What To Do, When Your WordPress Site Got Hacked

Your WordPress site got hacked? No worries! Here are the most effective measures you can immediately take to regain full control over your site.

Patrick Mitter /

16.09.2024


Every year more than 800,000 people are falling victim to cyber attacks. No wonder, since there are over 2,200 hacking attacks happening every single day.

As cybercrime has been increasing over the last couple of years, there is a high chance to actually get hacked. 

Have you suffered a super disaster and suspect that your WordPress website has been attacked by hackers? In case the worst case scenario actually happened to you, we got you covered. Keep calm and keep on reading, because we gathered all the information you need to recover your site and get back full control over your WordPress installation.

First Things First: How Do You Realize That Your Website Has Been Hacked?

First of all, how do you even recognize that your WordPress website has been hacked? Well, there are several signs that something is wrong and here are the most common ones: 

  • Your website’s homepage may have been replaced with unknown messages or images (also known as โ€˜defaceโ€™).
  • Your website suddenly redirects to unknown or suspicious sites.
  • Google and other search engines may display warnings such as โ€˜This website may have been hackedโ€™. 
  • Your traffic numbers jump up or drop drastically for no apparent reason.
  • New admin user accounts appear that you didn’t create.
  • Settings of your website change without your intervention, e.g. in the WordPress settings or in your theme.
  • Your server is heavily utilized or your website is suddenly very slow.
  • Plugins or your hosting provider send you notifications about potential security issues.

If one or more of these signs occur, you should act immediately. And weโ€™ll tell you what exactly to do and how to fix a hacked WordPress website.

How To Fix a Hacked WordPress Site Step by Step

Help, my WordPress website is hacked, what should I do? Take a deep breath and keep calm. The most important first step is to remain calm. Because hasty action can increase the damage. In general, these are the steps we recommend taking:

StepDescription 
Take website offline Immediate measures to prevent further damage
Change passwords Change ALL passwords (admin, FTP, database,…) immediately
Check code for malwareScan server logs and website files for suspicious activity
Contact hosting provider Clarify the incident with the hosting provider and take security measures
Install security pluginsPerform malware scans with plugins such as Wordfence or Sucuri
Create a new sitemapCreate a clean sitemap and submit it to the Google Search Console

To ensure that no one can access your hacked website again, you should take the site offline or put it into maintenance mode. This will prevent further damage and unwanted access. Now you should change all passwords immediately. And by all we really mean all: 

  • Admin account in WordPress
  • FTP and database access
  • Email accounts
  • โ€ฆ

If your WordPress version or plugins are not up to date, they may be the entry points for the hack. Therefore, you should afterwards update both WordPress and all installed plugins and themes. Outdated software is often a security risk so always make sure you have the latest version installed.

Checking Code and Hosting Provider

Now as the next step you should take a look at the server logs (access logs, error logs) of your hosting provider. There you may find evidence of suspicious activity or IP addresses that have caused unauthorized access. We recommend you search the code of your website, especially in the following 3 files:

  1. wp-config.php
  2. .htaccess
  3. index.php (look for unknown or malicious code that does not belong there) 

If you have a recent and clean backup of your website, you can restore the website from this backup. This is the safest way to remove all malicious code and secure the state of your website. So import the last secure backup of your data backup (either by replacing the files via SFTP or with a backup plugin tool). 

To be on the safe side, reduce the number of administrators to a minimum. Also replace the secret keys in wp-config.php so that WordPress creates new authentication cookies. Now take a look at the settings in your .htaccess and wp-config.php. Check whether the access rights to folders and files are set correctly. Install a web application firewall (WAF) and additional security tools. 

After restoring from a clean backup, you could contact your hosting provider to find out if the hack only affects your website or possibly multiple websites on the server. And if you feel like your hosting provider does not have sufficient security measures in place, you should consider switching to a more secure provider.

Creating a Backup and Saving Data

But what if you didnโ€™t create a complete backup lately? No need to worry, weโ€™ve got your back. To protect your site from further data loss, do this: 

Backup via your hosting account

Many hosting providers offer automatic backup options. These are often integrated into the server management tools (such as cPanel or Plesk) and allow you to create a copy of your entire website with just a few clicks. Check your hosting provider’s settings to see if regular backups are set up and perform an up-to-date backup manually if necessary.

Use FTP access

If your hosting provider does not offer automated backups or you want to have more control over the backup process, you can use FTP access to manually download all website files. Tools like FileZilla or Cyberduck allow you to connect directly to your server and copy all relevant files (especially the wp-content folder) to your local computer.

Search for Malware

After you have changed all passwords and created initial backups, the next important step is to thoroughly check the website for malware. Hackers can inject malware into the source code of your website, often hidden in insecure themes, plugins or even in the database. In order to fix your hacked WordPress site you need to scan it for malware. 

First, remove all plugins and themes that you are not actively using. Even deactivated plugins can pose a risk if they are not updated regularly. Now itโ€™s time for a malware scanner to remove all malware from your WordPress website. You essentially need security plugins for that. Some of our favorites are Wordfence, MalCare or Sucuri

In addition to the automated check by plugins, it can be helpful to search certain files manually. Hackers often insert malicious code into critical files such as wp-config.php, .htaccess, or index.php. Search for suspicious sections or pieces of code that you did not add yourself. However, this requires technical knowledge and should be done with caution. You might want to consult an expert for this. 

Clean Your Sitemap

Besides the WordPress malware removal you also need to take care of the sitemap, when your WordPress site got hacked. Because a hacked website can lead to serious problems with your sitemap, which is crucial for SEO. Hackers can insert malicious or irrelevant links into your sitemap, which are then submitted to search engines. 

Not only can this manipulative practice negatively impact your search engine ranking, but it can also lead to your site being de-indexed if Google or other search engines determine that your site has been compromised. It is therefore important to clean up and recreate the sitemap after a hack. 

It doesn’t matter if you manually create a new sitemap or if you use a SEO plugin. After you have created a new sitemap, you obviously need to submit it to the Google Search Console, just as you need when you formally launched your site. In this way, you inform Google that your website has been cleaned up and that the new sitemap should be used.

Additional Security Measures

If you are looking for further information on how to clean your hacked WordPress site, here are some additional security measures you can generally take: 

  • Make sure that your website is secured by an SSL certificate. This ensures encrypted data transmission and increases the trust of your users.
  • Use strong, complex passwords for all access and update them regularly.
  • Protect your WordPress admin panel by enabling the 2-factor authentication
  • Check whether unknown admin accounts have been created and remove them. Reduce the number of users with administrator rights.
YouTube

Mit dem Laden des Videos akzeptieren Sie die Datenschutzerklรคrung von YouTube.
Mehr erfahren

Video laden

How To Prevent Your WordPress Website from Getting Hacked

โ€œMy WordPress site has been hacked, what should I do now and how can I fix it?โ€ – To ensure your WordPress site doesn’t fall victim to another hack and you donโ€™t need to ask this question again, it’s important to take proactive security measures. 

  1. Use security plugins

Right from the start, use security plugins that have been specially developed to protect your website. Features such as firewalls, malware scans and login protection help to monitor suspicious activity and block potential threats in real time.

  1. Perform regular backups

Regular backups are one of the best insurances against data loss. Make sure you schedule automated backups that include both your files and the database. This way, in the event of a hack, you will be able to quickly return to a clean version of your website. 

Luckily, in Greyd.Hub you can easily create backups with just one click. Greyd.Hub simplifies backup creation by allowing you as a user to back up content, design settings, plugins, databases, or even entire websites with one click. All backups are accessible from a central dashboard, making it easy to manage and restore them when neededโ€‹. 

  1. Check access rights

From time to time you should check the user accounts that have access to your WordPress website. It is not uncommon for accounts of former employees or agencies that are no longer active to remain. Remove any accounts that are no longer needed and limit user rights to the minimum required for their tasks. Avoid assigning administrator rights unnecessarily.

With the user management feature of Greyd you have way more possibilities concerning user roles than with the standard WordPress option. With Greyd you can customize user roles and precisely control who has access to specific sections of your website. Determining who can view or edit content. Additionally, you gain access to efficient admin tools that streamline management tasks, saving you time and effort.

  1. Carry out regular updates

Always keep WordPress, plugins and themes up to date. Developers regularly release security updates that close known vulnerabilities.

  1. Remove unnecessary plugins and themes

Every additional plugin or theme can be a potential security vulnerability. Check your installed plugins and themes regularly and remove anything you are not actively using. Before installing new plugins, make sure you download them from trusted sources and check their ratings and update history.For even more security you can use an all-in-one-solution like Greyd, instead of installing dozens of plugins. Because every plugin holds a certain risk when it comes to cyber attacks. A risk you can avoid with a comprehensive platform like Greyd.Suite.


By Patrick Mitter

Patrick loves good texts. Preferably about topics concerning online marketing and WordPress. Having built websites by using well-known page builders on his own and being very experienced in the SEO industry, he is very familiar with any kind of problems regarding those plugins. This is the reason why he adopted Greyd’s mission to simplify work for web designers as well as agencies.

Recent in Learn

A pen rests on top of a stylized table grid with the HTML tag prominently displayed in bold white text, symbolizing the structure of tabular data in web development.

Use Case Tutorial: When to use a table instead of a div

Read more

greyd sustainable websites blog

10 Tips for Sustainable Websites

Read more

Scaling Content Operations (with WordPress)

Read more

an old pc showing a futuristic wordpress logo

Let’s talk about the Future of WordPress

Read more

Using WordPress for a Digital Experience Platform

Read more