How to Clean a Hacked WordPress Website?

So your WordPress Site has been hacked! Don't worry, you are not alone. We have dedicated a lot of time to helping WordPress administrators identify and fix hacked websites.

Your WordPress Site can be cleaned and fixed so can get it up and running again. In case you are contemplating switching to another platform, like Joomla or Drupal – know that they can be hacked too. On the other hand, cleaning up a hacked site thoroughly is more important than ever because you would need to prevent repeat offenders from distributing malware successfully.

Get cWatch Pro

The first step to cleaning and fixing your WordPress site is to determine that it has indeed been hacked, and that the problems you’re seeing are not a false alarm caused by some hardware or software issues. You can clean the site yourself, here are some useful things that you need to adhere to. This is not proposed to be a complete guide, however, following the steps should help address 60% of the issues.

How to Clean Hacked Wordpress Site

Symptoms of hacked WordPress Site

  1. Even before getting to bottom of the issue, it is important to confirm if your WordPress Site is really under attack. Few common telltale signs will help you to understand if your WordPress site is really hacked or compromised.
  2. Browsers block your website, and display a warning about malware infection - such as "The Website Ahead Contains Malware!"
  3. Your website gets suspended by your website host due to malicious activity
  4. Abnormal behavior of browsers when displaying your website
  5. You observe/detect foreign code in your website - code that you had not put in. Files have been modified affecting core integrity
  6. Search engines display blacklist warnings
  7. Sudden Drop in Website Traffic
  8. Irrelevant Links Added to Your Website
  9. The Homepage is Defaced
  10. You are Unable to Login to WordPress
  11. Shady User Accounts in WordPress
  12. Foreign Files and Scripts on Your Server
  13. The website is Often Slow or Unresponsive
  14. Unknown Scheduled Tasks
  15. You see unusual activity in Server Logs
  16. Popup Ads on Your Website
  17. Hijacked Search Results

If your site displays any of the above symptoms, you can be sure that it has been hacked.


How to Clean a Hacked WordPress Site?

The website owners are requested to follow the below mentioned steps for identifying and cleaning the WordPress hack.

  1. Backup
  2. Scan your website using Comodo Web Inspector tool
  3. Install Comodo cWatch Web Security

Backup

Perform a complete manual backup of your WordPress website, even if you have an automatic backup in place. This backup will allow you to analyze how the infection took place. The database size may impact on the extended duration of download time, so be prepared for it. In worst case scenarios, try using the WordPress backup plugin if you can't log in. If the problem is still persistent, it is obvious that the hackers had successfully compromised the database, you may want to take the assistance of the professionals to have it cleared.


Scan your website using Comodo Web Inspector tool

Hackers send emails with malicious links or attachments. Website owners and administrators are often tricked by attractive advertisements and offer. When they open the attachment or click on the links the website is infected with a Trojan Virus.

Website scanning is an essential part of website maintenance, scanning helps websites to stay ahead of attacks. Comodo Web Inspector is a robust malware and blacklist monitoring service for websites. When a trojan is found on the website or if it is discovered on any one of a range of website blacklisting services, then the account owner is immediately notified via email.

This advanced tool utilizes cloud-based malware scanning technology to scan your website, inspect the content and detect any malware. The Comodo Web Inspector scans and detects using multiple technologies such as dynamic page analysis, signature-based detection, buffer overflow detection, and heuristic detection techniques.

Simply scan for a virus using the Comodo Web Inspector in 3 easy steps. Type the website address in the space provided, click on the Start Scan and get the website's vulnerability report in few minutes. Try scanning your website for free today!


Install Comodo cWatch Web Security

Next, get Comodo cWatch Web Security and install it on your system. You must purchase a license, and Comodo offers a 30-day free trial license for you to try the product.


Benefits of Comodo cWatch

Reduced Cost - At Comodo, we manage your entire monitoring and security incident investigation process, for on-premises, cloud, or hybrid environments. You can avoid the costly investment of hiring and training an internal security team.

Managed security, delivered as-a-service - with our Software-as-a-Service (SaaS) solution, there isn't any complex implementation or maintenance–just the latest security technology and Global Information Assurance Certification (GIAC)-certified analysts working for you.

Security expertise for a swift recovery - improve your overall security posture and recover from breaches and compromises faster with dedicated help from security experts.

Comodo cWatch Web Security is a fully managed cloud-based security solution. It has a robust web application firewall that will block advanced threats including Denial-of-Service (DDoS), SQL Injection and Cross-Site Scripting attacks. It also blocks application targeting attacks such as attacks on WordPress and Joomla websites.

Add the Hacked WordPress site in the facility to “Add Websites.” Select the http protocol, enter details of the certificate to be used and complete the configuration.

The dashboard will now display the added websites/domains. The risk level of the domains will also be displayed.

Now configure your domain for cWatch scanning:

  • Upload the mentioned .php file to your website
  • cWatch will now access the file at this location and commence scanning of the hacked WordPress website
  • If you opt for automatic malware removal, certified experts from Comodo Cyber Security Operation Center (CSOC) will remove all of the identified malware threats
  • The cWatch scan will display the vulnerabilities identified on your website. This will allow you to fix the vulnerabilities and secure your website from further hacks.
  • Search engines display blacklist warnings

Log Analysis

You can raise a request for CSOC experts to analyze your logs to identify details about the hack.


Request for Revoking Suspension

If your hacked WordPress Site head been suspended by your Hosting Company, then contact them to revoke the suspension.


Updated Software/Plug-ins, Unwanted Profiles
  • Update all the plug-ins and themes that you are currently using. Your website must only have the theme that you installed, not anything else. Delete unused WordPress plugins, themes, and installations. Maintain only what is necessary.
  • Remove user profiles not being used. Maintain only one administrator role and remove all other profiles.
  • Avoid hosting your website with a shared hosting provider. If other websites on the same server have been compromised, then it could allow hacking of your website through escalated privileges.

Complete Protection

Once you have opted for managed security services of Comodo cWatch Web Security, your hacked WordPress website gets fixed and stays completely protected from hacking/cyber attacks.

Simply put, the Comodo cWatch Web Security is a security tool for your website, web servers and web applications against the growing sophistication of hacker attacks. A comprehensive website security solution gives early detection, instantaneous remediation, and proactive defensive measures.

Follow the below steps to clean a WordPress site malware with free website security

5.0/5 - 313 Votes