How to clean hacked wordpress site
There is nothing more frustrating having a hacked WordPress website and not knowing where to turn.
A lot of companies in the hosting industry will simply suspend the account and tell the customer to “fix it.”
In my opinion that only makes a bad decision worse.
Here at KINGSCEL we try to help our customers that face this unfortunate situation as much as we can so they can return to business as usual as quickly as possible.
Preventative Maintenance
Obviously, it’s much better to prevent a hack from taking place.
If you’ve been fortunate enough to never have your WordPress compromised it’s likely you’ve followed these:
- Use strong cPanel, FTP, Email, WordPress credentials (i.e. passwords with letters, numbers, special characters)
- Keep WordPress core files updated along with plugins and themes
- Regularly keep your own backups
- Use a good WordPress security plugin(we recommend wordfence)
- Additionally or optionally you can change your wordpress admin url i.e /wp-admin to a custom url
Nightly Malware Scanning
Here at KINGSCEL we try to help you be proactive by automatically scanning accounts each night for Malware.
When detected, the files are automatically removed, preventing most attacks from going too far (i.e. infecting the entire cPanel account).
However, it’s important to remember the account was still injected with malware, meaning there is a vulnerability in your website that needs patching.
You can follow the below steps to secure your installation.
Before beginning the next steps, it’s important to have a FULL backup of your account. You can generate this by going to cPanel -> Backups -> Download A Full Backup.
Replace Core WordPress Files
The first thing you want to do when your WordPress website has been injected with malicious content is to replace your core WordPress files with clean ones.
You can easily download these from WordPress.org and use your favorite FTP program (such as Filezilla) to upload over your current ones.
If you’re not running the latest version of WordPress, it’s important to download the correct version and then immediately upgrade once you can.
Update Themes And Plugins
Once you’ve secured your core WordPress files, and have upgraded to the latest release, you need to replace ALL your themes and plugins with new versions as well.
Most plugins can easily be upgraded inside of your wp-admin under the Plugins menu. Many of the default themes can be upgraded here as well, but if you have a custom one, you may need to go to the theme developer’s website to download the latest files.
If you have a completely custom theme, you may need to get with your developer to assist you in the upgrade.
Scan With Wordfence
WordFence is a security plugin that has a free version that includes Malware scanning. Once you have things updated, it’s important to run a scan to see if you detected anything additional.
WordFence will also ask for your email so they can alert you when a plugin/theme/core file needs to be updated. They also have a powerful firewall that will help block some hacking attempts.
Change All Passwords
If your WordPress website has been hacked, you need to assume all of your passwords have been compromised.
You need to change everything:
- Master cPanel password
- All email account passwords
- All FTP account passwords
- All mySQL user passwords (make sure to update wp-config.php)
- Your WordPress admin password AND users
When changing, make sure to use a strong password generator and not a random string that could be vulnerable to dictionary-based attacks.
If you have more than one WordPress installation in your cPanel, you should complete the above for ALL of them.
Don’t Want To Do This Yourself?
The most cost-effective way to clean hacked wordpress site is to do all of the above steps yourself.
However, if you’re not willing (or don’t have the time) our team can do it for you. Please submit a ticket and our management team will provide you with a quote then an invoice to begin working.
There are also a number of different third-party services that you can use. Submit a ticket for our recommendation of a known provider…