You wake up to find your email flooded with messages stating that your website is down — or even worse, that it infected someone’s computer! Sorry friend, but your website has been hacked.
Unfortunately, you’re not alone. Over 70% of WordPress installations are vulnerable, and most get hacked due to faulty plug-ins, themes, or the use of outdated WordPress versions that contain vulnerabilities. Of course, at this point, you don’t care how you got hacked more than you do about how to proceed from here.
Luckily, all is not lost. Many WordPress hacks are easy to pinpoint and fix. It will take a bit of effort on your part, but you can recover from a WordPress hack and get back to building your brand.
Determine How the Website Was Hacked and Contact Your Hosting Company
The first thing to do, if possible, is locate the source of the hack and determine how your website is behaving. Check to see whether you can access the website.
- If you can’t, is your site redirecting to another website, or has Google already marked it as unsafe?
- If you can, are there additional links or content that wasn’t there before?
You may also want to check your website using a tool such as Sucuri’s SiteCheck. It will give you information regarding infections, and identify any malware that it finds as well as any potential blacklist warnings on the website.
After you’ve identified the source of the hack or determined that your website is inaccessible, you need to contact your hosting company. Unless your host has an unusually strict policy against hacked websites that would compel them, for example, to immediately delete your website and all its associated files, they’ll likely be able to help you with the hack.
In some cases, such as for those of you on shared hosting, your hack may be part of a larger attack, and you’re merely the latest victim. Some hosts will help you clean the hack, while others may only give you information on the hack and what you need to fix.
Note that your host may disable your website until you can fix the hack. This is preferred to overzealous hosts that delete all your data, forcing you to start over.
Still unclear about how your website might have gotten hacked? Check out our article on common reasons why WordPress sites are hacked.
Check Permissions and Change Passwords
Before you take any additional actions to clean your website, you should first check all user permissions on your website. Make sure that all accounts you created still have their originally assigned permissions. If they don’t, either change them back to what they were before, or delete the account entirely. If you find accounts that you didn’t create and you know weren’t created by an associate admin, then remove those accounts.
Changing the passwords on all accounts is essential. In many cases, hacks will compromise your passwords, and continuing to use them will make you susceptible to additional hacks in the future. Also, if you happen to use that password on ANY other account not associated with your WordPress account, change those too to prevent your identity from getting stolen down the road.
Remove the Hack
Once you’ve identified the source of the hack or the files that are involved in the hack, it’s time to remove the hack. The best way to proceed will depend on the source of the infection. If the hack merely originated from a faulty plug-in or widget, then fixing the hack may be as simple as removing the bad file.
In other cases, you may have to replace hacked files. For example, if your databases become hacked, you’ll either have to replace them or log in to your database admin panel and manually remove anything that looks suspicious, such as unusual links, keywords you didn’t enter, and other forms of suspicious content.
In some cases, the simplest way to remove the hack is to restore your website to a non-hacked version. If a faulty plug-in is the problem, you may want to restore to a version before the plug-in was installed, or at least before the hack allowed content to be changed.
After you’ve removed the hack, scan your website again using third-party tools such as WordPress’ Theme Authenticity Checker or Sucuri’s WordPress Auditing tool. This will ensure that the hack is removed and there are none that you’ve overlooked.
If All Else Fails, Hire a Professional to Fix Your Website
So what happens if you’re using WordPress but lack the technical skills necessary to fix your website? In that case, it’s time to enlist the help of a professional. You can either go the route of hiring a website expert — which can incur insane hourly charges — or you can go with a company such as Sucuri or Malcare that offer affordable solutions.
Another alternative would be to inquire with your website host to see whether they offer WordPress website-recovery services. Some web hosts will do this for free as part of their service, while others may charge you a one-time fee.
There Is Life After a WordPress Hack
While having your website hacked may seem like an unrecoverable event, it is not. Instead, it should serve as a wake-up call that you need to improve your security and be more careful in the future. Start by keeping a better eye on the themes and apps you install on your website. Next, create a proactive plan that includes regular malware scans to help prevent future hacks.
There are some tools you can install to help monitor your WordPress website to guard against future attacks. Check out our article on the best WordPress monitor plug-ins and tools.
f your website gets hacked, don’t panic! You’re not the first person to get hacked, and you won’t be the last. The important thing is to start working to address and correct the hack as quickly as possible. This helps prevent downtime and damage to your website’s reputation, and it may help prevent you from getting pinged by Google for being a dangerous website. So act swiftly, remove the hack, and get back to growing your website.