HELP! My WordPress website got hacked! What should I do next?
WordPress is the world’s leading content management system and this makes it a popular target for both amateur and professional hackers.
Unfortunately, every day people go through the shock of discovering that their site has been hacked. After the initial shock, panic usually kicks in.
Oh my God, my website has been hacked, what can I do now? What should I do?
The most sensible thing to do is to contact a WordPress security expert who can help you remove the malicious code, secure your website, and have everything back to normal as soon as possible.
I get such requests daily here at WP Mayor, which is why we’ve recently launched our WordPress security services, which include the hack cleanup service as well as the security audit and security lockdown for the good folks who like to play safe.
But what do we do when we perform a hack cleanup? In a nutshell, these are the tasks we undertake:
- Clean your website from any infection you might have
- Identify from where the malicious hacker managed to intrude WordPress
- Ensure that all plugins and themes being used are safe and not hackable
- Ensure no file or files expose sensitive information which could be used by hackers
What if you want to fix things yourself rather than hire an expert? Here are some pointers that should help fix the simple hacks.
First Step: Scan your Site
There are a number of plugins which perform scans, but the easiest way to scan your site is to use an online scanner such as the Sucuri Vulnerability scanner. When performing a cleanup on a client site, we also use other more advanced scanners such as WP Scan, but the Sucuri scanner should give you a good indication where the main problem is.
If you’re lucky, the scanner will show which files are infected, in which case the next step will be to remove the malicious code.
Second Step: Remove Malicious Code
Before you start this step, take a backup of your site using a plugin like BackupBuddy (which also has an in-built vulnerability scanner), then download a copy of your whole site.
The most common malicious code injections are either found in plugins or themes, although the WordPress core is also affected sometimes. Once you have all your files on your local computer, open a file which according to the scanner has malicious code. Then highlight the malicious code, and do a search & replace across your whole site (using an editor such as Sublime Text), replacing the malicious code with nothing, thus basically doing a delete of that code.
Manual removal can be daunting for some, especially users who have no knowledge regarding web development. Hence, a security plugin like MalCare, WordFence, etc could solve this issue. Note that if your website is already hacked then you can opt for this excellent WordPress Malware Removal Service by MalCare (one of the best security services out there). It’ll clean your website in a jiffy.
Third Step: Upload the Files Back to Server
Once you’ve removed the malicious code, upload the files back to your server using an FTP program (such as FileZilla). Then run your site through the Sucuri scanner again, and check that your site is clean on all counts. If not, you’ll need to dig deeper or hire someone to help you.
Fourth Step: Change Passwords
Since passwords could have been compromised during the time that the site was hacked, change the following passwords:
- Database password
- WP-Admin password
For good measure you might also change the cPanel and FTP passwords.
Those four steps will many times be enough to remove a malicious code injection and remove your site from Google’s blacklist.
Are they enough? I’m afraid not, security hardening involves many steps and an experienced person who can identify how the site got hacked in the first place, as well as what other vulnerabilities exist on the site. Frequently the vulnerabilities will not only be of a technical nature (bad plugins or themes). They will be more obvious things like weak passwords, and these need to be addressed as well. When you hire a security expert, he should be able to guide you and educate you so that you can improve your site’s security from every aspect.
If you want to learn more about the expert security services available at WP Mayor, please take a look at these pages:
- WordPress Hack Cleanup service
- WordPress Security Audit
- WordPress Security Hardening
Do you have any other tips you’d like to share or security questions to ask us? Leave a comment below!
If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.