How to recover your WordPress Website after Hack?

Most of the users are getting panicky while the website gets hacked, but there is no need to afraid or panic you can recover your website by removing malware, or infected code. Here is an article that guides you how can recover a WordPress website. Before we start, we should know that no matter which CMS you are using it can be hacked! But that doesn’t mean CMS is not secure, we can secure it in various ways.

If you have takes backup of your site regularly, you can restore a version of your website from before the hack, but if you don’t have a back-up of your files you can follow below steps to recover but it works only while you have the wp-content folder in your Cpanel.

Here are the steps that you can recover your website:

1. Identify how malware affected your website by checking below points

• Can you able to login admin dashboard?
• Check with your hosting, all files are there or removed.
• Do you find any suspicious links on the website?
• Are your site redirects to another website?

2. Backup your theme files & uploads directory:

• Log in into Cpanel/FTP.
• Backup your theme files and scan it using TAC (Theme Authenticity Checker) plugin.
• It’s good if you use the fresh theme if no customization has done in the old theme.

3. Delete Old WordPress files:

• Delete infected WordPress setup and install the new files
• Add your fresh/scanned theme and uploads folders in a WP-content directory.
• Update your database credentials into a wp-config.php file located in the root folder.

4. Update your Permalinks:

• Log in into admin dashboard and go to settings > Permalinks.
• Update your permalinks by clicking save changes.

What if all files deleted by a Hacker?

Sometimes it may be possible that hacker removes all your files and upload own page or file that can be redirected to other unwanted or spamming websites. In this case, you can contact your hosting provider they are regularly taking backup of your files and restore it. Your backup can be old, so there are chances to lose your data, images you have uploaded, but it’s worth when to get a clean website.

How WordPress website gets hacked?

• 41% are hacked through vulnerabilities in their hosting platform
• 29% through means of an insecure theme
• 22% through a vulnerable plugin
• 8% due to weak passwords

There are many ways that WordPress website gets hacked. Following are the most common points of entry into WordPress websites:

• Many free themes and unauthorized plugin contain malware. They have backdoors to enter your website and can browse your files. Use themes and plugins have a good rating to avoid badly coded themes.
• Choosing a poor hosting provider is also the reason for hacking which provides less security for your website.
• Using week username and password
• Nulled Themes and Plugins

How to protect a WordPress website?

• Update your WordPress version
• Rename login URL wp-admin to custom URL.
• Change database prefix from wp_ to custom.
• Use security plugins e.giTheme security, Wordfence
• Change username and use strong passwords
• Use SSL to encrypt data
• Disallow file editing, by adding define (‘DISALLOW_FILE_EDIT’, true) in the wp-config file
• Disable directory browsing
• Use two-factor authentication
• Choose a good hosting provider
• Use backup plugin e.g UpdraftPlus, BackupBuddy, BackWPUp
• Remove WordPress version number — Use below code in the functions.php file

remove_action('wp_head', 'wp_generator');

Security should be the first priority for any website. Being one of the Top WordPress Development Company, follow a proper checklist while developing any WordPress website and we use various security steps to secure your website. Contact us to discuss your project or Hire a Dedicated WordPress Developer. You can also reach us at inquiry@techcompose.com