MilesWeb
Leading Web Hosting Provider in India Since 2012.
Award-winning Web Hosting Company
Everything that you need to build, host and manage a website is available at just 109/mo

My WordPress has been Hacked! How to Get it Back

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Your WordPress website got hacked? Don’t worry you are at the right place. In this article, we will discuss about fixing a hacked WordPress site.

The worst thing happened, when you entered to your blog and tried to open it but you have a warning message saying that your site has been hacked. OMG. …… What to do now?

Of course, now you wonder how to recover the hacked WordPress site.

You were running your website on WordPress CMS and you have been hacked recently, don’t panic, take deep breath and get relax and try to identify the problem. First thing you have to do is to figure out whether your site has actually been hacked or not.

Yes, obviously it is the first thing you need to know.

There are plugins to detect whether your website was infected or not. For me one of the best tools to identify the WordPress infections is “Sucuri”. In addition, by using Sucuri WordPress plugin you will get alert messages every time when someone will try to attack on your website.

How to identify if your website has actually been hacked?

Identify your website if:

Your website home page is blank or displaying “You have been hacked” message.
All content and pages has been removed from your site.
You see unknown things like content, advertisements, pornography materials on your website header and footer.
Website redirection to some other sources (spam websites).
Your web host sending you emails about spam and other malicious activities.
You search on google “site:example.com” and getting indexed pages and content that looks malicious.

Now you are sure that you have actually been hacked. So what next thing you can do to get your WordPress website back. Check below.

Steps to Recover a Hacked WordPress Website

Obviously, these measures are not simple and require some technical knowledge, and access out of the ordinary to your WordPress.

You have to use the following tools:

FTP access to your server, or a file manager such as cPanel.
Advanced text editor, type Notepad ++ or similar. You better really editor ordinary text, but one of these is easier to view the code.

Step 1: Put Your Site in Maintenance Mode

As soon as you find that your WordPress is infected, you have to throw down it to prevent hackers from abusing more. There is no way to clean up a website that is online. So, put your website in maintenance mode, work with files, and database quietly.

Follow these steps to get your site in maintenance mode without losing SEO positioning.

In this step, we will create a file in the root of your public folder on the server. Usually it is the same where the wp-includes, wp-admin or wp-content folders reside.

Create a Web page of “maintenance mode,” which 503.php going to call, and carry the following code:

code

Here you are telling the search engines that you are temporarily out of service, so you will be safe from penalties.

Step 2: Backup of Your WordPress

Even if your site could be infected, it is very important to have a backup in case things go from bad to worse. Obtain a complete backup of your website, including all databases. Download files and perform a full export via phpMyAdmin SQL.

If you have your site hosted on a hosting with cPanel, simply enter in your PhpMyAdmin and export the database and generate a zip with all the files in your WordPress folder. It is also a good idea to create a full backup of all that you have in your hosting.

An alternative that works very well and you will streamline this step, you can use the WordPress plugin ” BackupBuddy. ” IMPORTANT: Do not omit this step.

Step 3. Change All Passwords and Access

Before you start cleaning your room, go to the WordPress control panel and change the access credentials (for all users), do the same with passwords databases and restores WordPress secret keys found in the file “wp-config.php”. Click here to get secret Keys .

You can also change passwords though FTP.

Open wp-config.php file through FTP or the file manager, and locate the section where the database is configured. Replace the MySQL user’s password in this file. You can change MySQL user’s password by logging into your cPanel >> MySQL.

db

Step 4: Change the Authentication Keys

WordPress uses different authentication keys to encrypt the stored information in session cookies; it makes your site more difficult to hack.

In addition to change the cookies, we will invalidate any session that is already open. You can create new keys by using the official WordPress key generator . You have to open your wp-config.php file to locate where these keys are, and replace them with the new generated keys.

Step 5: Scan Files and Folders

Once you change MySQL and WordPress passwords, it is recommended to scan the files and folders. You may ask your WordPress hosting provider to scan the files and folders using Maldet and Clamscan utilities.

If you find any plugins and themes with malicious files, it is recommended to remove such plugins and vulnerable files and use the alternative option. Even if you reinstall the plugins and themes, it might again get compromised as many plugins and themes have known backdoor.

If there are any plugins and themes which you do not require, make sure you remove them directly.

Step 6: Use Google Webmaster Tools

In recent years, Google has taken the initiative to identify and point out sites that have experienced a security compromise. If you have not checked your site status, then sign in Google Webmaster Tools and check if there are any warnings. You can scan your site by using google webmaster tools.

In Google Webmaster Tools, go to the domain you want to check, and click on “Problems of Security”. You have a breakdown of what Google has indexed and will find all the details and warning messages (if something is there).

Go to this link and scans your web to see what malicious files detected https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url

You can see where the malware is hosted, find all the infected files and delete them.

Finally

Send request to google that you have made changes on your website and removed all malicious codes and infected files through Google Webmaster Tools.

Wait… its not over yet.

Now the time is to be prepared for future attacks. Do you want to be?

1. Regularly backup your website.
2. Use proper .htaccess rules to strengthen the security of your WP admin, directory listing, blacklist IPs etc.
3. Update your WordPress.
4. Limit login attempts.
5. Use strong username and passwords.
6. Don’t download any plugin or theme without doing any research.
7. Enable password protection for WP admin.
8. And choose the best hosting provider for your WordPress site.

Make a habit of upgrading your WordPress, themes and plugins to latest version. With the latest version any bug OR security flaws will be eliminated.

Now it’s up to you, What did you think of this guide? Please let us know your feedback.

Deepak Kori

Responsible for the day-to-day running and management of MilesWeb. Associated with web hosting industry since 2005.

5 thoughts on “My WordPress has been Hacked! How to Get it Back

  • February 1, 2016 at 12:33 pm
    Permalink

    Really very helpful article Deepak. Im thinking to bookmark it as this frequently happens with me.
    Thanks

    Reply
  • February 1, 2016 at 1:27 pm
    Permalink

    Strictly follow the above mentioned points your website will be safe.

    Reply
  • June 28, 2016 at 9:11 am
    Permalink

    Great article. You have explained both “how to detect” and “how to prevent” from getting website hacked. Highly appreciated.

    Reply
  • July 15, 2016 at 10:42 am
    Permalink

    Article is giving important message to all !!
    good one!!
    I know this is very worst situation for those who’s website got hacked. Instead of being panic ,one should take major steps to solve such problems.

    Reply
  • February 24, 2017 at 10:15 am
    Permalink

    It usually happens when users are using cheap hosting or free hosting service or some users forgot to update their website on regular basis, maybe because of outdated plugins it becomes more easy to hack your website.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *