To make matters worse, WordPress sites are some of the most vulnerable on the internet. Since WordPress powers a whopping 75 million active websites (over ¼ of the internet), its one of the most lucrative platforms for hackers to target. Once they know the WordPress security flaws and exploits, they have a huge pool of websites to choose from. On top of that, WordPress sites are often easier to hack than other platforms. So many WordPress users have weak passwords, unsecured and outdated themes or plugins, and cheap, vulnerable hosting.
Thankfully, hacking doesn’t always have to spell failure for your website, business, and livelihood. In many cases, you can recover and fix the hacked site. Not sure how? Take a look at our handy guide.
Before you start
Before we take a look at how to get a hacked WordPress site back to safety, it’s important to note that prevention is always better than a cute. Even if you manage to get your site back, being hacked can ruin your reputation, expose your site’s users to malware and fraud, lead to Google penalties that ruin your SEO, and so much more. So, it’s important that you take steps to protect yourself from future hacks.
Some of our top tips include:
- Using a VPN when doing admin work. There are so many great VPN services out there that can hide your IP address, encrypt your traffic, and make it very, very difficult for hackers to gain access to your computer while you’re working on your site.
- Set up monitoring software on your website to block attacks before they get through and cause damage. Cloudflare and Sucuri are two of our favorites.
- Limit login attempts (we recommend 3 to 10 attempts maximum) with a plugin like Login LockDown to ensure hackers can’t run a password script on your site to break in.
How to recover your hacked site
Step 1: Figure out the details
Your first step is to try to identify how the hack is affecting your site. This will be a huge help when it comes to the next step. Go through your website and note down any relevant information about how it has been affected. Try to answer some of the following questions:
- Does Google flag your site as potentially dangerous when you try to access it?
- Can you still login to the dashboard?
- Is your website (or any of the links on it) redirecting elsewhere?
- Is there anything on your website (such as new links or pop-up ads) that you didn’t put there?
Step 2: Contact your web host
If you’ve signed up to a reputable hosting company with great customer service reviews, it is likely that they’ll be able to help you fix your website. Contact them via phone or live chat and let them know all the details you wrote down. In many cases, they can use this information to find the source of the hack and tell you how to fix your files. If you’re lucky, they may even be able to fix the website for you.
For many website owners, the process ends here. However, if your website host is no help, read on to find out how to DIY the process.
Step 3: Scan your site
If your host couldn’t provide you with a list of infected files, you’ll need to run a full scan on your site using a security scan software like WPScan, Sucuri, or WP SCANS.
First, update everything on your site to the latest version including the theme, plugins, and WordPress itself. Next, follow the instructions your scan plugin provides and ask it to run a full, deep scan of your entire website. This should provide you with a list of all the files that have been infected or compromised.
Step 4: Restore a backup or replace the files
Once you know which files are infected, its simply a matter of getting rid of them. The ideal way to do this is to restore a backup of your site. The best practice is to back up your WordPress website daily just in case a problem like this occurs.
However, if you don’t have a backup, you can replace the infected files yourself. Just pull up the clean copies of your theme, plugins, and core WordPress files, then upload the relevant ones to their respective folders on your hosting platform. Its generally easier to replace whole plugins or themes, but note that you may lose your settings and preferences if you do so.
Step 5: Be wary of the culprits
When looking at the list of infected files on your site, try to pinpoint which components were affected by the hack. If your theme or plugins let a hacker in once, they could do it again. That’s why you should double check all the infected site components to make sure they’re reputable and up-to-date. In some cases, it’s best to remove those vulnerable components entirely and look for alternative solutions.
If you follow the steps above, in many cases you can recover your site and restore it to full, secure functionality. Of course, if you’re finding the process difficult or you’re worried about breaking your site, you can always hire a professional to clean things up and ensure all traces of the hack are removed.
Whatever route you choose, when you have your site back online, remember to change all your passwords and follow our aforementioned prevention practices to avoid a repeat hack.
This is a guest article by Alex Mitchell.