17
Oct
Wordpress Security

How to Clean Up Hacked WordPress Site

Posted on by Simon Dwight Keller

Websites can be hacked, this is a bitter reality, and it is very stressful if a WordPress site gets hacked. It has a direct effect on running a website and even greater impact if you are using one to represent your business. In this article, we will discuss a systematic guide to fix a WordPress site after it is compromised.

Few Things to Know Before We Start

Let’s break down what kind of impact a hacked site can have:

  • Lost or reduced search engine ranking.
  • Visitor data can be compromised.
  • You can lose reputation as hackers may redirect your website to scam sites.
  • You might lose your entire site.

 

If your income depends on your site, you must put security on top of the list of priorities. Therefore, it is vital to have a reliable web hosting that helps protect your site and to follow some security practices. Some important things to consider while running your WordPress site are:

  • Opt for a web hosting company you can trust.
  • Have a good backup solution.
  • Make sure to use a firewall.
  • Have good security on your website. Use the Website Security Check or other applications to scan your WordPress site’s files. This will show you potential flaws and vulnerabilities in your site.
  • Use a reliable plugin such as Hide My WP Ghost to improve security. This plugin stands out because it uses security through obscurity to protect you.
  • Staying up to date and informed is one of the best things you can do to protect yourself. Having a better understanding of WordPress will help pick reliable plugins, web hosting, and themes, to minimize the number of potential breach points. It’s a great idea to follow blogs like HostingWiki, which can both help you stay informed and master the CMS.

 

The best thing to do is try to prevent your site from being compromised in the first place. According to statistics, WordPress is the most likely CMS to be hacked, so let’s cover the worst-case scenario and look at what to do if your site gets hacked:

 

1.    Hire a Professional

The easiest and most reliable, but costly solution is to hire a professional. They will help quickly and effectively find the heart of the issue and secure your site. However, you should keep in mind that experts are always expensive.

 

2.     Identify the Hack

There’s a basic checklist you should immediately run through if you suspect that your site was compromised:

  • Enter your Username and Password. Check if you can access your site.
  • Check whether your website is working as it should, or is it redirecting to another URL.
  • Check for suspicious links in your content.
  • Check whether Google has penalized your site or marked it as insecure.

 

3.    Contact Your Hosting Company

A good hosting company has experienced and skilled staff on their customer support teams to help you. While they might not be able to fix your site, they can help find any existing backups, or walk you through potential ways to restore the site.

 

4.     Restore a Backup

If you have a backup of your site, you can restore it to the last uncompromised version. This can easily solve your problem. The only downside to this is the potential of losing any post-backup content or comments from your site. But on the other hand, this is the fastest way to get control of your site back.

5.     Scan and Remove Malware

If you have some WordPress themes or plugins, which are not active, delete them. Hackers can use compromised plugins to find a backdoor or another vulnerability.

 

Additionally, you should scan the website, and install a reliable plugin for security such as Sucuri Security or the Theme Authenticity Checker. After scanning, you can find the location of the vulnerability which can be in various directories or files (upload, wp-config, wp-includes, access). Once the issue is found you can:

  • Remove the malicious code by yourself.
  • Replace the infected file with the original one.

6.     Check User Permissions

Give administrator access to only those whom you trust with your website’s management. Go to the user section and check if any other user has administrator access, or if there are idle or unrecognized users. Be sure to delete anyone suspicious and log out all inactive users.

7.    Modify Secret Keys

WordPress secret keys improve encryption and help better secure your site. If your site was breached you should:

  • Generate a fresh set of secret keys.
  • Add them to your wp-config.php file

8.     Change Your Password

Consider changing the login credentials (both the username and password) for your site’s infrastructure. This includes the WordPress credentials, as mentioned in the first point, and those of your MySQL database, and hosting account. Make sure to use a strong password or use a password management tool that can generate a password that is virtually impossible to brute-force.

 

Summary

Having your WordPress site hacked can be catastrophic for your business. That’s why it’s important to both take steps to prevent such an incident and to know what actions to take if the worst-case scenario takes place. Let’s briefly recap what you should do if your site is compromised:

  1. Consider hiring a cybersecurity professional.
  2. Identify the hack.
  3. Contact your hosting provider.
  4. Restore your site from a backup.
  5. Scan and remove malware.
  6. Check user permissions.
  7. Modify WordPress secret keys
  8. Change your WordPress, hosting, and MySQL login credentials.

We hope this guide will help keep your website safe and sound.