What to Do if Your WordPress Site is Hacked

It’s every business owner’s biggest fear: hearing that their website has been compromised. Though WordPress is a safe platform, all websites are vulnerable to hacks, especially if they aren’t running the latest WordPress security plugins. But if the damage is already done, hope is not lost; there are a few ways you can work to recover content, repair the hack, and most importantly, protect your website from future attacks.

What hackers want

If you’ve been hacked, you’re probably wondering why. It can feel personal, but they have a specific commercial agenda when they dig into a site. Hackers could be looking to:

  • Inject redirects to their own shady websites. 
  • Set up drive-by downloads: alerts that look like security warnings to convince your visitors to download and install malicious software.
  • Steal hosting resources or bandwidth by using your storage space for their own files and transfers.
  • Gather protected customer information for phishing.

How to tell if WordPress site was hacked?

If your site is acting strangely and you’re not sure what’s wrong, here are a few things to watch out for:

  • Links or buttons on your site that you didn’t create, or alert boxes that pop up when your website loads.
  • A sudden drop in performance on your site. It loads very slowly or reports timeout errors.
  • Malware warning messages on Google when you search for your site, or in Google Chrome when you try to load it.
  • Redirection of your site to a completely different website.
  • Emails sent from your site’s domain name always ending up in recipients’ spam folders.
  • New admin accounts on the WordPress backend that you didn’t create.

What are your next steps after being hacked?

Don’t panic! Take a deep breath and stay calm as you follow these steps to recover your site and protect yourself from future hacks.

1. Determine what happened

If you have a security plugin on your site to monitor activity (such as the Jetpack activity log), check to see who logged in, when, and what they changed. 

Jetpack activity log showing everything that happened on a site

This can help you figure out which files are affected, along with which user accounts need to be reset. Make a list of anything suspicious that you find.

2. Restore from a backup, if possible

If you have a clean backup of your site, restore it. If you’re using Jetpack Backup, you’ll already be one step ahead. Jetpack stores files off-site, which means they may still be fine, even if your site’s been hacked. Plus, if your website is down, you can still restore a full backup with just a few clicks.

If you don’t have backups, check with your host. Many providers include periodic backups with your plan, but since the files are stored in the same location as your site, they could also be compromised. 

If that isn’t an option, but most of your site is still accessible, hope is not lost! Continue with the steps below. If you don’t have a backup and your site is completely lost, you may need to rebuild from scratch. 

Pro tip: Check the Wayback Machine for previous snapshots of your website. While it won’t restore the files, if you have to rebuild, you may be able to recover a lot of the content.

3. Scan your site for malware

There are several excellent site scanners that will search your website for injected code, modified core files, or other red flags that indicate a hack. Be sure to cross reference your activity log for any files you flagged.

Jetpack Scan scanning a WordPres site for malware

A good site scanner will also be able to repair any problems that it finds. One benefit of Jetpack Scan is that it has one-click fixes for the majority of known malware problems. And as an added bonus, it will protect your WordPress site with ongoing, regular site scans.

4. Reset all passwords

If your activity log showed any suspicious logins, then remove all unknown accounts and change all passwords for users that access your site right away. For extra protection, reset any and all valid admin account passwords, too. 

Pro tip: use the “suggested password” button on the WordPress user profile page to make sure your new passwords are long, complex, and hard to guess. Concerned about remembering your combination? Try a password manager like LastPass.

5. Call in an expert

Some hacks are more complicated and can’t be cleaned by an automatic site scanner; these involve an intricate system of injected code or access rules that can be hiding in multiple files.

In this case, you’ll want an expert to take a look — consider hiring a WordPress recovery professional from Codeable.

6. Update your software

Hackers often access sites through outdated software and a CMS like WordPress, with many working parts, is no exception. As security vulnerabilities are identified, they’re fixed through updates, so it’s important to get the latest versions onto your site as soon as possible.

Before you start, take a full backup, then make sure your theme, plugins, and WordPress core files are updated. Consider keeping them current by either monitoring and manually updating your software on a regular basis, or taking advantage of Jetpack’s auto-update feature

7. Protect your site by locking everything down

Everything clean and working again? Now it’s time to make sure it stays that way by putting your website into lockdown mode. Consider the following:

  • Better hosting. Hosting is one place you should never skimp when it comes to your website. A high-level hosting package will help protect your site with their own firewall, system monitoring, and WordPress-optimized configuration.
  • An excellent WordPress security scanning plugin. Keep on top of your site’s status at all times with a plugin that watches for potential threats and notifies you immediately.
  • Automated WordPress backups. Even if your hosting package includes backups, there’s a lot to be gained by generating your own off-site backups. Since they’re stored separately from your host, they can’t be compromised at the same time as your site.

Pro tip: Make all this easy on yourself by signing up for Jetpack’s WordPress Security package. Not only does it provide off-site backups and real-time malware scanning with one-click repairs, you’ll also get spam protection along with Jetpack’s free security features like brute force attack protection and downtime monitoring. Learn more about how Jetpack protects your WordPress site.

8. Resubmit your site to Google

If your site was blacklisted by Google, resubmit your clean website to restore your good name. You’ll know you’ve been blacklisted if a warning appears next to your site in search results or if you no longer appear for searches you once ranked for.

To remove your site from this list, use Google Search Console to request a review.

Keep it secret; keep it safe

Preventing a hack is always a much better solution than trying to recover a hacked website. Make sure your site is protected at all times with a WordPress Security package to monitor, scan, and back up your site. You’ll rest a lot easier. 

This entry was posted in Security. Bookmark the permalink.

Explore the benefits of Jetpack

Learn how Jetpack can help you protect, speed up, and grow your WordPress site.

Compare plans

Have a question?

Comments are closed for this article, but we're still here to help! Visit the support forum and we'll be happy to answer any questions.

View support forum
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 110,236 other followers

  • Browse by topic

  • %d bloggers like this: