What To Do When Your WordPress Site Just Got Hacked

By Nick Mann of TyypoPrints

The worst just happened. Your website displays WordPress hacked by “______”. Your heart starts pounding and sweat pours out of your face.

But it’s ok. Here our was to recover the damages that were done.

Always Back your WordPress Site Up!

Restore it back from a previous section, reset all passwords and turn on 2 step authentication. There you go, you’re safe.

But what if I didn’t backup my website?

The good news is you have options, bad news is, it requires some work:

Identify Any Trojans

Trojans are probably the reason how someone got a hold of your password. Scan your computer with an antivirus to find and remove any trojans. If it didn’t find anything, try:

Make Sure Your Website isn’t Public

Use WP Quick Maintence to stop publicizing your website and possibly spreading malware to your visitors and upsetting google which will determinate your SEO. Your visitors will just know you’re not available right now.

If you don’t have access to the admin login anymore, reset your password. Here is a good guide to resetting your password.

Change All Passwords

Start with the ones for your computer, then your WordPress, site and lastly for your web host provider.

Back up all WordPress files.

You can easily do this by going to your webhoster and download all WP

Pay close attention to the ‘uploads’ folder. This one definitely needs to be saved as it contains all uploaded files and images. You can find it under wp-content => uploads. Download this folder onto your desktop separately because you will need it later.

Now create a backup of your database. To do so, log into the administration interface of your web host and choose ‘phpMyAmin’ or whatever tool your host provides you with. Following that, choose your database and click “export”. Export the database as “SQL” and if possible, as a .ZIP file. Don’t forget to also save the important file .htaccess. This file will also be needed later as WordPress doesn’t work properly without it.

If you are using a Mac instead of a PC, you will need to activate the display of hidden data as all files with a dot before the file name are hidden system files for Max OS X and thus, as the name suggests, are hidden from view.

If you are using a Mac instead of a PC, you will need to activate the display of hidden data as all files with a dot before the file name are hidden system files for Max OS X and thus, as the name suggests, are hidden from view.

Re-download all Themes & Plugins

Check the Folder Uploads

The ‘uploads’ folder is crucial for the success of the recovery as it contains all uploaded data, foremost all of your images. Open the folder and search it and its sub folders for .PHP files. If you find any, delete them all. In most cases, they don’t belong there. If a plugin in the folder does need a PHP file, it will automatically recreate it later.

Delete all Data from the Server

Log into your web server or your web hosting package via (S)FTP access and delete all data of your WordPress installation. Delete ALL the data. Don’t leave anything. Really. Go ahead. Do it!

Upload a Fresh Package of WordPress and Important Files

Get a new WordPress version from WordPress.org and upload it onto your server or webhosting package via (S)FTP access. You should also newly distribute the security key in the »wp-content.php« file, the generator “https://api.wordpress.org/secret-key/1.1/salt/” helps you with that.

After that, load the wp-content.php and the .htaccess data back into the root of your WordPress installation. Now open the folder »wp-content« on the server and load your »uploads« folder into that. Afterwards you should have gained access to your WordPress again. Login to the admin interface.

Test your Website

Go throught out yoursebsite to see if all links, images and text are working and displaying.

Deactivate Maintenance Mode

You can now safetly exit out of maintenance mode for all to see.

Your WordPress site is now back to the way it was.

If you enjoyed reading this, please share and recommend. Thank you! ❤

Chances are, these are where malware would be hiding so redownload them all.