One of the biggest concerns for WordPress users is having their site hacked. Out of 11,000+ hacked websites that were analyzed by Sucuri in 2016, a whopping 75% were WordPress sites. A hacked website can affect your business and your ranking on Google. Taking precautions by downloading security plugins and using complex passwords can only get you so far. If the DNC and NSA can be hacked, then your website can be hacked. Knowing what to do if your site gets hacked can help you act quickly to minimize damage and protect the reputation of your site.
First you will need to confirm that your website has been compromised. Some tell-tale signs of a hacked site include: pop ups, redirects to another site, plugins containing obfuscated code, or warnings telling visitors that your site contains malware. If you notice these things happening, there are a number of free scanners that you can use to confirm your suspicions, including
It’s a good idea to use more than one scanner in case one scanner misses something that another may pick up on.
Now that you know your site has been hacked, cleaning it up may seem like a daunting task. It can be hard to figure out where to start and what steps need to be taken. By providing some simple instructions, I hope to guide website owners and help them get their WordPress site running smoothly again. If you aren’t comfortable with fixing your site yourself, contact a professional.
Your first step should be to change all your passwords and SALTS so that the hacker can’t get back in to your site. By changing your SALTS, all users who are logged in will be automatically logged off. The easiest way to do this is to use a plugin, such as iThemes Security. If you can’t get into your WordPress site, use an admin tool like phpMyAdmin to change your password. Before attempting to remove the hack, it is crucial that you have a backup of your site.
Now we’re ready to move on to the next step: finding and cleaning infected files. Online security scanners can identify these compromised files for you. You should take a look at your index.php, header.php, footer.php, and function.php files since these are often compromised. Also take a look at uploads directory, wp-config.php, wp-includes directory, and .htaccess file. Replace the compromised files with clean ones from a backup. If you can’t fix infected files individually, you can replace them by installing the WordPress core files. You should reinstall WordPress as well as all of your plugins and themes. Look out for any inactive plugins and themes as this is where most hackers hide their backdoor so they can get back into your site. Also, make sure to delete any admin users that you don’t recognize.
If your database tables are infected, make sure you have a backup of these as well. Then look for and remove any suspicious content such as links and spammy keywords. Common malicious php files that you should search for include eval, base64_decode, gzinflate, preg_replace, and str_replace. However, these files are sometimes used by plugins so be careful before making any changes.
After cleaning up the hack, you should change your passwords again and create a backup of your clean site. Then, run a few security scans again to make sure you haven’t missed anything. Now that you’ve restored your website, it’s important to make sure it isn’t still listed on the blacklists. Having a blacklisted site can impact your business by shying visitors away and reducing traffic. According to Sucuri, websites lose around 95% of their traffic when blacklisted by Google. You can head over to Google Webmasters to request a review of your site so it can be removed from blacklists.
Congratulations, you’ve successfully restored your hacked WordPress site! Now that you’ve done all this hard work, it’s important to make sure this doesn’t happen again. Remember to keep your plugins up to date and install a firewall. These are highly recommended:
Being hacked can be a pain, but it isn’t the end of the world. By knowing what to do in the event of a hack, you’ll be able to fix your site quickly and calmly. Having a website free of issues will give visitors a better experience that will leave a lasting positive impression. As a website owner, a hack is the last thing that you want to deal with. By following these steps your website will be as good as new in no time!
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.