in, you can change the password on the WordPress dashboard.

  • Navigate to Users > All Users.
  • Click on your username.
  • Scroll down the page and click on the Set New Password button.
  • Then, add a new password and click on Update Profile.

You can also change the password from the login page. Click on “Lost Your Password.” If not, recover your account using the “Lost Your Password” form. To do this, go to your browser and type in www.domainname.com/wp-login.php?action=lostpassword (replace “domainname.com” with your actual domain name).

3. Deactivate Plugins and Themes

Plugins and themes can have security weaknesses, so removing them can help secure your WordPress site.

Start by disabling all plugins and themes. Then, reactivate them individually to find out which ones are compromised. Once you identify the faulty ones, delete them to protect your website from malware.

To disable plugins,

  • Go to your wp-admin dashboard.
  • Then, navigate to Plugins > Installed Plugins.
  • Under each plugin’s name, click the Deactivate option.

To disable them all simultaneously, check the box next to the plugins and choose Deactivate from the drop-down menu. To delete them, click Delete on the deactivated plugins.

For themes,

  • Go to Appearance > Themes.
  • Hover over the theme name.
  • Click Theme Details, and then select Delete.

Since you can’t deactivate all themes simultaneously, you must check them individually.

4. Change Your Security Keys and Password

WordPress security keys, also known as SALT keys, keep your password stored securely so you don’t have to enter it every time. This is convenient, but if a hacker gets your security key, they could figure out your password, even if you’ve just changed it.

Changing your security keys regularly is good, especially after your site has been hacked. To do this, you’ll need to edit the wp-config.php file. You can access this file through your cPanel or FTP.

Buy WordPress Hosting

5. Reinstall WordPress

If a hacker has altered or infected your WordPress core files with malware, reinstalling WordPress is the best way to restore your website and reset all settings.

There are several ways to reinstall it. To access the admin dashboard, go to the sidebar, click on Updates, and select Reinstall. Just be sure to back up your website content before you do this!

6. Remove New WordPress Users With Admin Privileges

Hackers may create a new admin account on your website to change settings from within. Removing or changing the permissions of any unknown users can help reduce the threat.

To see all users and their permissions, go to the admin dashboard and click on Users > All Users. Hover over any accounts with Administrator privileges and click Delete to remove them.

You can also click Edit to change a user’s role. In the Role section, select a different option to remove their admin privileges.

If you find multiple suspicious accounts, you can delete them in bulk. Check the boxes beside their names and choose Delete from the Bulk Actions menu. You can also change their roles simultaneously by selecting a new role in the Change role to… option.

Please check with other website administrators before deleting user accounts, as this action cannot be undone.

7. Disable PHP execution

Hackers may add harmful files to your WordPress site to create backdoors. To stop these files from running, you can disable PHP execution. Here’s how:

  • Log in to your cPanel account.
  • Navigate to Files > File Manager.
  • Locate the .htaccess file.
  • Right-click the .htaccess file and click Edit.
  • Add the below code before # End WordPress:
    <Files *.php> deny from all </Files>
  • Click Save Changes.

8. Clean your WordPress Database

Hackers can access your site through SQL injections. To protect your site, delete any suspicious or unnecessary database records.

While you can manually clean and optimize the database, it’s time-consuming and risky. Deleting the wrong record could break your website.

You can use WordPress plugins like WP-Optimize to clean your database safely and automatically. After installing and activating it, follow these steps:

  • Go to your WordPress dashboard > WP-Optimize > Database.
  • Choose the optimization options by checking or unchecking the boxes.
  • Click “Run all selected optimizations” to begin the cleaning process.

9. Clean Your WordPress Sitemap

A sitemap contains essential details about your website’s content and structure, helping search engines find and index your site.

Hackers may target your sitemap to find weak spots. If it gets compromised, search engines won’t be able to index your site, which can lead to traffic loss.

If your site has been hacked, create a new sitemap to help it recover its ranking. An SEO plugin like Yoast makes this easy.

Once the new sitemap is ready, submit it to Google Search Console so Google can recrawl your site. It might take up to two weeks for your site to reappear in search results.

10. Consider a better web hosting

Reach out to your web hosting provider to verify whether the security breach is limited to your website or if it impacts other sites as well. Additionally, request assistance from your host to remove any security threats. At the very least, they should help restore your access to the WordPress admin panel and provide server logs showing the IP addresses that have accessed your site.

How to Prevent Your Website from Being Hacked

  • Always Keep Everything Updated

    Outdated WordPress files, themes, and plugins are prone to vulnerabilities that hackers can exploit. Updating them ensures you have the latest security patches to reduce potential risks.

    WordPress notifies you with a banner when a new version is available—click it to start the update. Similarly, update plugins and themes from their respective menus in the admin dashboard.

  • Use Secure Credentials

    Using standard login credentials is risky, as they are easy to guess. Avoid default usernames like “admin” and create a unique username instead.

    For a strong password, use a mix of symbols, numbers, and uppercase letters to make it harder to crack. We recommend using at least eight characters, as shorter passwords are easier to break.

  • Use a Security Plugin

    Security plugins are essential for protecting your website from hackers. For instance, WordFence enables two-factor authentication on your WordPress site, adding an extra layer of defense in case login credentials are compromised.

    Other popular plugins, such as Advanced WordPress reCAPTCHA and WPS Limit Login, help verify logins and prevent brute-force attacks by limiting login attempts.

    You can also set up a WordPress backup plugin to create restore points and prevent data loss. Before installing any plugin, always check its reputation and reviews. Poorly maintained plugins can expose your site to threats instead of securing it.

  • Avoid Nulled Plugins and Themes

    Nulled plugins and themes are pirated versions of premium products, and using them can lead to legal issues and serious security risks.

    These pirated versions often have modified code to bypass payment, including hidden malware or malicious scripts, leaving your site vulnerable to attacks.

    Always use official, complimentary, or premium plugins and themes from the WordPress repository or trusted third-party sources for security and legal protection.

Conclusion

Recovering a hacked WordPress website requires swift and thorough action. You can regain control and prevent future attacks by identifying the source of the breach, removing malicious files, restoring backups, and strengthening security measures like using updated plugins and themes. Implementing long-term security practices, such as using strong credentials, installing security plugins, and regularly monitoring your site, will ensure your WordPress website remains protected and secure moving forward.

(Visited 2,480 times, 1 visits today)

About The Author

Jason-Pat

Founder & CTO at AccuWebHosting.com. He shares his web hosting insights at AccuWebHosting blog. He mostly writes on the latest web hosting trends, WordPress, storage technologies, Windows and Linux hosting platforms.

Leave a Reply

AlphaOmega Captcha Classica  –  Enter Security Code
captcha      
 

This site uses Akismet to reduce spam. Learn how your comment data is processed.