How to Fix a Hacked WordPress Site | Tripwire

How to Fix a Hacked WordPress Site

Posted on April 11, 2018
How to Fix a Hacked WordPress Site
Getting hacked is among the most discouraging experiences you'll deal with as a website owner. No matter how secure your site is, there is always a chance that your site may get hacked. According to Forbes, about 30,000 websites are hacked every day, and who knows if/when hackers will target your site next. Now think: your site is getting popular, you work very hard for it, and somehow it gets hacked. You almost lose everything on your site; no way hackers will give your site back to you. Luckily, it's possible to find out precisely how your site was hacked with some easy sleuthing in your site's logs. When you have determined how the hacker has infiltrated your site, you can spot the security hole to avoid the breach occurring again.

How to Know If Your Site Got Hacked

No matter which popular Control Management System (CMS) you are using – WordPress, Drupal, Joomla, etc. – any of them can get hacked. Often times, WordPress users panic that their site has been hacked because their site is not responding or getting spam comments. Some users even go as far as paying WordPress specialists thinking that they need help recovering their site. However, many users struggle to figure out if their website is having technical problems or if it has, in fact, been hacked. But, it doesn't have to be difficult to determine if the site has been hacked. There are some common signs of a hacked site, such as:
  •    Unnecessary pop-ups appearing that were not added
  •    The site is automatically getting redirected to other spammy websites
  •    The website freazes continuously
  •    Displaying unwanted text in the footer or header that wasn't implemented
  •    Auto-linking of keywords to other external websites
  •    You received a notice from your hosting provider that you are doing something malicious
In the event you detect any of the indicators above, you need to make sure to secure your WordPress site right away.

Step 1: Identify the Hack and Change Your Password

It is very stressful work to fix a hacked WordPress site if you are not tech-savvy, but it is not as hard as you think. The first thing you need is to keep calm and address some questions to help you pinpoint the problem:
  •    Can you access your WordPress admin panel?
  •    Has Google marked your website as insecure?
  •    After login, is your website redirecting to another website?
Write down those answers, as they will help you on to the next step. It is also beneficial that you change your password before you do any further step, and don’t forget to change the password after securing your website again.

Step 2: Contact Your Hosting Company’s Support Team

Many beginners commit the first mistake by choosing a poor hosting company. Selecting a good web hosting company will take care all of your security concerns. Many good hosting providers are really practical in these type of circumstances. Their support staff has dealt with these sorts of problems many times before, so they should be fully equipped to help with that. Pior to doing anything yourself, contact your web hosting provider and follow their guidance. As I mentioned before, if you are using a cheap web hosting provider that doesn’t provide any security features, you also can't see if a hacker gained access to your website through another website on your server. With a good hosting company, your hosting provider can oftentimes provide insight into how the hack started and spread. Also, there's a good chance they can inform you where the backdoor to your website is and from where the hackers discovered their method. Your hosting provider may be able to fix your hacked website. If not, then choose another option below.

Step 3: Scan Your Website with a Security Tool/Plugin

If you don’t update your WordPress theme or plugins regularly, there's a possibility that hackers might use out-of-date files to access your WordPress website. Once they're in, they can create a backdoor to quickly gain access to your site in the future. That's why it's so crucial to have a good WordPress security plugin installed on your site, so you can track any changes made to your site in real-time. I recommend the Wordfence security plugin. It is a freemium plugin, and it works great. This plugin has many premium security features i.e. web application firewall, malware scanner, real-time traffic measuring, country blocking, and much more. Read How to Choose a WordPress Security Plugin that is Right for You here.

Step 4: Restore Your WordPress Backup

It’s a good practice to back up your WordPress site daily. In case your site crashed or got hacked, you can restore the previous version from the backup. But remember: you have to restore a version before your site got hacked. When you restore a backup, you will get all files of your site as of the backup date. That means you will lose those changes that were made after the last backup. Inconvenient, yes – but it is better to have a clean website instead of a malicious one. After restoring your site, you can manually remove any file, plugin or theme that causes the problem.

Step 5: Check Your Users' Permissions

check-user-permission.jpg
This is one of the most important things to check when assigning a new user account to your website. It is also the same method for properly giving permissions of your property. It is highly recommended that you check all users' permission again. To edit a user’s role, you can use user’s role editor plugin. If there are new user accounts that have appeared, remove them immediately.

Step 6: Change WordPress Security Keys

wordpress.jpg
Image credit: WPMyWeb.com After WordPress version 3.1, WordPress automatically added a set of security keys in your wp-config.php file. Now, if a user stole your password and they are still logged into the website, they will get auto-logged out once the WordPress salt keys are changed. This way, all the users will get auto-logged out from your website. Then, you can change your password, including those for other users. Security should be the first priority for a webmaster because a website can get hacked anytime without any notice. As WordPress is the most popular CMS, hackers target it frequently. However, you can help prevent this by taking the security of your site seriously and following the recommended steps above.  
Jyoti-1.jpg
About Author: Jyoti Ray is the founder of WPMyWeb.com. He writes about Blogging, WordPress tutorials, Hosting, Affiliate marketing etc. He mostly spends his time blogging, reading books, and cooking. You can follow him on Twitter. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!