Having your WordPress site hacked can be very stressful, we have helped hundreds of website owners after their site had been hacked to recover everything and figure out how the intrusion occurred to stop it from happening again. We have compiled this step by step guide on what to do in this situation.
When your WordPress site is hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn or other bad neighbourhood websites, and worst lose your entire site data.
This is why it is crucial to use a good web host as well as have security plugins installed on your site to protect any unauthorised access.
Step 1: Locate the hack
- Are you able to log in to your WordPress Admin Panel (yourwebsite.com/wp-admin)?
- Is your website redirecting you to some other website?
- Does your WordPress website contain any illegal links?
- Has Google already marked your website as insecure?
Step 2: Check with your hosting company.
They are very well experienced in these issues and it might be the case that several sites are affected if you are on shared hosting in which case they should be able to restore the site for you.
Step 3: Hire a professional
If you are not comfortable checking the code or you need the site to be cleaned up quickly then hiring a professional would help, we offer this service just ping us an email at contact@wplifesaver.co.uk, there are also a few companies who we would recommend to help.
Step 4: Restore from backup
Hopefully, your web host was set up to keep daily or weekly backups of your site or you have a plugin activated which will take backups, simply choose a date prior to the hack and it will restore. Please bear in mind that any content, changes etc made after this date will be lost.
Worst case scenario, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you can manually remove the hack.
If you manage to restore a previous version, it will still be vulnerable and you should install security software to protect it.
Step 5: Malware scanning and removal
There are a few services which will provide ongoing malware scanning and removal as this may be the root cause, this can also be done manually but I would recommend getting in touch with a professional to discuss this.
How to protect your site:
Aside from that, here are some more things you can do to better protect your site – these are not in order and you should do as many as you can!
- Set up a website firewall – Sucuri is highly recommended, they help to block the attacks before it reaches your server.
- Switch to managed WordPress, as these have a lot of contingencies in place to protect your site, wpengine is a recommended host.
- Limit Login Attempts in WordPress, this is an effective way to keep your login page secure.
- Password Protect your Admin Directory – Add an additional layer of password to your WordPress admin area.
- Disable PHP Execution in certain directories
If you have any questions about the above or would like to some links to more information then please feel free to reach out at contact@wplifesaver.co.uk and we are happy to help.