One of the crutches with using a content management system, such as WordPress, instead of using static html, is that it opens you up to getting your websites hacked. Your website can never be truly hacker proof, so I’d like to give you some instructions on how to completely clean your website if you WordPress is Hacked.
At this point, I would like to mention that if you had WP Engine, a premium managed WordPress host, you wouldn’t have to worry about getting hacked. WP Engine has top-tier security and they guarantee that if you’re ever hacked, they will un-hack your website for FREE!
But, if you’re WordPress is hacked, and you’re here trying to fix it, here are the directions.
1. Backup the site and database
Even though your WordPress is hacked, you most likely have some valuable information such as posts, images, and other information stored on your host. So, it’d be a good idea to backup your website. You may be asking why you should backup your site if your WordPress is hacked, but having even a hacked website is better than no website!
There are some great plugins to help you do this, such as backup buddy. Or, you can alternatively login to phpMyAdmin and make a copy of the database and then copy everything in your WordPress directory.
Be sure to get all of the images that are in your uploads directory.
2. Delete all of the files in your WordPress directory
Deleting your whole WordPress directory is the whole way to completely get rid of the infected files. This is exactly why we backed up your WordPress in the previous step.
3. Download and install a clean copy of WordPress from WordPress.org
I usually like getting my copies of WordPress directly from the source. After uploading these new files to your server, browse to your url, and complete the installation process.
By now, I’m sure you’re thinking this is a lot of steps, but if your WordPress is hacked, then you have to completely reinstall your WordPress to be safe.
4. Change Admin Passwords
You don’t want to completely redo your WordPress installation then find out that the hacker has access to your admin account! Take the precaution of changing your admin password, and any other admin passwords.
If you don’t feel comfortable changing other admin passwords, change their user level until they can change their own password.
Also, you may browse for any added accounts that you don’t recognize and delete them.
5. Go through the posts and repair any damage
I would recommend doing this manually if your WordPress install isn’t too big. But if your WordPress is hacked, and you have a pretty large website, then you may want to search for a MySQL query that will help you narrow down the affected posts.
I did not include this because it is a slightly more advanced step, and you would have to account for possibly having a unique database prefix.
At this point you should’ve fixed your WordPress being hacked issue. One last time, I would like to stress that if your using WP Engine, a managed WordPress hosting provider, then you wouldn’t have to worry about being hacked.
WP Engine retains a top-tier security firm to monitor all WP Engine sites 24/7. They block over 7,000 attacks a day and have a super secure infrastructure. On top of this, they also automatically backup your website DAILY, and make it as easy as clicking a few buttons to restore your website. Best of all, if you are ever hacked, they will fix it for FREE!
If your WordPress has been hacked, then you now know how much of a pain this can be. I highly recommend WP Engine to help protect yourself in the future from your WordPress being hacked.