WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Beginners Guide» Beginner’s Guide to Fixing Your Hacked WordPress Site

Beginner’s Guide to Fixing Your Hacked WordPress Site

Last updated on October 13th, 2015 by Editorial Staff
499 Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
Beginner’s Guide to Fixing Your Hacked WordPress Site

A sad reality about running websites is that sometimes they could get hacked. Having our WordPress site hacked a few times in the past, we know exactly how stressful it can be. Not to mention the impact it has on your business and readership. Over the past few years, we have helped hundreds of users recover their hacked WordPress sites including several well-known businesses. In this article, we will share a step by step guide to fixing your hacked WordPress site.

Fix your Hacked WordPress Site

Few Things to Know Before We Start

First and foremost, no matter which platform you’re using, WordPress, Drupal, Joomla, etc — any site can be hacked!

When your WordPress site is hacked, you can lose your search engine rankings, expose your readers to viruses, have your reputation tarnished due to redirects to porn or other bad neighborhood websites, and worst lose your entire site data.

If your website is a business, then security should be one of your top priorities.

That’s why it’s crucial that you have a good WordPress hosting company. If you can afford it, then absolutely use managed WordPress hosting.

Make sure that you always have a good WordPress backup solution such as BackupBuddy in place.

Last but probably the most important, have a robust web application firewall such as Sucuri. We use their services on our websites.

All the above information is great if you haven’t been hacked yet, but chances are if you’re reading this article, then it’s probably too late to add some of the precautions that we mentioned above. So before you do anything try to remain as calm as you can.

Let’s take a look at the step by step guide on how to fix your hacked WordPress site.

Step 0 – Have a Professional Do it for You

Security is a serious matter, and if you’re not comfortable dealing with codes and servers, then it’s almost always better to have a professional do it.

Why? Because hackers hide their scripts in multiple locations allowing for hacks to come back over and over again.

Although we will show you how to find and remove them later in this article, a lot of folks want to have the peace of mind knowing an expert properly cleaned their website.

Security experts normally charge anywhere between $100 to $250 per hour which is outrageous for a small business or solo-entrepreneur.

However for WPBeginner readers, our friends over at Sucuri offer malware and hack cleanup for $199 which also includes their firewall and monitoring service for a whole year.

Now this may seem like a promotion of Sucuri, but it’s really an honest recommendation. We personally know the team at Sucuri, and we wouldn’t be recommending them if we didn’t trust them with our own websites. Yup WPBeginner uses Sucuri and on a daily basis they block several thousand attacks on our website, and we really can’t thank them enough for what they do for us.

Sucuri Stats for WPBeginner

So use them if you value your time, you’re not tech-savvy, or if you just want peace of mind.

For all the DIY folks, simply follow the steps below to clean up your hacked WordPress site.

Step 1. Identify the Hack

When dealing with a website hack, you’re under a lot of stress. Try to remain calm and write down everything that you can about the hack.

Below is a good checklist to run down through:

  • Can you login to your WordPress admin panel?
  • Is your WordPress site redirecting to another website?
  • Does your WordPress site contain illegitimate links?
  • Is Google marking your website as insecure?

Write down the list because this will help you as you talk with your hosting company or even as you go down the steps below to fix your site.

Also it’s crucial that you change your passwords before you start the clean up. You will also need to change your passwords, when you’re done cleaning the hack.

Step 2. Check with your Hosting Company

Most good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.

Sometimes the hack may have affected more than just your site, specially if you are on shared hosting. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc. From our experience, HostGator and Siteground both are very helpful when something like this happens.

You may even get lucky and the host might clean up the hack for you.

Step 3. Restore from Backup

If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked. If you can do this, then you’re golden.

However if you have a blog with daily content, then you risk losing blog posts, new comments, etc. In those cases, weigh the pros and cons.

Worst case, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you can manually remove the hack.

Step 4. Malware Scanning and Removal

Look at your WordPress site and delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.

Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing. This allows them to regain access even after you find and remove the exploited plugin.

Once you have done that, now go ahead and scan your website for the hacks.

You should install the following free plugins on your website: Sucuri WordPress Auditing and Theme Authenticity Checker (TAC).

When you set these up, the Sucuri scanner will tell you the integrity status of all your core WordPress files. In other words, it shows you where the hack is hiding.

The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.

Next run the Theme Authenticity Checker, and it will display your results like this:

Theme Authenticity Checker showing results

If theme authenticity checker finds any suspicious or malicious code in your themes, it will show a details button next to the theme with the reference to the theme file that is infected. It will also show you the malicious code it found.

You have two options for fixing the hack here. You can either manually remove the code, or you can replace that file with the original file.

For example, if they modified your core WordPress files, then re-upload brand new WordPress files from a fresh download or all WordPress files for that matter to override any affected files.

Same goes for your theme files. Download a fresh copy and override the corrupted files with the new ones. Remember do this only if you didn’t make changes in your WordPress theme codes otherwise you’ll lose those.

Repeat this step for any affected plugins as well.

You also want to make sure that your theme and plugin folder matches the original ones. Sometimes hackers add additional files that look like the plugin file name, and are easy to ignore such as: hell0.php, Adm1n.php etc.

We have a detailed guide on how to find a backdoor in WordPress and remove it.

Keep repeating this step until the hack is gone.

Step 5. Check User Permissions

Look in the users section of WordPress to make sure only you and your trusted team members have administrator access to the site.

If you see a suspicious user there, then delete them.

Read our beginner’s guide to WordPress user roles.

Step 6. Change Your Secret Keys

Since WordPress 3.1, WordPress generates a set of security keys which encrypts your passwords. Now if a user stole your password, and they are still logged into the site, then they will remain logged in because their cookies are valid. To disable the cookies, you have to create a new set of secret keys. You need to generate a new security key and add it in your wp-config.php file.

Step 7. Change Your Passwords AGAIN

Yes, you changed the passwords in step 1. Now do it again!

You need to update your WordPress password, cPanel / FTP / MySQL password, and basically anywhere else that you used this password.

We highly recommend that you use a strong password. Read our article on the best way to manage passwords.

If you have a lot of users on your site, then you may want to force a password reset for all of them.

Moving Forward – Hardening your WordPress site

Improve WordPress Security

It should go without saying that there is no better security than having a good backup solution in place. If you don’t have one, then please put something in place to backup your site daily.

Aside from that, here are some more things you can do to better protect your site – these are not in order and you should do as many as you can!

  • Setup a Website Firewall and Monitoring System – Sucuri is the provider we use because in most cases they block the attacks before it reaches your server.
  • Switch to Managed WordPress Hosting – Most managed WordPress hosting companies go to extra lengths to keeping your site secure. We recommend Pagely or WPEngine.
  • Disable Theme and Plugin Editors – It’s a best practice. Here’s how to disable file edit in WordPress.
  • Limit Login Attempts in WordPress – We recently covered the importance of it and you should read how to limit login attempts in WordPress.
  • Password Protect your Admin Directory – Add an additional layer of password to your WordPress admin area. See how to add Htpasswd to WordPress admin.
  • Disable PHP Execution in certain directories – Adds additional layer of security – here’s how to disable PHP execution via .htaccess.

And whatever you do, always keep your WordPress core, plugins, and themes up to date!

Remember Google recently announced that they added a new change in the algorithm to that impacts hacked sites with spam results. So please make sure that you are keeping your site secure.

We hope this guide helped you fix your hacked WordPress site. If you’re still having issues, then we strongly recommend hiring professional help such as Sucuri or ask your hosting company if they can help with the fix.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

499 Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • Google Analytics in WordPress

    How to Install Google Analytics in WordPress for Beginners

  • Checklist

    Checklist: 15 Things You MUST DO Before Changing WordPress Themes

  • Revealed: Why Building an Email List is so Important Today (6 Reasons)

    Revealed: Why Building an Email List is so Important Today (6 Reasons)

  • How to Properly Move Your Blog from WordPress.com to WordPress.org

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

26 Comments

Leave a Reply
  1. ChayanChakrabarti says:
    Dec 10, 2019 at 12:27 pm

    My word press is hacked and I realized it few days ago— was lookimg for solutions all over the internet and then I found an article which is giving me clear instructions. I will implement this steps and write another comment with solution,

    Reply
    • WPBeginner Support says:
      Dec 11, 2019 at 9:53 am

      Glad our guide could be helpful :)

      Reply
  2. NancyL says:
    Jun 25, 2019 at 6:16 pm

    Hi – at what point do you give up on a website, buy a new domain and webhost??? I’ve been at this for 2 weeks. I cannot access the cpanel or wp admin. The ‘hint’ email to change my cpanel password has obviously a hacker email. I ran a paid subscription Norton scan on my local computer and it says it’s ok. If I change my password in wp admin, I get the email, and then it goes to a big red warning screen that it’s unsafe. Any suggestions? My webhost deleted all users/members, and changed the database prefix. STILL getting hack emails trying to change my password.

    Reply
    • WPBeginner Support says:
      Jun 26, 2019 at 11:03 am

      To protect yourself from some of this, you would want to look at step 2 in our article here:

      https://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

      to password protect your wp-admin area. For your cpanel you would need to reach out to your hosting provider and they would be able to help set that password. For that unsafe message there is normally a reason beneath the warning which would state the issue such as your site not being on https

      Reply
  3. Don says:
    Apr 23, 2019 at 4:41 pm

    WordPress hack. I received the following message from Dreamhost:

    The following file(s) specifically have been identified as attacker-added malware.You will need to audit these files and either replace them with known good versions or remove them altogether:
    /home/unused_domains/sitename.com/plugin.php
    /home/unused_domains/sitename.com/system.php

    How would I replace them? And with what? This is a little above my pay grade and it’s probably a stupid question, but I am clueless regarding this.

    Reply
    • WPBeginner Support says:
      Apr 24, 2019 at 11:58 am

      You can use FTP to remove those files: https://www.wpbeginner.com/beginners-guide/how-to-use-ftp-to-upload-files-to-wordpress-for-beginners/
      Unless you have a setup that added those files then those are not typically normal WordPress files to have on your site

      Reply
  4. Arthur says:
    Jan 11, 2019 at 9:24 pm

    I cant even get into my site, cgi-sys/suspendedpage.cgi appears at the end of the link and it says account suspended

    Reply
    • WPBeginner Support says:
      Jan 14, 2019 at 1:33 pm

      That is normally something added from your hosting provider’s end, you would want to reach out to your host about having that removed.

      Reply
  5. Karissa Skirmont says:
    May 29, 2018 at 11:28 pm

    Hey Syed,
    Did you know that this article is linked by Google as a resource to people that’s site is hacked?

    Dealing with one and was happily surprised when the link I click on at the bottom of the email was this.

    It was the second bullet:
    […]
    Further assistance?
    • Read our resources for hacked sites for detailed information on how to fix your site.
    • Clean up the hacked content so that your site meets Google’s Webmaster Guidelines.
    • Ask questions in our forum for more help – mention message type [WNC-633200].
    […]

    Reply
    • WPBeginner Support says:
      Jun 4, 2018 at 12:28 am

      Hey Karissa,

      Glad to hear that and thanks for sharing :)

      Reply
  6. Anna Mary says:
    Nov 29, 2017 at 5:22 am

    My website is hacked, i tied to reset password last night and i received security code in my email by cpanel , i put this security code and press reset button but unfortunately my internet connection stop working suddenly. Today when i try to reset this password again and put my same email address this cpanel answered me that “Your email don’t match our record”.
    What to do
    pleas help me

    Reply
    • WPBeginner Support says:
      Nov 29, 2017 at 4:15 pm

      Hi Anna Mary,

      Please contact your WordPress hosting company. They may be able to help you recover your account.

      Reply
  7. Ravi Kumar says:
    Mar 16, 2017 at 1:04 am

    My website is hacked, i did not able to open the admin panel it showing the error like “This site can’t be reached” any one help to fix this.

    Reply
    • Rishabh Jain says:
      Nov 3, 2017 at 6:56 am

      You may have forgotten the password!

      Reply
  8. Adam says:
    Nov 18, 2016 at 10:20 am

    Usually happens when you use cheap hosting or leave WordPress site out of date and unattended.

    Reply
  9. asifawan says:
    Oct 3, 2016 at 3:09 pm

    thanks…its very very helpful for newbies.. thanks aloooooooot

    Reply
  10. vaishali says:
    Sep 10, 2016 at 1:19 am

    Hello.. My wordpress site has been hacked. I removing all ype of error and malicious code.but when I searched my site on googgle browser first index display some japaneses character
    plz help me how to remove it…

    Reply
  11. Paul Prem says:
    Aug 9, 2016 at 5:24 pm

    Recently my site was completely hacked. It was built in WordPress. Hackers took control over my website. They used to send spam bulk mails from the server. My account was suspended multiple times. Hosting provider told me that hackers were generating spam mails via some plugins. I was literally confused and no clue. I later changed username and password for admin, cpanel, mysql etc but they were still spending spams. After some research, i have given additional security and restrict access to files. Lets see how it works …….

    Reply
  12. G.P. Gautam says:
    Aug 1, 2016 at 2:54 am

    I switch my site to wordpress and after few days I saw a message – “Hacked by Mr.XaaD” when I search my website in search engines. What is that and how to solve it. At the moment I can’t see my website on search engines. But I can able to login my wp account, hosting a/c as well.

    Reply
  13. Timothy says:
    May 23, 2016 at 10:39 am

    Hi, my site just got hacked. I can’t login to my account at the moment and I don’t want to contact my hosting company because instead of helping, they are used to suspending accounts. Please what can I do because I can’t even afford paying for help right now.

    Reply
  14. ed williams says:
    Mar 26, 2016 at 6:52 am

    A lot of these articles seem to focus on fixing instead of preventing ;)
    I host my site at a managed hosting provider for this reason. Here is what a hosting provider can do to keep you safe:

    Reply
  15. Tom Horn says:
    Nov 9, 2015 at 8:47 am

    Google was showing my blog as potentially being hacked. I used Sucuri to clean up my site and Google removed this label. During all of this the page views to my site plummeted and I cannot seem to get them back to where they were. What is the best process to get your blog website traffic back to where it was?

    Reply
  16. Federico says:
    Oct 13, 2015 at 5:48 pm

    Why do you never mention iPage? I’d appreciate your comments if any, please!

    Thanks!

    Reply
  17. Kathy O'Dowd says:
    Oct 13, 2015 at 12:13 pm

    Back Up Buddy sells products that don’t include telling your how to use them. Doesn’t that seem like a scam?

    Reply
    • WPBeginner Support says:
      Oct 13, 2015 at 5:22 pm

      BackupBuddy has extensive documentation available on their website.

      Reply
  18. Sourav Saha says:
    Oct 13, 2015 at 9:14 am

    But how to secure a WordPress site from SQL injection?

    Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
OptinMonster
OptinMonster
Convert website visitors into email subscribers. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2021 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2021)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2021)
    • SiteGround Reviews from 4464 Users & Our Experts (2021)
    • Bluehost Review from Real Users + Performance Stats (2021)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2021 – Step by Step Guide
Deals & Coupons (view all)
MainWP
MainWP Coupon
Get 15% OFF on MainWP WordPress multisite manager plugin.
Drip Coupon Code
Drip Coupon
Get an exclusive 14-day FREE trial of this powerful marketing automation tool.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).

Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
  • Growth Fund
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon
  • AIOSEO

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress Security by Sucuri.