Turn Your Minimum Efforts Into Maximum Results
  • Products
      Explore package advantages
  • Support
  • Blog
  • Contact

How To Fix Hacked WordPress Website[100% Proven]

how to fix hacked wordpress website

Table ofContents

Your WordPress site is HACKED!!! Dont panic!!

In this friendly guide, we’ll walk you through the steps on how to fix your hacked WordPress site.

You need to follow the steps and rescue your website.

Let’s dive deep.

Signs Your WordPress Site Might Be Hacked

Sometimes, your WordPress site starts acting strangely, and you wonder if it’s been hacked. Here are some signs that could indicate a hack:

  • Can’t access your WordPress dashboard even with the right login details.
  • The site looks different without you making any changes. For instance, your homepage might be replaced, or new content may appear without your knowledge.
  • Your site sends visitors to other strange websites they didn’t intend to visit.
  • Web browser shows a warning when you or others try to visit your site, indicating it might not be safe.
  • When you search for your site on Google, it says your site could be hacked and unsafe to visit.
  • Security plugin notifies you about a breach or unexpected changes on your website.
  • Your hosting company alerts you about unusual activities happening in your hosting account.

How To Fix Hacked WordPress Website?

Now when your site is hacked, it is time to restore it. But how?

There are processes and steps you need to know before jumping to the rescue. There are 8 steps to fix your hacked WordPress site.

  1. Change Website Admin Password
  2. Put Your WordPress Site in Maintenance Mode
  3. Restore Your WordPress Website
  4. Remove Malware
  5. Remove Suspicious and Unnecessary Plugins and Themes
  6. Update WordPress (Optional)
  7. Virus Scanner In CPanel
  8. Secure The Site To Prevent Future Hacks

01. Change Website Passwords

First things first. Let’s change all the passwords associated with your website.

Here are the steps to change your WordPress website login password:

01. Log in to your website’s login page and enter your current username and password. If it does not work, Use “Forgot Password”.

02. Click on your username in the top right corner and select “Edit My Profile”.

03. Scroll down to the “New Password” field in the profile settings.

04. Generate or make a strong password with a mix of letters, numbers, and symbols.

how to fix hacked WordPress website - pass

05. Enter the new password and click “Update Profile” to save the changes.

06. Log out and log back into your website using the new password to confirm the update.

02. Put Your WordPress Site in Maintenance Mode

When you need to update or fix your WordPress website, you might want to put it in maintenance mode. This means visitors will see a special page instead of your site while you work on it.

Here’s how you can do it:

Using a Plugin:

01. Use plugins like Website Builder by SeedProd or LightStart for maintenance mode. These tools help you create a maintenance page easily.

02. Install and activate the plugin. It will guide you in creating a maintenance page with a message saying your site is under maintenance.

03. After you are done with the website restore, only then deactivate the plugin. Your site will return to normal.

Manual Method (if you are a coder on know coding):

01. Create a file called “.maintenance” in your site’s main folder.

02. Inside this file, add the code: <?php $upgrading = time(); ?>. This code tells WordPress that your site is under maintenance.

03. When you’re finished, just delete the “.maintenance” file. Your site will go back to its regular state, visible to visitors.

Note: While your site is in maintenance mode, people can’t access it. This is helpful when you’re making changes, but ensure everything works well before making your site public again.

03. Restore Your WordPress Website

Restoring your WordPress website from a backup means bringing your website back to life after something went wrong.

Here’s how you can do it in easy steps:

01. Log in to your hosting account.

how to fix hacked WordPress website-cpanel

02. Access your website’s FTP or a file manager to get into your website’s files.

03. Look for a folder named “wp-content.” Inside it, there might be some old, problematic files. Delete them.

04. Take the “wp-content” folder from your backup and upload it to your website. This folder has all your pictures, plugins, and themes – everything your website needs to look and work correctly.

05. Fix the database. Go to phpMyAdmin (usually found in your hosting control panel).

how to fix hacked WordPress website - phpmyadmin

06. Import the database from your backup.

how to fix hacked WordPress website - import

07. Connect the new database.

08. Finally, test your website. Check around and see if everything works as it should.

04. Remove Malware

Let’s kick those pesky hackers out! We’ll show you how to identify and remove malware from your WordPress site.

With the help of security plugins and some manual checks, we’ll make sure your website is squeaky clean.

Follow the steps:

01. Install a trusted security plugin like Wordfence or Sucuri Security.

02. Run a full website scan using the security plugin. Let it dig deep into your site’s files and find any malicious code hiding in there.

03. Once the scan is done, the plugin will highlight infected files. Don’t panic! Delete these files – they’re the malware culprits.

04. Seek professional help if needed.

05. Remove Suspicious and Unnecessary Plugins and Themes

In this step, go through your WordPress plugins and themes. Remove anything that seems suspicious or unnecessary:

01. If you find plugins you didn’t add, get rid of them. They might be harmful.

02. If a plugin hasn’t been updated recently, it could have security issues. Update them to stay safe.

03. Get rid of plugins from unknown sources: If you’re not sure where a plugin came from, delete it. Stick to trusted sources to avoid potential problems.

Note: Check for user accounts. If you find any user that you did not add or know, immediately delete their account.

06. Update WordPress (Optional)

If you’ve tried everything and still can’t use WordPress or access your website, reinstalling WordPress might solve the problem. Don’t worry; your website’s content won’t be lost.

Here’s how you can do it, even if you can’t get into your WordPress dashboard:

01. Go to Dashboard => Updates.

02. Click on the Reinstall button. This will reinstall WordPress without removing your website’s content.

07. Virus Scanner In CPanel

You can check for malware or virus from the hosting control panel. Follow the below steps:

01. Log into your cPanel account.

how to fix hacked WordPress website-cpanel

02. Navigate to the virus scanner. In most cPanel interfaces, you can find it under the “Advanced” or “Security” section. If you don’t see it, contact the support team.

03. Select the scan type. There are typically two options:
Home Directory: This option scans all files within your hosting account.
Public Web Space: This option scans only the files that are publicly accessible on the internet (usually your website files).

04. Start the scan and wait for the scan to complete.

05. Once the scan is complete, a list of any infected files or suspicious code will be given.

06. Delete those infected files.

08. Secure The Site To Prevent Future Hacks

Prevention is the best medicine. We’ll share some insider tips on securing your WordPress site to prevent future hacks.

Make sure you follow them:

01. Keep everything updated.

02. Always install a trusty security plugin.

03. Make a strong password. Mix uppercase and lowercase letters, toss in some numbers and symbols – and create a password that even you’d struggle to crack.

04. Enable two-factor authentication.

05. Only download themes and plugins from reputable sources.

06. Regularly back up your site.

Final Thought

There you have it, a friendly step-by-step guide to fixing a hacked WordPress website.

Remember, immediate action is your best friend in these situations.

Stay proactive, keep your website security tight, and you’ll enjoy a safe and secure online presence.

Happy fixing!

Frequently Asked Questions

Can a hacked website be restored?

Yes, a hacked website can be restored through various methods, including using backups, cleaning malware, and strengthening security measures.

How to remove a virus from WordPress?

To remove a virus from WordPress, you can use security plugins like Wordfence or Sucuri, scan your website, identify infected files, and remove or replace them. Regular updates and strong passwords also help prevent infections.

How do I remove a Trojan from my WordPress site?

Removing a Trojan from your WordPress site involves using security plugins to scan for malicious files, deleting infected files, updating themes and plugins, and enhancing overall website security to prevent future infections.

How do hackers know my WordPress username?

Hackers often use techniques like brute force attacks or exploiting vulnerabilities to guess or obtain WordPress usernames. To prevent this, use unique usernames, employ strong passwords, and limit login attempts. Additionally, consider two-factor authentication for added security.

How do I know if my WordPress site has a virus?

You can check for a virus in your WordPress site by using security plugins, conducting regular malware scans, monitoring for unexpected website behavior, and checking for unknown or suspicious files in your website directories.

My WordPress site got hacked, and I can't login. What to do?

If your WordPress site is hacked and you can’t log in, you can regain access by resetting your password through the “Lost your password?” link on the login page or by accessing your website files via FTP and disabling plugins/themes temporarily to troubleshoot the issue.

How to check if a WordPress site is hacked?

You can check if your WordPress site is hacked by looking for unfamiliar code in your files, unexpected pop-ups, unauthorized users in the admin panel, sudden traffic spikes, or unusual website behavior. Security plugins can also help you scan and identify malicious activity.

What are some WordPress malware removal plugins?
  1. Wordfence Security
  2. Sucuri Security
  3. MalCare Security Service
  4. SiteLock Security
  5. iThemes Security

To find and remove spam link injections in WordPress, use security plugins to scan your website, inspect your theme and plugin files for unfamiliar code, and regularly monitor your website for any unusual outbound links. Remove any suspicious code and update your themes and plugins.

What are the best security plugins for WordPress websites?
  1. Wordfence Security
  2. Sucuri Security
  3. iThemes Security
  4. All In One WP Security & Firewall
  5. BulletProof Security
What are some WordPress firewall plugins?
  1. Wordfence Security
  2. Sucuri Security Firewall
  3. All In One WP Security & Firewall
  4. Cloudflare Firewall Rules (integration with Cloudflare CDN)
  5. BBQ: Block Bad Queries (lite firewall plugin)

Share this post to your social media

advanced divider
Picture of Shamima Nasrin
Shamima Nasrin
Shamima Nasrin is an accomplished Senior SEO Content Writer and Content Manager in the WordPress Arena. Skilled with over 5 years of experience, her expertise lies in crafting compelling, high-quality content that drives conversions and resonates with target audiences.

Leave a Reply

Over 300,000+ Readers
Get fresh content from Bdthemes
Subscribe tonewsletter

Get Tips & Tricks, Updates, Fresh Blogs & Offers.

No spam messages. Only high-quality information that you deserve.

Explore OurProduct

Table of Contents

Take advantage of fine-tuned plugins

Get Customizable Elementor Widgets to Power Up Your Website

Take advantage of fine-tuned plugins to speed up web projects without sacrificing quality. We offer a 14-days money-back guarantee.
BdThemes is the sole owner of #1 market-leading addons for Elementor such as Element Pack Pro, Prime Slider, Ultimate Post Kit, Ultimate Store Kit, Pixel Gallery, and more useful plugins. This website is powered by Element Pack Pro and Rooten Theme.

Subscribe to newsletter

Get Tips & Tricks, Updates, Fresh Blogs & Offers.
Join Now

Join Thousands of Happy Users

Get Tips & Tricks, Updates, Fresh Blogs & Offers.
Need any further assistance? Call Us:+880 1700 55 95 95
Our supported payment system and security badge