5 Things You Need To Do If Your WordPress Website Has Been Hacked

Hacking only happens to new, unpopular WordPress sites, right?

Wrong. Hackers target newly-built and even more, old, well-established websites, and to be perfectly honest with you, the rate at which WordPress sites are getting hacked is alarming.

But before we look at what you should if your site gets infiltrated, let’s first identify the signs of a hacked site.

Most of the hacking incidents result from a data breach where hackers are able to access the sensitive website or company information, such as passwords and usernames. Cybercriminals can gain entry either in person or through a software system.

Indicators that your website is hacked

• A sudden drop in traffic
• Bad links appearing on the website, especially on the footer
• The site’s homepage is defaced
• You can’t log in to your website
• Suspicious or spammy user accounts appear that can hijack even the admin role
• The website is unresponsive or slower than normal
• Unknown scripts and files on your server and particularly in the /wp-content/ folder
• Inability to send or receive emails from the WordPress site
• Suspicious scheduled task
• Popup ads on the website

If you come across any of the signs above, then it’s highly likely that your website has been hacked. It’s easy to feel helpless, frustrated and inundated at this point, but you need to stay calm and fix the problem.

Keeping an eye on all this isn’t always easy. That’s where solutions such as WP Security Audit Log come in to help figure out what’s going on. A tool like that has a vital role in keeping your WordPress site secure.

Here is what you should do to fix the mess.

1. Contact your hosting company

Typically, good hosting companies are helpful in such situations. Those with tech-savvy and experienced employees have faced such issued in the past, and so they can quickly assist you.

If your site is on a shared server, then it’s possible to tell whether the hacker used another website on the server to access yours. In this case, the host can show you how the hacking began and spread. They can also inform you where your site’s backdoor is.

To make sure your site remains safe, and to ensure that if it’s hacked you’ll have a supportive hosting team standing right behind you, we recommend opting for trusted companies such as SiteGround, WP Engine, Kinsta or Servebolt.

If you’re not sure where to start from (they all offer different options at varying costs), our guide on how to WordPress hosting should help. There are other great hosts around too, but these are the ones we have used more often and have always been supported by.

2. Hire a professional

If your site has been hacked and you want an expert to clean it up quickly, you should consider contacting a professional for help. An infiltrated site usually gets worse as time advances, which is why you should seek assistance from an expert to fix the problem and make the website safe.

We’ve worked with a few trusted companies in the past, including Sucuri and Malcare, both of whom provide excellent service and are very knowledgable in these areas.

3. Restore the site’s previous version

If you’ve been diligent about creating backups for your WordPress website (this is where we highly recommend using BlogVault’s services), then you’ve got a golden moment right ahead of you. You need to restore the site to the version it was before the hack.

When restoring your website’s old backup, always keep in mind that the entire site will revert to the earlier version. That means that any gallery images and other changes you made to the site may be lost. However, an old but clean website is worth more than a hacked one.

After successfully restoring your site’s old version, remember it’s not hack-proof yet. So, you should move with speed to add a layer of security and avert possible malicious activity and common cybersecurity threats, going forward.

4. Check your site’s user permissions

If you can log into your website’s dashboard, you should be able to check your WordPress users’ permissions. Confirm that only you and your team can access the admin accounts and that no one has tampered with the other users’ permissions.

If you come across suspicious new users, delete them right away.

Should you want to monitor user access and behaviour across your website, we recently wrote about the WP Security Audit Log plugin and how it can improve user accountability on your WordPress site.

5. Change all passwords associated with your website

Ensure you change the passwords you use to access the cPanel, WordPress dashboard, FTP client, MySQL database, and any other that might give an outsider access to the website.

Now, you need to come up with new, secure passwords that can give even some of the best hackers a headache. To achieve this, consider using a password generator or using a full sentence with spaces, letters, symbols, and numbers, as your password.

Final Word

After implementing the above steps, your site is secure. But you should not relax after that as WordPress security should be an ongoing effort.

Consider installing the WP Security Audit Log plugin which keeps a log of all changes that occur on your website, and this can come in handy during post-hack forensics too as I’ve explained above.