PHPMatters Help You Better Hosting Your PHP-based Sites
What Should You Do When Your WordPress Site Is Hacked

What Should You Do When Your WordPress Site Is Hacked

WordPress, as the most-widely used CMS and blog builder, is the main target of many malicious hackers. Its open-source nature and large demands of themes and plugins make the bug-inserting an easy thing. Therefore, almost 80% of WordPress users may encounter the hacking issues sometimes.

In this case, how to deal with the hacking situation? Here, we’d like to list some necessary steps when you find that you WordPress sites are hacked, along with some precaution tips against the online hackers.

Basic Things You Need to Do When WordPress Hacked

Once you make sure that your WordPress site is hacked, you’d better not to be panic but stay calm, carrying out the following steps in the very beginning.

Step 1: Inform the World of Your Hacking Issue

Hacking MessagePersonally, when your website is under hacking, you’d better tell your readers about the situation, so that they will not be misled by the wrong information or be negatively affected by some infected contents. Here, you can write out a warning message along with your contact method, and place it at the most obvious location of your webpage, such as the sidebar.

Besides the online readers, you also should pay attention to the search engines. Generally, when searching spiders find that your website is hacked, they will tag your site as a harmful one and down your ranking to some extent. Therefore, to avoid them finding the situation, you’d better turn off your site temporarily so that they will not browse your webpage until it is back to normal.

To make your site unavailable during some days, you can adopt the WP Maintenance Mode plugin, with which you can let both search engines and your visitors know that your website is down and is coming soon. Note that this kind of maintenance mood does not harm your SEO and previous traffic.

Step 2: Contact Your Web Hosting Provider

In fact, the vulnerabilities of hosting environment are more likely to cause the hacking issue, so you need to tell them that your website is hacked so that they can check and fix if the trouble is caused by their hosting solutions.

Also, many web hosts close your website automatically when some suspicious factors are observed. Therefore, you need to contact them to get your site up and running.

Step 3: Restore Your Backup Files

It is great if you have backed up your WordPress site just a few days ago, for you can get everything back to normal simply using the latest backup files. To do this, you can either use some WordPress plugins like BackupBuddy or the tool of phpMyAdmin. If you do not know how to start, simply refer to this WordPress restoration tutorial to get the detailed steps.

Step 4: Figure Out the Latest Changes

This can happen if you use SSH access. Here, you can run some special commends to figure out which files are changed during the recent days. This practice is more likely to help you grab the virus placed by hackers.

For instance, you want to scan the changes during the last two days, you can use the following line.

Find/home/directoryname/domainname/ -mtime -2 -1s

Clean Up WordPress Manually

After finishing the first two steps as we have mentioned, you have to clean up your WordPress site manually if you have no backup files. This way can erase all the hacking components and make your site be running properly again. We have listed the critical steps in the following.

Backup Everything

No one can ensure that there will be nothing wrong during the cleanup process of WordPress, so you firstly need to have a backup copy of your hacked website; especially your textual files and images that are coming from you originally, for these components are hard to track after your site is fixed.

As for some zip files for themes, plugins and scripts, you are not forced to backup them. After all, you can download them again from the original source. However, you have to make sure that you haven’t made any changes on them.

Download and Install Fresh WordPress with the Latest Version

Now, you need to download and install WordPress with the latest version from WordPress.org. This can make sure that all the files and folders are safe without bugging things. Here, do not choose to upgrade WordPress. This practice only replaces some core files, so you cannot make sure that the rest are risk-free, possibly leaving a backdoor to hackers.

Remove Everything in WP Directory

Now, you have all the files and data copied and stored in a safe place, so it’s time to delete everything in your WordPress root directory. This process can completely remove all the dangerous and infected components.

Personally, we recommend you to use File Manager in your control panel. We are not meaning that the utilization of FTP is wrong. This is just because FTP may cause you much time and you may encounter the disconnection issue with your server.

Delete Using File Manger

Upload Your Saved Copies

Next, you can upload everything you have previously downloaded and saved using either File Manger or FTP. Here, you cannot forget to rename your WordPress configuration file as it is named as wp-config-sample.php when you install a new version of WordPress from scratch. Also, do not forget to reset your password and username to close any backdoor for hackers to intrude your site again.

As everything is done, you can run your website to figure out whether there is anything still wrong.

General Hacking Reasons and Corresponding Solutions

Some of you may feel the process of cleanup is complicated and time-consuming, and only just want to repair your site from some hacking components. To be frank, no one knows which part of your site is hacked as a WordPress site is composed by dozens of files, folders and data. But generally, there are three reasons that are more likely to cause your site to be hacked. Therefore, once your site is under hacking, you can try to fix the following things in the very beginning.

Plugin Bugs

At present, even the official WordPress Plugin Directory offers more than 37,000 options of plugins, let alone the offerings from some third parties. This large demand allures many hackers to insert bugs into plugins, especially those free, open-source and non-official ones. As investigated by WPTemplate, 22% of WordPress sites are hacked by bad plugins.

In this case, once your site is hacked, you can firstly clear all your plugins installed on the website. You can do this using your backend admin, but to ensure that you will not leave one infected data left, we highly suggest you to locate to the directory named as “wp-content/plugins” and delete the entire directory in one time, but not some of its files and folders.

Theme Bugs

The same reason as plugins, the WordPress template is another common reason that leads to WordPress hacking issues. Therefore, you can carry out the same procedure as we have mentioned above and resort to the default WordPress themes that can be guaranteed completely bug-free.

Old Version of WordPress Core, Themes and Plugins

The developers of WordPress, your installed themes and plugins will constantly update the items. This is because everything has multiple loopholes. Once hackers find the vulnerabilities, the developers have to fix them and release the new version that is more secure.

However, some of you may forget to update them constantly, so hackers can easily enter your website from the public vulnerabilities. In this case, you can delete the themes and plugins if they are bug containers. Or, you can install a fresh new WordPress and import all your files and folders into it.

Future Hacking Preventions

To be frank, hackers can intrude your website via various channels, so it is impossible to list all the situations. When this happens, the best way is to cleanup your website unless you can find out the real “trouble-maker”. Thus, to avoid such an annoying situation, you’d better carry out a list of precautions to eliminate the possibility of hacking issues.

  • Keep everything up-to-date including WordPress version, plugins, themes and PHP scripts.
  • Regularly scan your local machines to avoid virus and malware.
  • Backup your website at least once a week and keep the backup files secretly.
  • Install special security plugins for WordPress website from the official directory.
  • Hide your WordPress version.
  • Use random and hard-to-remember username and password for admin.
  • Safeguard your WordPress configuration files and configure a login attempts.
  • Keep an eye on everything that is changed on your site using a file monitor plugin.