24 Dec How to Recover Hacked WordPress Website?
For a webmaster, the most frustrating situation is discovering their site compromised. If you own a website, you can guess how much painful it could be. But this is the reality, so we have to deal with it. There are several fruitful ways to fix a hacked WordPress site. Let’s see in details.
Get 20% off - The Most trusted Theme brand in the World
Step – 1: Identify the Problem
Okay, I know it’s sad to see your site compromised. Don’t panic. Since you may need to contact your hosting provider regarding the recovery process, make a quick checklist and prepare answers in advance.
- Can you access the admin panel?
- Does the site redirect to another URL?
- Is it displaying unexpected links or contents?
- What about Google webmaster report? Does it still mark the site safe?
- Do you have a backup?
Step – 2: Beginning the Recovery Process
Restoring from a Backup
After identifying that your WordPress site is hacked, you may not be able to login. I’ve seen such attacks that can change the WordPress username itself. In the worst case, the site may be taken down or have its face been changed. If you keep regular backups of the site contents, that can save you at this point. For shared hosting, a complete website restoration option may not be available to the user. If this is your case, just contact your hosting provider. Most of the good providers today offer live chat, prompt forum response and phone support. The hosting company also may have automated backups on board. Request them to restore the most recent backup.
You may have a backup stored on a remote server (e.g. Google Drive) instead of the hosting server. Provide the hosting support representative with the download link of the backup file so that they can restore it. It doesn’t take much time for the hosting provider itself to restore a site from the backup. Remember, if your site contains tons of images, huge database and files, that will take a bit more time than you would love to wait for. However, the end result will be fine.
For a dynamic site like a blog/news portal, new contents are frequently added. You may lose the latest contents that was added after the backup was created. So, restoring a full backup has some catches too. In such situation, take a copy of the database before starting the restoration. Also, keep a copy of the files added after the last backup. Once the full backup is restored, now restore the copied database and upload the missing files to the respective directories. This method will work only if you can access the site’s database and files after the hack.
- Recommended read: 8+ Best WordPress Backup Plugins
No Saved Backup?
If you haven’t created any backup ever, your hosting provider can still rescue you with their scheduled backups. That may cost a little money, but very helpful. If it’s a self-managed hosting server, the chances are that the hosting company doesn’t have a backup of your site. You must recover administrative access to the site on this ground. Let’s see how to do that.
Recovering Admin Access
After being attacked, the site’s administrative credentials may be compromised. If you are lucky enough, you may be able reset the password via email for the compromised admin user. If the password resets via email does not work, you need to reset the password manually. This can be done on cPanel using application installer tools (e.g. QuickInstall) or phpMyAdmin.
If your hosting provider provides cPanel along with the QuickInstall script, go to cPanel and navigate to Software/Services. Open QuickInstall. Click My Installs. Select the WordPress installation you want to modify. Use the Reset Password option to create a new password for any user you want.
You can also use phpMyAdmin for this purpose. The phpMyAdmin method is a bit complex and involves several steps. Please see this tutorial to learn the detailed process. For a self-managed host, you may not get ready access to phpMyAdmin. In that case, first you need to install phpMyAdmin on your server. You may see this tutorial to learn how to install and access phpMyAdmin on the server. Also, contact your host to get assistance.
Step – 3: Scan and Remove Malware
Assuming that you’ve recovered administrative access to your WordPress site, now it’s time to scan the site to find malware and remove them. There are several tools to do this. Sucuri is one of the most popular malware scanners for WordPress. Install this plugin on your site and scan to detect malware. Sucuri will help you to remove any identified threat. Also use Theme Authenticity Checker (TAC) to check the theme files. Delete unnecessary themes and plugins. Check whether the site is listed as ‘Safe’ in Google index. If it’s flagged as ‘Infected’, follow Google’s official instructions to make it safe.
- Read more about 5 Best WordPress Security Plugins to Cover Vital Vulnerabilities.
After completing the all above steps successfully, it’s safe to assume that your site is now fully recovered. There are lots of tasks to do for ensuring future protection. At first, update the core WordPress (if it’s not already) along with all themes and plugins. Then do the following.
- Again change the admin user password. Don’t forget to set a strong password.
- Create a complete website backup using the native tool provided by your hosting service.
- Install a backup generator plugin on your WordPress site. For example, UpdraftPlus offers a free backup solution. You can also use their premium service if you wish.
- Keep backups regularly.
- Install security plugins like iThemes Security, Wordfence Security etc. Configure these plugins properly.
- Check what permissions you’ve given to your site’s registered users. Study on WordPress user roles and capabilities. Adjust them to your site as well.
- It’s a good idea to post articles as an average user and hide the main super-admin. Attackers may target the lead author. Even if they get access to the lead author’s account, still you can stop them because the super-admin user is not compromised. So keep this in mind.
Practically, security measures has no boundary. That’s why a website can be hacked or compromised. If you take proper pre-cautionary steps, you can recover your WordPress site quickly. I hope this article will help you for this purpose. Please let us know your ideas and thoughts via comments.