How recover a hacked wordpress website

Tanvir Hasan
September 24, 2022

Did you know that around 30,000 websites are hacked every day? In this tutorial we will guide how to recover a hacked wordpress website. One of the biggest fears that WordPress administrators usually have is entering our website and being hacked. This can do us a lot of damage since a major attack could even eliminate the database, thus losing years and years of work. Luckily, this does not usually happen since pirates want our website for other purposes ranging from the theft of personal data, through the sending of emails in a massive way, even the, of course, plant a "flag" so that it is known who has been able to hack the site.

As if that were not enough, the sites developed with WordPress are one of the targets of this type of cybercriminals. The CMS development team prevents this with all its might day after day by launching security updates, but taking into account that a quarter of the Internet websites are implemented with this CMS and that many of them are not updated, we can say that hackers prefer WordPress to other platforms to equip their attacks. Not to mention those administrators who have weak passwords, plugins or outdated themes . Hence our insistence on keeping both WordPress and all its plugins updated.

But it's not all bad news. In most cases it is possible to recover the hacked WordPress and make our website work as it worked before. In this article we explain how to recover a hacked WordPress.

Step 1. What's going on?

The first of all is knowing how hacking has affected our site. This will be super important when we move on to the next step. So, go to your website and write down any relevant information on how it has been affected. Try to answer some of the following questions:

  • Does Google mark your website as potentially dangerous when trying to access it?
  • Can you go backoffice?
  • Is your website ( or any link inside ) redirecting to a third party website?
  • Is there something on your website ( like new links or pop-up ads ) that you haven't put there?

Step 2. Contact your hosting provider

Once you have identified what happens on your website, the next step is to contact your accommodation provider. If the company has a quality support area, it is very likely that they will help you with the problem. Be careful, let them know all the details you wrote down in the previous step so that they can identify where the hack source may be and indicate which files to modify to solve it.. If you're lucky, even they may fix it for you.

If the support area, unfortunately, has not been able to even find a solution to the hacking of your website developed with WordPress, you will have to continue with the next step.

Step 3. Scan your website

If your hosting provider has not provided you with the list of infected files, you must run a complete analysis on your website using a security analysis software like WPScan, Sucuri or WP SCANS.

First of all, update WordPress to the latest version, including themes ( delete the ones you don't use ), the plugins ( remove the ones you don't use ) and the CMS kernel itself. Then follow the instructions in the scanning plugin you have chosen and instruct him to do a full scan of the entire site. This should provide you with a list of all files that have been infected or compromised.

Step 4. Restore a backup or replace files

Once you know which files are infected, it is simply a matter of getting rid of them. The ideal way to do this is to restore a web backup. That is why we always recommend that, if possible, you hire a backup service at your hosting, and then be able to get hold of problems like this.

However, if you don't have a backup, you can replace the infected files yourself. Get clean copies of the theme you are using, plugins and main WordPress files, and replace them with infected files of your FTP. Let's see, it's easier to replace plugins or whole themes, but keep in mind that you can lose their settings if you do.

Step 5. Beware of the guilty

When you see the list of infected files on your site, try to identify which components were affected by the attack. If your theme or plugin allows hacking to enter, they could do it again. That is why you must thoroughly review all the components of your WordPress to verify that they are accredited and updated. In certain cases, it is best to completely eliminate vulnerable components.

Related Articles
    Your Cart
    Your cart is emptyHome
    linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram