• Skip to main content
  • Skip to primary sidebar
  • Home
  • Technology
  • Inspiration
  • Photography
  • Business
  • Games
  • More
    • SEO
    • Tutorial
      • Coding
      • WordPress
    • Resume/CV
    • Graphics
      • Logo
    • Wallpapers
    • Freebies

Free Web Resources

For Smart Internet Users, Designers and Developers

How to Clean a Hacked WordPress Site?

by Rupesh Kumar

It is not uncommon to find your WordPress website was hacked or infected by malware, especially if you are running an outdated version of WordPress, PHP and MySQL. Most people do run out-of-date versions of core WordPress files as well as third-party themes and plugins, according to stats by WordPress.org.

We’ll list methods to clean your hacked website below but you must start with the basics. It means that in the first place you should secure your login to the administrator’s panel you are using to access and manage your website.

Hacked WordPress Site

Introduce Secure Access Controls

Using complex passwords and changing them often is a no-brainer. It applies to any platform you might use, not only Windows-based systems. Linux and Mac systems are as vulnerable to weak credentials and network sniffing as any Windows system.

So, take your time and find a reputable VPN service that will encrypt all the data traffic between the devices you use to access your WordPress administrative panel. You can try a totally free VPN for Mac, Windows or Linux relatively easy; thus solving many of your data privacy issues and concerns.

As a VPN is not a replacement for strong passwords, you still need unique and complex passcodes to protect your web property but you’ll have an extra layer of protection to prevent hacking of your site in the first place.

Got Hacked, Now What?

First of all, you should carefully document all the suspicious events and when they occur. Also, document all your recent activities such as installing a new plugin and changes to a theme or a widget you use on WordPress.

Thus, you actually create an incident report that you or a security expert will use to explore the hack in more detail.

Make Complete Website Scan

Once you discover suspicious behaviour such as automatic creation of new users, reports that your site is in use for attacks on other websites, visitors saying their antivirus software is flagging your website, etc., you obviously need to scan your site for malicious code.

You have two basic options: to use an online scanner or a standalone app. Whatever your choice of malicious code scanner might be, bear in mind that no scanner detects all threats. Combine two or more security tools to get the best results.

Scanning your website only is not enough, though.

Scan Your Local Devices

Although many WordPress websites fail victim to automated scripts that actively search for vulnerable ports and sites online, a good number of website infections start at the local level. It means you need to scan your local environment for possible malicious agents.

Run a full antivirus scan on all your desktop and laptop computers as well as mobile devices you use to manage a WordPress site. A sophisticated malware that runs locally would allow attackers to steal your login credentials and then log in as a website administrator.

Use at least a couple of antivirus suites on any Windows, Mac or Linux machine you use for accessing your wp-admin control panel or any other administrative panel you may use.

Force Global Password Reset

If the malware scanning produces positive results, a mandatory step to take is to reset all passwords on your website and force users to change their passcodes. Thus, you minimize the risks of spreading the malware further and prevent access through compromised administrator and user accounts.

In case you have identified an active hack on your site, you also need to clear all logged in users. Change the keys in wp-config and any active user will be forced off your WordPress site.

Clean Hacked WordPress Files

Now we come to the hardest part of the job, cleaning your compromised WordPress site.

It usually works by reinstalling specific elements of your website. First, you can try to reinstall your WordPress software but make sure you are using the same version on which the site was running prior to the hack. An installer overwrites existing files and thus it will replace any core files changed by the malicious software. Official WordPress guides state that you can safely replace the contents of these two critical directories: /wp-admin and /wp-includes.

Other files you should check and replace in case of successful hacking include index.php, header.php, footer.php and function.php. Be on alert that any changes to these files might make them vulnerable, so make any changes with utmost care.

The root of your WordPress installation directory stores a file named .htaccess, which is one of the common attack vectors when WordPress sites are concerned. Any changes to this file by a third-party code might result in your site being compromised and then used for malicious activities. Check its behaviour and make any changes you deem necessary to restore its normal operation.

Concluding Words

It is worth noting that hacks rarely affect a single site these days except for websites that are victims of a targeted attack.

Usually, malware affects dozens and hundreds of WordPress sites at once. Using shared hosting servers, which is where the average website resides, increases the chance of multiple websites being infected at the same time. So, check with your hosting provider before you implement any of the above measures. Sometimes hosting providers are able to rectify the issue by themselves.

In any case, the single most important action you can take to protect your site against hacking is by applying all available updates and patches on time, utilizing a secure and encrypted connection for accessing your control panel and implementing strong and unique passwords. Scanning your WordPress site for vulnerabilities on a daily basis is another viable preventive measure against hacking. Do not take these preventive measures lightly as many hack result in complete destruction of your website, which in turn means you need to restore it from scratch if you do not have a safe backup of all your site data.

What to read next?

  • Best Resources to Learn WordPress
  • 5 Best WordPress Facebook Plugins You Should Use
  • 3 Ways to Create a Website Without Writing Code
  • Save Useful WordPress Guides on Windows 7 with Movavi Screen Recorder
  • Tips on WordPress website design and how to use a theme detector in 5 steps
  • 5 Tools for Making an Appealing WordPress Blog

Share this:

  • Twitter
  • Facebook
  • More
  • Pinterest
  • WhatsApp

Filed Under: Tutorial, Wordpress Tagged With: tutorial, wordpress

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Search

Trending

  • 40 Creative Sport Print Ads - Inspired
    40 Creative Sport Print Ads - Inspired
  • 7 Best Video Chat Websites
    7 Best Video Chat Websites
  • 30 Examples Of Shadow Photography Taken at Perfect Time
    30 Examples Of Shadow Photography Taken at Perfect Time
  • Birth Certificate Templates
    Birth Certificate Templates
  • 20 Best DVD Menu & Software
    20 Best DVD Menu & Software
  • There’s A New Runner in Town: Run 5 Unblocked
    There’s A New Runner in Town: Run 5 Unblocked
  • The Meaning of Each and Every Airport Signs
    The Meaning of Each and Every Airport Signs
  • 30 Funny Examples Of Fat Animals
    30 Funny Examples Of Fat Animals
  • 15 Wonderful Magical Pictures for Creative People, and Children
    15 Wonderful Magical Pictures for Creative People, and Children
  • 25+ Wonderful Examples Of Free Flash Templates
    25+ Wonderful Examples Of Free Flash Templates

Pages

  • About
  • Privacy Policy
  • Contact
  • Facebook
  • RSS
  • Twitter

EMAIL NEWSLETTER

Get the latest in your Inbox for free.

Copyright © 2023 · Free Web Resources