How can you recover your WordPress website if it is hacked?

by WP Creative on 2020 May | Posted in WordPress, WordPress Security

How can you recover your WordPress website if it is hacked?

Imagine finding out that your WordPress website has been hacked. Imagine considering it as a nightmare, but then realizing that your worst nightmare has turned into a reality. Hundreds of pessimistic thoughts run through your mind. Your years of hard work, investment, and prevention all went down the drain!

But, is it actually that bad?

No one can deny the fact that your business website getting hacked is a terrible experience! It is akin to any other asset of your business getting stolen. The anguish, pain, and anger are similar to when you get physically robbed off.

However, apart from feeling bad about your WordPress website getting hacked, what else could you possibly do?

Let us tell you that!

What should you do when you get to know that your WordPress website has been hacked?

Stay Calm

This might sound cliche, but it is absolutely important. Most people panic in such situations. Resultantly, they are not able to tackle the situation rationally and efficiently. Hence, if you get to know that your website has been hacked, take a deep breath, and stay calm. You can counter the enemy a lot more easily by staying calm than by panicking.

Back-up the remaining stuff

What is gone is gone. Now, you need to save the remaining stuff. A hacked website has some other important stuff, too, apart from the corrupted files. You should try to back-up those remaining files. There are numerous back-up solutions available for WordPress.

You should particularly try to back-up images and videos. The reason being that media files are harder to recreate. Hence, by backing those up, you can use them later on when you rebuild your site.

Scan your local machine

It is very likely that the hacker who has hacked your website first hacked your computer. If that is the case, then all the websites that you have been logging on to are in danger.
Therefore, you should instantly install and run a virus scan on your computer. You should also ensure that your OS is updated. This process will help you in ensuring that your computer is safe from hackers, and there is no chance of your system being infected again after you have cleaned up the virus.

Need help with this?

Call us and get a chance to discuss this with our experts!

Seek help from a professional

Let us admit: website security is not something that every Tom, Dick, and Harry can deal with. It might not seem so, but it is actually a very, very tough job to manage a website’s security. Hence, it is in your website’s best interest to hire a professional for this purpose.

Hackers are becoming smarter day by day. They often tend to hide things in places where no one else except for a web expert can reach. This leads to your website becoming infected again after you have cleaned up the mess.

Imagine the horror!

Do you wish to avoid it? Call us today and get a chance to avail our website security services!

ecommerce website on WordPress

How can a hacked WordPress website be recovered if you have access to the back-up?

Change your password

As soon as you get to know that your WordPress website has been hacked, you should change the password. This will prevent the hackers who have obtained your login details from logging into your website again. Not only this, but you should also encourage all other users and admins to change their passwords as well. You can even change their passwords yourself manually.

Scan for virus

The next thing to do is to find where the hackers have hidden infected files. You should ideally start-off by deleting inactive themes and plugins because this is exactly where most of the hackers hide infected files. After that, download and run a malware scanner to disinfect your website.

Replace infected files with original

If you find any malicious file on your website, delete it instantly. You can do so for WordPress core files as well as themes and plugins.

Check user permissions

In WordPress, each user can be given a specific role. You can decide what each user can and cannot do after logging in. You should give admin rights only to people whom you trust blindly.

Change SALTs

Likely, someone who stole your password to login to your website might still be logged in through the secret keys. These secret keys have important information inside the cookies. You can change them by generating new SALTs and replacing the older ones with them.

Change your password once again

We do remember that you started by changing your password, but it is extremely important to change it again along with other things such as hosting admin backend credentials, FTP login, MySQL database password, and admin email address. It is only after changing all these things that you can be sure of making your website secure again.

Make your security more stringent

It is high time for you to figure out the security loopholes of your website and then try to fix them up. You should do anything and everything possible to make your website safe and secure.

Rebuild your site

After you have got rid of the infected files and recovered your website, you still might need to take care of certain things. Blog posts, theme customizations, and other similar things might get lost in the process of recovering the website. Hence, you got to work on them all over again!

WordPress security

How can a hacked WordPress website be recovered if you do not have access to the back-up?

Reset the administrator password with phpMyAdmin

Are you facing issues while trying to login to your website? If yes, that is probably because the hacker has changed your admin password. You can reset your password with phpMyAdmin inside the database. Or, you can try to change your email address and then reset your password.

Find affected files

As previously has been described, you need to start by finding the infected files and deleting them. You can do so by running an external scanner on your site. There are numerous scanners available online. You can download and use whichever you like. Another thing that you could do is, get in touch with your host and ask it to help you with the task.

Re-run security checks

Ideally, when you are done with everything, you should re-run the security checks. Just to be sure that everything has been fixed and there are no security loopholes left.

Finish up

Once all the mess has been cleaned up, you need to take the same measures mentioned above. Check user permissions, change passwords, replace secret keys, and rebuild websites. Are you done with all this? You are good to go!


Being in the field for years has made us realize that it is easier to pen the process down than to implement it. We know businesses do not have that much time or expertise to recover a hacked website. Hence, we facilitate such businesses by doing so on their behalf.

Do you wish to avail our services too?

Head on to our website now and fill the given form to avail our services!

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Looking for a WP developer?

  • This field is for validation purposes and should be left unchanged.

  • Recent Post

  • Categories

  • © 2021 WP Creative, Naphix Pty Ltd. ABN: 65 610 345 198