What to do if your WordPress Site Gets Hacked

Some estimates state that 40% of websites use the Content Management System (CMS) known as WordPress. WordPress is one of the easiest ways to get a professional website up and running quickly.

But if you don’t keep your site updated, then there is a good chance that you will wake up one day to find that you have malware on your website.

Most people find out that their site was hacked when they find out that their browser starts flashing a warning when they try to access the site. For example, if you use Chrome, then the notification will look something like this:

The Dreaded Sign of a Hacked Website

So, what to do? There are many services available that will help you remove malware from your site. But this list of suggestions will get you to a solution fairly quickly without the need to pay someone.

The first thing to do is to call your hosting service

The first thing you need to do is call your hosting service. There is a strong probability that they can help you to get this issue fixed.

Your hosting service can run a scan of your site and determine the exact malware that has infected your website. Then they can advise you on what steps you need to take to remove the infection.

Most likely, you will need to revert to a backup. You need to restore the website to a point in time before it was infected. Most hosting services now offer automatic backups. So, if you are lucky, the hosting customer service can take care of the work needed for you.

If your hosting service can take care of this, then you are golden! After your site restoral, be sure to update your WordPress software to the latest version and also update all of your plugins. It is best practice to disable and delete any plugins that your site is not using

If your hosting service can’t help

I would be surprised if your website hosting company can’t provide you with the help that you need. But if you don’t get the help that you need, then you will have to run a scan on your own. There are many WordPress plugins that you can use to do this. The top three that I recommend are:

1. Sucuri
2. Wordfence
3. Anti-Malware Security

After you run the scan, you will have confirmed that you have a problem. Now is the time to find the last backup that you have of the site. If you have not backed up your site for a while, then you will need to face the consequences – Your backup restoration will put your website back in time, and you may lose some content.

Completely remove all of your WordPress files from your server.

You need to remove all of the WordPress files on your site. Don’t waste your time trying to fix the infected files.

I have spent hours trying to track down and eradicate the malicious code on some of my sites that were hacked in the past. This turned out to be a waste of time because the malware just kept coming back. The best thing to do is to delete the WordPress site and to start fresh.

You can delete the files manually, but the most useful thing to do is to use the Cpanel to remove the instance of WordPress. Then re-install the WordPress software fresh. If you have any trouble doing this contact your hosting provider. They can answer your questions or point you to a tutorial that will walk you through the process

Reinstall your Theme and Plugins

Next, re-install your theme and your plugins.

Restore your backup

Then, restore your backup. If you are using a plugin like Backup Buddy, you can follow the instructions provided by the plugin creator.

Scan again

To be sure that your restored site is clean, you will need to rerun your scan. If there is still a problem, then you will need to revert to an even earlier backup of your site. If your site is now clean, then it is a success.

Tell Google that your site is clean

Now you need to go to your Google Webmaster account to let them know that your website is ready to be taken off the malware site list. If you don’t already have an account, it is easy to get one. Just click here: Google Webmaster Tools

What if you don’t have a backup?

If you don’t have a backup, then there are several services that can assist you. You should be able to have this site cleaned for a song – $50 to $200. Then chalk it up to a lesson learned. In the future, make sure you pay for a backup service or get a plugin like BackupBuddy.