What to do if your WordPress site is hacked

Has your WordPress site been hacked, and you don’t know what to do next?

WordPress powers millions of websites worldwide due to its flexibility, scalability, and ease of use. Unfortunately, its popularity also makes it a target for hackers seeking to exploit vulnerabilities. Malicious content, suspicious redirects, or a complete shutdown – these are all signs of a hacked website. 

While the situation might seem overwhelming, taking the right steps will help you minimise damage and restore your site’s integrity.


Hire a security expert


Seeking help from a WordPress security expert is arguably the most practical way to ensure a complete and swift recovery of your website. 


A hacked website holds valuable forensic data, just like fingerprints at a crime scene. Hackers hide malicious scripts in various locations on your website, which allows them to come back and hack it again. 

WordPress security specialists have a deep understanding of the platform’s vulnerabilities and the latest hacking tactics. They know how to collect and analyse this forensic data without accidentally destroying it. This information is essential for identifying the culprit and understanding how they infiltrated your site so that you can prevent similar attacks in the future.

Most importantly, a security expert can pinpoint the root cause, assess the damage, and implement the most effective repair strategies suitable for your scenario. They will also diagnose and fix the problem more efficiently and quickly, which will help minimise your website’s downtime.


How to find a WordPress security expert

  • Security firms: Many cybersecurity companies specialise in website security. Research reputable and reliable firms, check their online reviews and contact them for consultations.
  • Freelance marketplaces: There are several freelance security professionals available on platforms like Upwork or Fiverr. Look for individuals with experience in WordPress security and strong client testimonials.
  • Word-of-mouth referrals: Ask your web developer or IT contacts for recommendations. They might have firsthand experience with website security specialists they trust.

The alternative approach: DIY site recovery


If you’d prefer to tackle the challenge yourself, this section will walk you through how to fix a hacked WordPress site yourself.


Consult your web hosting provider

Before proceeding with the DIY steps, it would be a better idea to consult with your web host.

Most hosting providers offer assistance and resources to help resolve security issues affecting your website. Reach out to them and provide as much detail as possible about the hack. This includes any suspicious activity you’ve noticed or changes made to your site.

Sometimes, the hack might require changes on the server side, which you cannot access through your WordPress dashboard. In that case, your hosting provider has the necessary access to make these server-level modifications and get your website back on track.


Restore from a backup (if available)

Restoring from a backup essentially rewinds your site to a point before the hack occurred. This is a secure way to recover your hacked site, as long as you have a recent and clean backup.

Remember that restoring from a backup might mean losing some of the recent content you added. That’s because backups are snapshots of your site at a particular time, so the most recent changes you made might not be saved.

Now, how to restore your site from a backup?

The first step is to find the specific backup file(s) containing the clean version of your website. This could be through your hosting provider’s automatic backups or a reliable WordPress backup plugin like UpdraftPlus

After that, follow the specific instructions provided by your backup solution to restore your site. Once your backup is restored, thoroughly inspect your site to ensure everything functions correctly and the hack is removed.


Clean up the hacked site (if no backup is available)

 If you don’t have a backup, here are the alternative steps you can follow:


1. Update plugins and themes

Check whether all of your plugins, themes, and other software used on your website are up to date. Every piece of outdated software is a potential entry point for a hacker, so keeping everything updated is essential. 

Log in to your WordPress dashboard and navigate to the Updates section to update everything that’s outdated. Also, make sure to enable automatic updates whenever possible.


2. Change passwords and enable TFA

Remember to change ALL of your passwords. This includes FTP/SFTP logins, your WordPress admin panel, any control panel you use with your hosting provider (like cPanel), and your MySQL database. 

Create complex, lengthy, and unique passwords for each access point. You can also consider implementing a two-factor authentication (TFA) system. This adds an extra layer of security by requiring a second form of verification, such as a PIN code, when logging in to your WordPress site.

Expert tip: If your website has multiple users, you should force a password reset for all of them.


3. Verify user accounts

Don’t assume a single compromised account is the only one. Hackers are often sneaky and create multiple accounts so they can keep coming back. That’s why you must review all user accounts and permissions. 

Head to the ‘Users‘ section in your WordPress dashboard. Here, you’ll see a list of all registered users and their assigned roles. Look for any usernames you don’t recognise or unexpected permission levels – these could be major red flags.




If you find a suspicious account, delete it immediately. Hover over the suspicious account name and click Delete.




Note: Deleting a user is permanent, so always double-check with other website administrators before taking action.


4. Run a malware scan to help identify changed files

Once you’ve secured your user accounts, check your website for any lingering malware the hacker may have installed. These malicious programs can hide in various places on your site, including themes, plugins, and even core files. To uncover them, consider using a security plugin with a malware-scanning feature, such as All-In-One Security (AIOS). AIOS automatically scans your website for malware and notifies you of any issues within 24 hours. 


5. Deactivate problematic plugins

Although plugins enhance your site’s functionality, they can sometimes cause conflicts or become security risks. In fact, outdated or poorly coded plugins are one of the biggest root causes of most website hacks.

To identify if a plugin is the culprit, temporarily deactivate it. Remember that disabling everything at once might break your site’s functionality. So it’s always a better idea to disable them one by one.

To disable plugins, open your WordPress dashboard and go to Plugin > Installed Plugins. Click the Deactivate option under each plugin’s name.



Warning: Removing certain plugins without proper knowledge can lead to data loss or site malfunction. It’s recommended to consult with a professional or take a backup before making any changes.


6. Clean your WordPress database

Your WordPress database stores all your valuable content, like posts, pages, and user information. Sometimes, hackers gain access to your WordPress site by injecting malicious code into this database.

To clean your WordPress database after a hack, you can use a WordPress plugin, or you can manually access and edit your database using a tool like phpMyAdmin. For the latter, look for unusual tables or prefixes you don’t recognise. This might include:


  • Strange characters or gibberish
  • Injections of URLs or code
  • Unexpected user accounts

After identifying the malicious tables or entries, delete them entirely. If you are unsure, edit the content to remove harmful code.

Remember to create a backup of your site before cleaning your database.

Note: Only remove entries you’re confident are malicious. Editing the wrong data can break your site.


7. Make use of an audit log

If your web host offers audit logs, you can use them to your advantage. These logs track user activity, including login attempts. Security plugins like AIOS also include these features.

Look for entries with usernames or IP addresses you don’t recognise. These could be signs of unauthorised access attempts.

If you find a suspicious entry, note down its username, IP address, and timestamp. You can use online tools like IP Geolocation API to see the approximate location of the suspicious IP.

You can also block them via your host or security plugin. 


8. Reinstall WordPress (as a last resort)

If all else fails, reinstalling WordPress might fix a hacked WordPress site.

For this, avoid using the ‘reinstall’ option in your WordPress admin. It often misses hidden malicious files. Instead, use an FTP/SFTP application to upload the correct version of the files directly. This way, you overwrite everything while making sure no infected files are left behind.



We hope this guide helped you learn how to fix your hacked WordPress site.

Regaining control of your hacked WordPress site can be stressful. However, by following the right approach, you can restore your site and protect it from future attacks. 

To keep your site safe and secure in the long run, use a trusted WordPress security plugin like All-in-One Security (AIOS)

AIOS implements the latest recommended WordPress security practices and techniques to give your WordPress site the protection it needs. It scans your site for malware and notifies you of any issues within 24 hours. 

Here are some additional (free and premium) advanced security features AIOS offers:


  • Firewall and file protection
  • Password strength tool
  • Login lockout
  • Malware scanning
  • Flexible two-factor authentication
  • Smart 404 and country blocking

So, if you want a simple way to boost your digital safety, try All-in-One Security (AIOS)!


FAQs (Frequently Asked Questions)


Has my WordPress site been hacked?

There are several signs that might indicate your WordPress site has been compromised. Here are some red flags:

  • You can’t log in to your WordPress admin dashboard.
  • Your site redirects visitors to a different website.
  • You notice new and unfamiliar user accounts.
  • Your site’s content or layout has changed unexpectedly.
  • Your visitors receive security warnings when trying to access your site.
  • Your site is unavailable or experiencing slow loading times.
  • Your security plugin or hosting provider notified you of suspicious activity.

If you experience any of these issues, it’s best to investigate further.


Can a hacked website be recovered?

Yes, in most cases, recovery is possible. Here’s a general approach to how to fix a hacked website:

  1. Update plugins and themes
  2. Change passwords and enable TFA
  3. Verify user accounts
  4. Run a malware scan to help identify changed files
  5. Deactivate problematic plugins
  6. Clean your WordPress database
  7. Make use of an audit log
  8. Replace specific core files

Remember, the process depends on the severity of the hack. So, instead of doing things yourself, it’s always recommended to hire a professional to resolve the issue for you.


How do I secure my WordPress site?

Here are some key steps to secure your WordPress site:
  • Use two-factor authentication
  • Use strong passwords
  • Keep your software updated
  • Choose a secure web hosting
  • Utilise a reliable security plugin

How do I check for malware on my WordPress site?

To check for malware on your WordPress site, use a reputable security plugin like AIOS that offers a malware-scanning feature. This plugin scans your WordPress site for malware and even notifies you of any issues within 24 hours.



Share This Post

More To Explore...


WordPress security audit checklist

Ensuring your WordPress website’s security is vital for protecting sensitive data, keeping customer trust, and safeguarding your online business. A