Finding out that your WordPress website has been hacked is stressful. It can potentially affect everything from your site’s reputation to the traffic it receives – and more. Worse yet, if you’re running an online store or a membership site, you could risk compromising your users’ sensitive data.
Fortunately, there are a few steps you can follow to minimize the impact of the malicious hacking attempt and clean up your website.
With this in mind, in this post, we’ll take a look at some things you can do to recover your WordPress site after it’s been hacked. We’ll also cover some preemptive steps that you can take to make sure your site doesn’t get hacked again.
Let’s put everything into context before we begin.
How Did My Site Get Hacked?
Even if you’ve implemented just about every security measure there is on your WordPress site, there’s still a chance (albeit a small one) that it can get hacked. This, of course, is much worse if you have a standard WordPress installation with little to no security strategies implemented on it.
Hackers can gain access to your site in one of two ways – manually or by using a bot. Let’s take a look at some of the most common types of WordPress hacking attempts:
- Brute force attacks. This is when hackers try to break into the WordPress admin by guessing your username and password combination. Website owners who use the default admin username have a higher probability of getting hacked since the hacker only needs to determine their password.
- Software vulnerabilities. Hackers look for vulnerabilities in the core WordPress software and any themes and plugins that the site uses. This allows them to inject scripts to gain entry into your website.
- Backdoor exploits. Backdoor exploits happen when a file is cleverly placed among the core files of your WordPress website. The file runs a script that allows the hacker to break into your site repeatedly without being exposed.
- Insecure server. One way to gain access to a website is to attack the server it’s hosted on. This usually involves finding security vulnerabilities in your site’s server. It’s always a good idea to opt for reputable hosting providers.
- Improper file permissions. Setting file permissions allows you to control who has access to edit your WordPress website’s core files. If any of the files have low-level permissions, then hackers can inject scripts into them that allow them to hack your site using a backdoor exploit.
Now that you have a better understanding of how your site can be compromised, let’s take a look at some steps you can follow to recover it after it’s been hacked.
How Do I Recover My WordPress Website After It’s Been Hacked?
The first step to recovering your WordPress website is to determine how it was hacked in the first place. Understanding how the hacker was able to infiltrate your website put you in a better position to fix the exact problem area.
Step #1: Create a Backup of Your Entire Site
The first thing you need to do is create a full backup of your website. Though it may seem unnecessary to do so, it allows you to store a backup of your site’s files and database right after it was hacked, which may reveal important information about the hack.
It’s also entirely possible that your hosting provider might temporarily shut your site down or delete seemingly infected files – especially if your site shares server space with others. In addition to this, you might need any custom design templates and media files that you have on your site when you decide to rebuild it.
We recommend using the UpdraftPlus plugin to manually backup whatever is left of your site. Alternatively, you can sign up for an automated WordPress backup solution that’ll regularly create backups for you. Regardless of which option you choose to go with, remember to mark the backed up files clearly so you remember later on that it was a backup of the hacked site.
Step #2: Scan Your WordPress Website for Hacked Files
Once you have a full backup of your WordPress site, you can move on to scanning it to find infected files. This allows you to make informed guesses about how your site was hacked in the first place. Before you begin the actual malware scan, be sure to delete any inactive themes and plugins that you have installed on your site.
The good news is that there are a number of tools and plugins that you can use to scan your website. Sucuri’s SiteCheck is a free, powerful online tool that allows you to check your site for malware, errors, out-of-date software, and blacklisting status.
After the plugin or tool is done scanning, it should display a list of infected files and give you some information about how you can go about fixing the issues. If you’re still not sure about how to scan your website for malware, then be sure to check out our simple guide on how to get started.
Step #3: Get Your Site and IP Address Whitelisted
Even after you scan your website and clean up the infected files, you might find that your site (or its IP address) has been blacklisted. In simple English, this means that someone has marked your website as spam. To get whitelisted once again, you will first have to identify who blacklisted you and then apply to be whitelisted again. Additionally, it’s important to make sure that your site doesn’t have any infected files on it because if your application is rejected, you could potentially be blacklisted indefinitely.
We recommend using the Spamhaus tool to find out which sites blacklisted you. All you have to do is enter your site’s IP address or domain name and the tool will run a scan for you.
If your site is blacklisted, it will display links to sites that have blacklisted you.
Once you know which sites have blacklisted you, open up their links one at a time and follow the instructions provided to apply for whitelisting your site’s IP address.
Step #4: Change Your WordPress Security Keys
WordPress security keys help site owners encrypt sensitive information inside cookies. By changing your site’s security keys, you can rest assured that any active cookies will be canceled and the hackers won’t be able to access your site again. This is especially useful if your site was subject to a backdoor exploit.
To get started, use the WordPress Secret Key Generator to generate a fresh set of keys. It should look something like this:
Next, open up your site’s wp-config.php file in a text editor and replace the old set of keys with the new set.
Step #5: Reset All of Your Passwords
Now that you’re absolutely certain that the hackers have been forced to log out of your site (since you replaced the security keys in the previous step), you can reset all of your passwords. This includes resetting them on the following platforms:
- Your WordPress website.
- Your WordPress website’s database.
- Hosting account’s cPanel.
- Email accounts associated with your domain.
In addition to this, if you’re using WordPress multisite or have a number of users logging into your main site, you’ll need to make sure everyone changes their passwords.
How Can I Make Sure My Site Doesn’t Get Hacked Again?
At this point, you’re probably wondering what you can do to make sure your site doesn’t get hacked again. Thankfully, WordPress makes it easy for users to implement all kinds of strategies to prevent their site from malicious hacking attempts. Here’s a quick list of security measures you should cross off your list:
- Secure your WordPress site with HTTPS.
- Limit login attempts on your site’s login page.
- Make sure your WordPress username isn’t admin.
- Setup a firewall and monitoring system using Sucuri.
- Update file permissions of your site’s core files.
- Disable theme and plugin editors.
- Delete themes and plugins that aren’t being used.
Most importantly, remember to create regular backups of your WordPress website and keep the core software, themes, and plugins up to date.
Even the most (seemingly) secure WordPress websites get hacked every now and then. The best way to prevent malicious hacking attempts is to implement as many security measures as you can and be prepared if your site does end up getting hacked.
Let’s go through the five steps you need to take to clean up your hacked WordPress website:
- Create a full backup of your WordPress site using the UpdraftPlus plugin.
- Scan your website for malware using a tool like Sucuri’s SiteCheck.
- If your site is blacklisted, use Spamhaus to get your site and IP address whitelisted.
- Change your WordPress security keys to make sure the hackers are automatically logged out of your site.
- Finally, reset all of the passwords that are associated with your website.
Has your WordPress website been hacked? Were you able to recover your website? Let us know in the comments section below!