Your security scans have come back positive and it’s confirmed: your website has been successfully infiltrated. And when it comes to WordPress, “hacked” is never a word you want to hear. What do you do? Let’s walk you through the process of how to clean a hacked WordPress site and what next steps you should take to recover.
We all know, WordPress is the most popular platform. Because of sheer volume and the number of WordPress websites online, it’s the most hacked CMS on the web. That’s one of many reasons why it’s so important to keep your site secure.
But even if you have basic security implemented on your website, people with malicious intent can still find access points through numerous tricks and loopholes in your website’s code.
Suppose we find ourselves in a worst-case scenario and someone has gained access to your WordPress website. What now?
Step 1: Don't Panic
How do you clean a hacked WordPress site? Well, the first step is to take a deep breath. Having WordPress hacked isn’t the end of the world and all is not lost. Being stressed or panic will do you no good and it takes your concentration away from recovering your website. Let’s put our energy into finding solutions.
Step 2: Locate the Hack
Go through this quick list of questions. Ask yourself:
- Are you able to log in to your WordPress Admin Panel (yourwebsite.com/wp-admin)?
- Is your website redirecting you to some other website?
- Does your WordPress website contain any illegal links?
- Has Google already marked your website as insecure?
Record your answers to each question and make sure that you’ve noted everything for the next step below.
Step 3: Call your Hosting Company
Many of the good hosting companies are very helpful in these kinds of situations. The ones with experienced staff have faced these kinds of a problem before, so they should be well-equipped to help. That’s why before doing anything yourself, get in touch with your hosting provider and follow their advice.
If your website is hosted on a shared server, this is also how you can see if the hacker gain access to your website through another site on your server. In this scenario, your hosting provider can provide you with answers like how the hack was starts and spread. Also, there’s a good chance they can tell you where the backdoor to your website is from where the hackers found their way in.
Hopefully, your hosting company is responsible enough to help you clean up your site after a hack (or not let it happen in the first place). If not, you have other options.
Step 4. Hire A Professional for Anti Hacking
If your website has experienced a bad attack or you just need it to be cleaned quickly, hiring professional help might be the way to go. A vulnerable website only gets worse as time goes on, so the faster you can get your issues fixed, the safe your website will be.
This is most likely the best solution for you if you don’t consider yourself tech-savvy, or you just don’t want to mess anything up while you’re trying to clean your site. It’s easy to make things worse instead of better in these situations, so if you’re not comfortable making significant changes to the backend of your site, it may be time to ask for support.
One excellent option for this is Malcare. They are a complete WordPress security solution to protect your online identity. It is developed from the ground up after analyzing over 240,000 websites over the last 2+ years. MalCare ensures that your business is always protected and available to your visitors.
It comes with a powerful scanner that will never slow down your website and goes beyond just signature matching to find new and complex malware which usually go undetected in other popular scanners.
MalCare comes with a one-click automatic malware removal feature that surgically cleans all traces of malware permanently from the website. They also have an intelligent plugin-based firewall that protects your website from bad traffic by using the collective intelligence of its network of sites.
Finally they have an intuitive site management module that lets you manage your themes, plugins, users and WordPress core for better security of your website.