How to Fix Hacked WordPress Sites

How to Fix Hacked WordPress Sites

It is possible that you have invested a large sum of time and money into your WordPress site, such as installing it carefully, choosing the decent templates and necessary plugins, creating great blog posts and publishing on a daily basis. But one day, when you go back to your website, you find that your site is totally ruined – all your meaningful posts are gone, or simply redirects you to a strange website with the drug and gambling information. Now, you must know that your site is hacked by some bad guys.

To be frank, the hacking issues are avoidable. Every webmaster we know has encountered at least one time. Especially, if you are a WordPress user, you shouldn’t have been surprised about this. Instead, you need to be calm and take some actions to recover your website back from the hacking situation. In the following, we have listed 5 steps about how to fix hacked WordPress sites.

Step 1 – Scan Your Website to Detect the Malware

Once your website is hacked, we do not recommend you to restore it using the backup files in the very beginning. Instead, you’d better scan your whole site to investigate the malware and remove it. Otherwise, even if the hacking issue is fixed now, your site is still in a vulnerable situation.

The malware is the bad content that inserts the hacking codes into your files, plugins, database, themes and many more. To detect it, you’d better consider the following aspects for a comprehensive result.

Detect the Malicious Injection in WordPress Core

It is true that WordPress is one of the most popular CMSs for the website building. However, due to its great popularity and the open source nature, it has become the main target for hackers. In this case, you firstly need to check whether your WordPress core files and databases have been injected with some malicious coding stuff.

Surely, you can detect your installed WordPress manually using the phpMyAdmin and running some MySQL queries. However, for the sake of time-saving, we highly recommend you to have a try on the Sucuri plugin, with which you can check your website databases and WordPress core files for suspicious codes with much ease.

After installing it on your WordPress admin, you have to generate the API key to truly activate this plugin. Then, simply click the Malware Scan button from the Sucuri Security drop-down menu. After clicking the Scan button, this plugin will detect the malware automatically and show you the results.

Sucuri Malware Scan

Besides this option, there are many other plugins you can use to scan your site for malware. Simply check this list for more choices.

Detect the Malicious Codes in Your Installed Plugins and Themes

If you have installed some free plugins and templates on your site, you’d better check them for the injection of malware.

In fact, the Sucuri plugin is powerful enough to detect the malware, but the 100% accuracy cannot be guaranteed for plugins and themes. In this case, the best way is to deactivate them one by one to figure out which of them causes the trouble. For instance, if the malicious code is gone when the Plugin A deactivated, it means that the malware is hidden in this plugin and you should remove it.

If you can enter your WordPress dashboard, this process can be carried out easily. However, if the admin panel is no longer available for you, you should check your wp-content folder using either the FTP client or the File Manager.

Enter wp-content Folder

Once inside this folder, you can find the plugins folder and the theme folder.

  • Plugins Folder – Get into it and remove the file of each plugin one by one. Or rename this folder to disable all the plugins.
  • Theme Folder – Rename this folder so that your site will be forced to load the default template.

Step 2 – Restore Your WordPress Site using the Latest Backup File

If you keep the good habit of backing up your WordPress site, then nothing needs to be worried. You only need to find your latest backup file and leverage it to bring your site back to normal. Here, as you have already figured out the malware, you’d better move them firstly before starting the restoration, so that your site is not in a weak stage and will not be easily hacked again in the future. Never leave a backdoor or the exploited file for the hackers.

To be frank, there are a lot of methods for WordPress restoration. For instance, you can use the WordPress plugin, phpMyAdmin, your cPanel control panel and the FTP client. The automatic steps of using plugin have been introduced in this how-to tutorial. Now, we’d like to introduce a manual method of using the phpMyAdmin and your FTP client.

Restore WordPress Database using phpMyAdmin

First of all, you should enter your phpMyAdmin via the control panel and clean all your exiting databases for a complete restoration.

For this, simply click on your target database and select all of its tables. In the bottom of this page, you can find a Drop button just like the following screenshot. Simply click it to clear your current tables.

Drop Tables

Now, you have a completely empty database, so you should import your backup file for the database. Simply click the Import button from the top of this screen. Here, you can find a Browse button that allows you to take your target file.

Import Database

Next, you need to click the Go button to finish the importing process. After waiting for a few minutes depending on how large your file is, you can be presented with a message indicating that the import has been successfully finished, along with how many queries have been executed.

Restore Website Files using Your FTP Client

In order to guarantee a comprehensive restoration, you firstly need to clean up all the existing files on the root directory of your WordPress site. Then, select your backup file and drag it for uploading.

Import Files with FTP

The process of restoring files is quite simple. But you’d better not to forget to edit the wp-config.php file in your newly uploaded WordPress files, offering the host name, database name and password information.

Now, your site is totally restored.

Step 3 – Check Your Local Environment

In fact, you have already fixed the hacking issue of your WordPress site at present, but it does not mean the ending part. You have to check whether there are some loopholes for hackers to take some actions again.

As you have already checked the website malware in the step 1, now you have to scan your local environment. Actually, in many cases, the source of hacking issues starts from your local machines, such as your laptop, PC and notebook. In this case, starting an in-depth anti-virus scan on your computer is necessary.

Step 4 – Strengthen Your Website Security

Hackers can intrude your website due to there are some vulnerabilities they can leverage. Therefore, you have to strengthen your website for an increased level of security.

First of all, you have to make sure that everything on your site stays updated, including the WordPress core, themes, files and some third party tools. Then, you need to protect your login page as it is the gate for entering your admin panel. Also, you can adopt the methods of using SSL and CDN service, blocking IP addresses on the blacklist, setting file permissions and many more.

We have introduced a lot of tips about how to improve the security of your WordPress site previously. You can have a look and carry out them one by one.

Step 5 – Keep the Habit of Backup

You can never avoid website hacking, and what you can do is to reduce your chances to be hacked. In this case, it is highly recommended to backup your WordPress site at least one time per week. With the backup files, your site can be brought back to normal quickly even if it is hacked.