Skip to main content

Help! My WordPress Site Has Been Hacked!


It can happen to anyone. One minute you’re patting yourself on the back for all the hard work you’ve put into your website, and the next minute your site has been hacked and transformed into something unrecognizable. While dealing with a hacked website is one thing, it’s another to deal with everything that can come with it. Your business could lose search engine rankings and its good-standing reputation, your website might expose your visitors to viruses and, worst of all, you’ll lose all of  your site data.

Website security needs to be a business’s top priority, but if you’ve found yourself too little too late on making your website hacker-free, below are the steps to take to fix your hacked WordPress website.

Step 1: Take a Deep Breath and Remain Calm

This might seem like an odd first step, but it is an important first step to take. We know this is a stressful problem to deal with, but this isn’t the end of the world or your business; this happens to thousands of people everyday on every kind of website platform. Don’t get down on yourself about it and focus on correcting the issue as soon as possible.

Step 2: Preliminary Tasks

Ask yourself these questions before contacting your hosting company:

  • Are you able to login to your WordPress admin panel?
  • Is your website redirecting you to another website?
  • Can you see any strange links of your site?
  • Is Google marking your website insecure?

Before you continue the steps below, be sure to change your password, as well. This way it will decrease the chances of more problems arising.

Step 3: Contact Your Hosting Company 

Your hosting provider should have experience dealing with these kinds of issues, so contact them first. They might be able to give you more information about how the hack originated and where the backdoor is hiding (Backdoor is a way for hackers to skip normal authentication and remotely access the server undetected). You might get lucky and the host can take care of the hack for you!

Step 4: Restore Your Website from Backup

This should technically be step #2 if you have backups set up for your WordPress site. However, if your business actively blogs, a backup restore could possibly lose your  website’s blog posts, new comments and other content generated through your posts. Weigh the pros and cons for your situation. If you simply cannot risk the chance, you can still manually remove the hack.

Step 5: Malware Scanning/Removal

If you have any unused themes and plugins, delete them as this is where hackers hide their backdoor. After those have been removed, start scanning your websites for malware. There are some good scanners our there including Sucuri Security and Theme Authenticity Checker.

Step 6: Review User Permissions and Change Secret Keys

Hopefully your fellow WordPress users are not the root of the issue, but it never hurts to review their roles. If you find that any of them are suspicious, delete them then change your secret keys. WordPress Security Keys are a set of random characters that advance encryption of information stored in the user’s cookies. If your “sketchy” user stole your password or is still logged into the site, their cookies are still valid. By creating a new set of secret keys, the cookies will be disabled and not allow them to log back onto the website.

Step 7: Final Password Change

This doesn’t apply to just your WordPress website; this also applies to your cPanel, FTP, MySQL Password and any other accounts involved with your website.

And, you did it! Your website is clean and (hopefully) back to its original form. Once you have found the hack and have taken the necessary steps to get rid of it, make an effort to keep your website hacker free! You’ll save yourself a lot of stress and time, while keeping your business’s reputation in ship shape!

Share this:

Brooke Desmond

Communications Manager
With a passion for all things digital marketing, Brooke aims to give a unique perspective on the latest trends and ideas in this ever-changing space.

View Brooke's Profile

More from Our Blog

Making the Most Out of Your Website’s About Page

While every website we build at GreenMellen is custom, there are a handful of pages that should be on all websites. This list includes a…

Read More
people sitting around a table with their computers

Digital Marketing Scams: How to Spot and Avoid Them Online

In an era dominated by technology and connectivity, we have access to everything we want and need right in our hands. The internet plays a…

Read More

AI Policies: What Are They and Does Your Small Business Need One?

It’s no secret or surprise that artificial intelligence (AI) has taken the world by storm recently. The business world and even small businesses are not…

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *