How to fix a hacked WordPress site and prevent future hacks
Looking for a quick and effective way to clean up a hacked website?
When your website is hacked, the consequences can be devastating. Hackers can redirect your traffic, scam visitors, steal sensitive data, and the list goes on.
The really worrying thing is that once hackers get in, they use all sorts of tactics to make sure they can access your site even after you clean it up.
In this tutorial, we’re going to show you the most effective way to fix a hacked WordPress site so you can get it back to normal in no time. Plus, we’ll show you how to close all entry points so you can be sure your site is protected in the future.
We know you may be in a hurry to get straight to the solution, so here’s a table of contents you can use to jump to the section that interests you the most:
- How to Effectively Fix a Hacked Website
- How to Effectively Fix a Hacked Website
- Step 1: Run a full website scan
- Step 2: Request a malware cleanup
- Step 3: Remove website blacklists
- Steps to Take After Recovering from a WordPress Hack
- Prevent WordPress Hacks on Your Website
How to make sure your site has been hacked
Before you dive into cleaning up your site, it’s best to be sure that your website is actually hacked. Sometimes, you may see your website slowing down and jump straight to the conclusion that it’s hacked when it may be another problem.
So first, you can look out for these common signs and symptoms of an attack on your site:
- You can’t log in to the admin panel or it says your username does not exist.
- Your site displays ads or pop-ups for illegal or fake products.
- Ranking for random keywords that look spammy
- Traffic suddenly drops because hackers are redirecting you , although this could also mean you’ve been penalized by a Google algorithm update.
- Your website performance has suddenly slowed down.
- Google warns visitors that your site is misleading or malicious.
- Your web hosting provider has suspended your account because they have detected malware.
As you can see,
there are many signs that your site has been hacked and you can find out for sure by using a security scanner.
You can run a malware check right now using our free Sucuri malware scanner .
All you have to do is enter your website URL and the scanner will analyze it. If it detects any malware, it will give you a report like this:
If you get a clean report and still suspect that your site has been hacked, we recommend using a server-side scanner.
Web scanners are pretty good at quickly detecting malware, but they are limited in that they don’t have full access to your site. They can only tell you what’s going on from the outside. This means they might show your site is clean when the infection is hidden deep within a folder on your site.
With a server-side scanner, you will need to install it on your site and it will scan your WordPress website’s files, folders, and database from the inside.
If there is any suspicious activity or malware, the scanner will alert you immediately.
Below we will show you how to install a security solution that comes with a server-side scanner and cleans malware to fix your hacked site.Once you submit this form, Sucuri will take care of the rest. A security staff will be assigned to hong Kong phone number library your website who will clean up all infected files and databases. They will make sure that your website is completely free of malware and backdoors.
How to Effectively Fix a Hacked Website
To properly scan and clean a hacked website, we recommend Sucuri .
Sucuri is the best how to publish and sell an ebook on wordpress security solution for WordPress websites. It comes with a server-side scanner that automatically scans and monitors your website at regular intervals.
If it detects anything suspicious, it will send you a notification instantly. Aside from that, here’s why we recommend Sucuri so strongly:
- Regularly monitor spam and malicious code
- Check blacklists from search engines and other authorities
- Monitor website uptime
- Detects changes made to DNS (Domain Name System) and SSL
- Instant alerts via email, SMS, Slack and RSS
- Check for hidden backdoors created by hackers that allow them to gain access even after cleaning the malware infection.
Sucuri’s server-side scanner is available in the pro version which starts at $199.99 per year. This gives you access to a complete security setup for your site. You’ll have access to unlimited malware removal in case your site gets hacked and a rock-solid firewall to prevent any future attacks.
If you want to explore alternatives, check out our list of fanto data the 9 Best WordPress Security Plugins Compared .
Now we will show you how to use Sucuri to scan, clean and protect your site.
Step 1: Run a full website scan
The first thing you need to do is sign up for a plan with Sucuri.
Next, log in to your account and add your website to the control panel.
You will now need to enter your FTP credentials to grant Sucuri access to your website. If you don’t know your FTP credentials, you can contact your web hosting provider’s support and simply ask them for them.
Once you have successfully added your site to the dashboard, Sucuri will automatically run the scanner. It will check all of your WordPress files and database for malware or hacker activity.
Once the scan is complete, it will create a report showing you if your site is hacked or clean.
Next to the warning message, you can click the Details button .
A page will open where you can read the full report.
You will see the following details:
- Safety notices with risk level
- Search Engine Blacklists
- Uptime Monitoring
- Recent changes in DNS and SSL
Now that you are sure you have a hacked WordPress site, we will show you how easy it is to clean it up with Sucuri.
Step 2: Request a malware cleanup
To remove malware from your site, on the same reporting page within the Sucuri dashboard, you will see an option to “Clean my site.”
This will take you to a new page where you can request a malware removal.
If you do not know this information, ask your web hosting provider and they will provide it to you.
If you purchased the Business plan, Sucuri will have your site back up and running within 6 hours. For other plans, it largely depends on how complex your site’s infection is and the volume of requests they have in the queue.
Step 3: Remove website blacklists from search engines
Once your website is clean, you will need to let the search engines know so they can review it and remove it from their blacklists.
This will also remove the warnings on your site, so that visitors will no longer be alarmed that your site is infected.Sucuri allows you to start the whitelisting process from your dashboard. You can request reviews from all search engines.
That being said, we’ll also show you how to request removal from a blacklist on Google. You’ll need to have a Google Search Console account already set up.
If you don’t, you can sign up for Google Search Central now . For more help with this, use our guide to Submitting your website to search engines .
Once you’ve logged into your Google Search Console dashboard, go to the Security Issues tab in the left menu.