How To Recover Hacked WordPress Website?

This post was originally published at justlearnwp.com by Tahir Taous.

Do you want to know how to recover hacked WordPress website. WordPress is most popular and powerful Content Management System to create websites, that’s why it is heavily targeted by hackers, because of its popularity WordPress is target of hackers looking to “take over” pieces of your site for their own benefit.

There are a lot of people who wants to know how to recover hacked WordPress website and this article will help you to make your WordPress make websites more secure and safe.

Ultimate Guide: how to recover hacked WordPress websites

WordPress itself is a secure CMS and security updates are rolled out automatically whenever a major security vulnerability is spotted but even the most secure websites on the Internet are vulnerable to attacks and can be hacked.

If you are a WordPress users there are some basic WordPress security settings that can prevent you from many commonly known threats. A strong user name and password, latest WordPress version, Themes and plugins from trusted developers, regular backups and security plugins can help you to make your website more secure and safe.

WordPress is now powering almost %25 of websites, and hackers target thousand of WordPress website daily. So many websites are hacked successfully, so many WordPress users are successfully targeted because a lot of people have the “it won’t happen to me” or “i will do it later” syndrome. So many people don’t expect it to happen and then suddenly their website gets hacked.

Why WordPress Website are hacked Successfully

There are many different reason and every case is not same but there are some common mistake. If you will avoid these mistakes your website will be more secure and safe. Here is a list of many possible reasons why a site is hacked.

Out dated WordPress version

This one is a big problem since W3Techs found that over 15.8% of WordPress sites are not up-to-date (Using WordPress version 3 or older), meaning recent security patches won’t mean a thing for these folks and their sites are open to attack.

In many cases, people got hacked because a site, hosted on VPS or shared host was not regularly updated.

Out dated WordPress version can be really dangerous, Always delete out dated, test website or update to latest version, other wise it can end up affecting your several other sites on your server. The hacker can easily use compromised site to gain entry into a couple of your other sites, hosted on the same server.

Out dated or malicious plugins and themes

keep in mind that hacker will often target widely installed plugins or themes with known security vulnerabilities. In most cases, your WordPress website won’t be targeted specifically, but will be hacked because of some vulnerability in a plugin or theme installed on your site.

The top security vulnerability has been with WordPress plugins and custom scripts.

Weak user names and Passwords

Never use admin as your default user name and weak password.WordPress Brute Force attacks can be very successful when people use passwords like ‘123456’ and usernames like ‘admin.’.

Local environment (Laptops or Desktop)

The first place you should start with is your local environment. In many cases, the source of the attack / infection begins in your local computer. Make sure you run a full anti-virus and malware scan on your local computer.

How to make your website secure

• Make sure your local environment is safe
• House your site with a trusted hosting provide
• Always use Latest WordPress version
• Always update plugins and theme
• Download themes plugins from trusted developers
• Install a security plugins : it can help you to quickly detected the exploit
• limit login attempts : Prevent Brute Force attacks
• Install a back up plugin
• Use strong Passwords for WordPress, hosting control panel etc
• Never use “Admin” as WordPress user name

How to recover hacked WordPress website

Here are few step to recover a hacked WordPress website.

Scan your local machine : Don’t panic, you need to stay calm. because a clear, focused mind is the key to efficiently responding to any security breach. It is really important. Make sure you run a full anti-virus/malware scan on your local machine.

Change all passwords : This is a must. Change all Server control panel, Hosting account center, SSH, FTP, database usernames and passwords.

investigate Upon discovering that one of your sites is hacked, take a few moments and check any other site that you may have, especially if they are on the same server. If one site is hacked, it’s likely that other sites on the same server are hacked as well.

Backup If you have back up of your website, it is great. because you can quickly fix the issues. otherwise create a back up of your website. Even though you have been hacked, there could be valuable information on your website that you may need to recover later.

Keep in mind that many hosting providers may shut down or even delete your site immediately after finding out your site has been compromised, especially on shared hosting plans. contact your hosting provider as they may have detected malware, viruses or similar issues with your site then blocked it to protect others on the server.

Scan Your Files If you have a back up, use this clean back up to restore your website. otherwise backup your compromised site. Once you have backed up your entire compromised site, you’re ready to Scan your website.

WordPress Security Plugins

If you can access your website, Log Into Your WordPress Admin Panel, install a security plug to scan all files.

• Sucuri Security is a free Auditing, Malware Scanner and Security Hardening plugin
• Anti-Malware Security and Brute-Force Firewall is another free popular plugin.
• Exploit Scanner : Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

Find and remove the hack : If you cannot access your website, your host has deleted all files, use your back up files. Check all WordPress files and delete the known suspected files, make a list of all suspected files. See if there are any .exe files and delete them.

Compare hacked files against known clean backups : there are various types of symptoms and they affect your website and it’s visitors. For instance, malicious redirects can often be found in files like .htaccess, and index.php at the root of your website. While others will focus on the wp-content/themes directory targeting index.php, header.php, footer.php and functions.php.

Websites that provide free scans for hacked files

Sucuri Site Scan : is a free service for comprehensive site scan, it also lets you know if your site has been blacklisted.

Unmask Parasites : Lets you know if your site has been hacked. This is a great first step in determining whether there is a problem

Norton Safe Web : Lets you quickly find out if there are any threats associated with your site.

Quttera : Scans your site for malware.

VirusTotal : You can scan your website or IP address for common viruses, trojans, malware and the like. It uses over 50 different scanners to get more accurate results.

Clean up WordPress

Once you find what the code is and what it is doing, now it is time to remove it from your site. If you have a clean back up of your website it is easy to restore your website. Once you’ve secured your website, use your most recent backup.

If you restore from a known clean backup of your WordPress Database, and re-upload your backed up WordPress plugin and theme files through FTP or SFTP, that will ensure that all those bits are clean of malicious code are gone.

• Change all passwords
• Restore everything using the most recent backups possible
• Reinstall WordPress from scratch or Replace the core WordPress files with latest version
• Must change your secret keys : WordPress Secret Key generator
• re-import database (make sure it is safe)
• reinstall themes and plugins from scratch.
• Install security and back up plugins
• Scan your website again to make sure it is safe
• Contact your web host to remove you from the blacklist
• Work with Google and your host to get the site removed from their blacklist

Resources

I hope now you know how you can make your website more secure and how to recover a hacked WordPress site. Here are 2 good resources.

• How to Clean a Hacked WordPress Site using Wordfence
• If your site is infected : Google

More Related Posts

• WordPress Parent and Child Theme Development Beginner Guide
• Ultimate guide: What is WordPress how does it work & who use it
• 35+ Type Of Websites You Can Create With WordPress

Download Free eBook:

Cheat sheet to increase Blog Traffic, Subscribers and Earning.