How to Deal with a Hacked WordPress Website?

Millions of websites are built on the WordPress platform. While they’re open source and hence cost-effective, they’re extremely vulnerable to hacking. So when you realize that your WordPress website is hacked, you should know what to do and the measures you need to take. In this article, learn how to deal with a WordPress website that has been hacked. Along with that, find some helpful tips to implement to prevent

your website from getting hacked in the future.

Signs that Your WordPress Website is Hacked

There are a few signs that confirm your website is hacked. As and when you see these alerts, you need to act fast. Those signs are:

• You (and the users) aren’t able to log in
• There are some changes on your website and you don’t recall doing them
• Your website is being redirected to another website
• You get a warning message on the screen when trying to access the website
• When searching for the website on Google, you get a warning label stating that it might have been hacked
• There’s some notifications on your security plugin about the potential breach
• You get notifications from your hosting provider regarding the breach

In most cases, breaches occur due to the following reasons:

• Insecure password
• Out of date software
• Insecure code
• Themes and plugins made by non-reputed companies

What to do When Website is Hacked?

When you realize that your website has been hacked, here are the step you need to take at the earliest:

• Don’t lose your Mind

Most people get scared when they realize that their website is hacked. But there’s very little reason to panic. And when you panic, you end up making more mistakes. So it’s important to keep your cool.

• Change your Website Status to Maintenance Mode

The next step is to change put your website in maintenance mode. This will take down the website temporarily and avoid users to browse the compromised website.

You can plugins to enable the maintenance mode. A “Coming Soon” or similar status will replace the existing pages.

• Reset or Change Password

Next step is to change the existing password for your WordPress website. Since your website has been compromised, a hacker might have gotten hold of them. So to prevent them to logging in once again, reset or change your password. Prioritize admin accounts and accounts with root privilege. You should also reset your SFTP password and database password.

• Use a Malware Removal Service

For immediate action, you can use a malware removal service. Such service scans every component of your website and take necessary measures to safeguard your website. If it detects any malicious files, it will remove it too.

• Delete Unverified Plugins and Themes

Plugins and themes are one of the main sources of the breaches. If they get compromised, your website will get affected as well. So it makes sense to clean up plugins and themes that are not from verified publishers.

First, you should determine if you really need those plugins. If so, then consider updating them rather than deleting. Make sure everything is up to date.

• Remove Users

In most WordPress websites that are hacked, it’s often seen that there are new users added to the list of users who can access the website. These are profiles set up intentionally to gain access to the website. So you need to locate them and delete them.

From your admin panel, go to Users and click on “Administrator”. If you find users that shouldn’t exist, delete them.

• Clean Unwanted Files

Unwanted files means vulnerability to the entire WordPress system. So you should effectively get rid of them as well. A malware removal service will do this for you. Otherwise, you can use a security plugin like WordFence to clean the unwanted files.

• Clean Sitemap and Resubmit to Google

Search engines will label your website as hacked if there’s some problem with sitemap.xml file. Hackers often inject malicious code and foreign characters into it, which sends the alarm to search engine bots.

To fix this error, you need to clean your sitemap or create a new one. Then submit to the respective search engines so they crawl your website and verify there are no dangerous links or characters. The process can days a few days to weeks.

• Reinstall all Themes and Plugins

To go a step further, you can consider reinstalling your themes and plugins. So you need to delete the existing ones and install them again from the Plugin directory. You’d have to grab the user ID again if you’re using paid plugins. Reinstalling ensures there are no malicious code hidden underneath that goes undetected since everything is created from scratch.

• Reinstall WordPress Core

If everything mentioned above fails, it means that the hackers have done significant damage to your website. In such cases, you’d have to reinstall WordPress Core.

So download the WordPress software from the official website and upload it to your website via SFTP. This would override the existing files as well.

• Clean Your Database

At times, the WordPress database gets compromised as well. So you need to clean the database. Use a plugin to check the status and clean as per the plugin’s recommendation.

Those are some of the ways you can fix a hacked WordPress website. In case the issues don’t resolve, you may have to build your website from scratch on another server. If you’ve got backup copies, use them. For further assistance, contact the support team.