A Ultimate Guide to Fix Your Hacked WordPress Site

The worst thing about running a website is that it could be hacked anytime. We know how stressful it can be when your WordPress site is hacked. It can have an adverse impact on your business and readership. In the past few decades, several users have overcome this issue and saved their businesses.

In this article, we will discuss the steps that are necessary to fix your hacked WordPress website.

Things you must know before starting

When your 'WordPress site is hacked', you could lose your entire website’s data have your reputation tarnished because of the redirects to bad neighborhood sites, expose your visitors to viruses, and lose your search engine rankings.

If you are running a business website, then security must be your top priority. Therefore, you must consult a reliable WordPress hosting company. If you can afford it, then you must go for managed WordPress hosting. And always have a great backup solution in place to avoid such events.

Wordpress site Hacked How to clean

Let’s have a look at the essential steps for how to clean if WordPress site Hacked.

Consult a professional

Security is a serious topic, so if you are not so good at dealing with servers and codes, you consult a professional to do it. Because attackers usually hide their scripts in different locations, which creates a path for the hacks to come back again.

However, some ways can help you to locate and remove the virus. Security professionals usually charge between $100 to $250 per hour for fixing your website, which might be a significant amount for small business owners or solo entrepreneurs.

Identify the Destination of Hack

When you are dealing with a hacked website, you mostly go under pressure. Always try to stay calm and note down all the necessary things that you can do to fix the issue.

Here is the checklist that you must run down:

  1. Is Google making your website insecure?
  2. Does your WordPress website contain malicious links?
  3. Is your WordPress website redirecting to some other site?
  4. Can you login to your WordPress admin panel?

You must write down these to ask your service provider about them to fix your website.

Also, it would help if you changed all your passwords before starting the cleanup process. Once the cleaning process is complete, change your passwords again to secure it.

Check with your service provider.

Most of the reliable service providers are beneficial in such situations. They always have experienced staff to deal with such issues daily, and they can always guide you in a better way. So, you must contact your service provider immediately if you are in such a situation, and follow their instructions.

Sometimes the hack might have affected more than just your website, especially if you are using shared web hosting. Your service provider can give you all the essential information about the hack, like where is it originated and where the scripts are hiding.

Restore from Backup

If you have created backups for your WordPress website, then it might be best for you to restore your data if your site has been hacked. If you are able to do it, then consider yourself lucky.

However, if you are running a blog website where you provide daily content, you might lose your comments and blog posts.

So, it is always beneficial to create a backup, to handle such situations.

Malware Scanning and Removal

Check your WordPress website and remove any inactive plugins and themes because it is the location where most of the hackers hide their backdoor to enter the scripts.

Backdoor means a method of gaining access to the server and bypassing the normal authentication while remaining undetected.

The first thing that most of the smart hackers do is to upload a backdoor. It enables them to regain access, even if you have located or removed the corrupted plug-in.

After completing this step, scan your website thoroughly for the hacks.

Check User Permissions

Check the user’s section of your WordPress website to ensure that only you and your trusted employees have access to the site. If you find any suspicious user, you must immediately remove them.

Change your password again.

You have to repeat this step again. Update your WordPress, MySQL, FTP, and cPanel password to secure your website. And always try to use a strong password, so that it can’t be easily hacked.


It can be really stressful if you find that your WordPress site is hacked. Don’t panic; read this article step by step to know more about 'how to clean your hacked WordPress site'.

© 2024 Comodo Security Solutions, Inc