So use them if you value your time, you’re not tech-savvy, or if you just want peace of mind.
For all the DIY folks, simply follow the steps below to clean up your hacked WordPress site.
Step 1. Identify the Hack
When dealing with a website hack, you’re under a lot of stress. Try to remain calm and write down everything that you can about the hack.
Below is a good checklist to run down through:
- Can you login to your WordPress admin panel?
- Is your WordPress site redirecting to another website?
- Does your WordPress site contain illegitimate links?
- Is Google marking your website as insecure?
Write down the list because this will help you as you talk with your hosting company or even as you go down the steps below to fix your site.
Also it’s crucial that you change your passwords before you start the clean up. You will also need to change your passwords, when you’re done cleaning the hack.
Step 2. Check with your Hosting Company
Most good hosting providers are very helpful in these situations. The have experienced staff who deal with these kind of things on a daily basis, and they know their hosting environment which means they can guide you better. Start by contacting your web host and follow their instructions.
Sometimes the hack may have affected more than just your site, specially if you are on shared hosting. Your hosting provider may also be able to give you additional information about the hack such as how it originated, where the backdoor is hiding, etc. From our experience, HostGator and Siteground both are very helpful when something like this happens.
You may even get lucky and the host might clean up the hack for you.
Step 3. Restore from Backup
If you have backups for your WordPress site, then it may be best to restore from an earlier point when the site wasn’t hacked. If you can do this, then you’re golden.
However if you have a blog with daily content, then you risk losing blog posts, new comments, etc. In those cases, weigh the pros and cons.
Worst case, if you don’t have a backup, or your website had been hacked for a long time, and you don’t want to lose the content, then you can manually remove the hack.
Step 4. Malware Scanning and Removal
Look at your WordPress site and delete any inactive WordPress themes and plugins. More often than not, this is where hackers hide their backdoor.
Backdoor is referred to a method of bypassing normal authentication and gaining the ability to remotely access the server while remaining undetected. Most smart hackers always upload the backdoor as the first thing. This allows them to regain access even after you find and remove the exploited plugin.
Once you have done that, now go ahead and scan your website for the hacks.
You should install the following free plugins on your website: Sucuri WordPress Auditing and Theme Authenticity Checker (TAC).
When you set these up, the Sucuri scanner will tell you the integrity status of all your core WordPress files. In other words, it shows you where the hack is hiding.
The most common places are themes and plugin directories, uploads directory, wp-config.php, wp-includes directory, and .htaccess file.
Next run the Theme Authenticity Checker, and it will display your results like this: