If you are running a website then you must aware of the fact that your website could get hacked any time. As we all know that Hackers are always looking for the least secure websites, So it’s better to keep your security level high to avoid such pathetic experiences.
However, there are still some unlucky people suffering such kind of attacks. Here in this article, we will share a step by step guide to fixing your hacked WordPress site (also, you can check the best WordPress Pricing table plugin).
Things You Should Know
It’s not really any matter which platform you are using, like WordPress or Drupal – any site can be hacked.
When your WordPress site is hacked, you may lose your rankings on search engine, the possibility to turn your reputation low due to redirects to porn sites and the worst part to lose your entire site data (also, check our WordPress Countdown plugin).
So let’s take a look at the step by step guide on how to fix your hacked WordPress site.
Step 1.
First, you have to identify the hacking type. Below are the checklists that you can go through –
- Is your WordPress website redirecting to another page or website?
- Does your WordPress website contain illegitimate links?
- Is Google(or other browser) marking your website as insecure?
Another point, its crucial that you change your passwords before you start the cleanup. Also, you will need to change your passwords when you’re done cleaning the hack.
Step 2.
To check or contact the Hosting company. Sometimes they are very helpful to tackle such situations. They have professionals who deal with these on a daily basis and they can guide you with the best way.
Also, Your hosting company may be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc.
Step 3.
If you have done backups of your all site data before its getting hacked, then it will be the best way to restore all the WordPress site data into its earlier form (check the best WordPress booking calendar plugin integrated with PayPal).
However, if you run a blog with daily content, then there will be a risk of losing your posts and new comments.
If you don’t have the backup and you don’t want to lose the contents, then you can manually remove the hack.
Step 4.
To detect the malware and remove it. You can also delete any inactive WordPress themes and plugins. Often hackers are using these to hide their backdoor.
Once you have done this, go and scan the WordPress again (also, check our WordPress Membership Plugins list).
You can also install free plugins like Theme Authenticity Checker (TAC), Sucuri WordPress Auditing, etc.
Make sure that your WordPress website theme and plugin folders match the original ones. Usually, hackers add additional files and folders that look like other plugins file names and are easy to ignore.
Step 5.
Change your secret keys. Hackers always take advantage of the admin user names and passwords that are easy to guess. The first thing to be considered is that you should replace the default username “Admin” to a customizable one and then give it a password.
We recommend you to use a strong password. If you have registered users on your website, then you should ask them to reset passwords or you can reset and send then new passwords (also, check this useful post – WordPress robots.txt).
If you have a lot of users on your site, then you may want to force a password reset for all of them.
Step 6.
Run the latest version of WordPress. The developers of WordPress keep updating the version of this great site-building platform so as to enable more advanced features for you. Besides, the security level has been improved as well.
Most importantly, always keep your WordPress themes, plugins, core up-to-date (also, check this useful tutorial – How to Install a WordPress Theme?).
We hope that this article will help you to fix your hacked WordPress site. If you still having issues, we recommend to go for professional help.
You can share your views about the article below in the comment box, we would love to read it.