Does your WordPress website display security warnings? Does its domain name no longer allow access to it? Has its content been altered or can you no longer access the WordPress console? One way or another, you have the feeling that your website has been hacked.
In this article, we help you clean and repair a hacked WordPress website in order to get it back to working order. We also share some recommendations with you to prevent this from happening again.
How do I know if my WordPress website has been hacked?
Here are the main symptoms that make it possible to identify a WordPress website infected by a person or malware:
- Browsers and/or search engines such as Google display a warning when accessing your site.
- Your hosting provider has reported suspicious activity to you or has put your website under maintenance for security reasons.
- Your domain name directs to another website.
- The content of your pages has been altered (especially links).
- You have noticed unknown or suspicious users on your WordPress console.
- You notice abnormal writings in the logs of your website or in its database.
- You can no longer access your website or the WordPress console.
- Your website is slower than usual or does not seem to respond.
- Your security plugin displays unusual warnings.
How to repair a hacked WordPress website?
Whatever the case, action must be taken. Here are the actions to follow to try to recover the situation.
💡 Can my hosting provider repair my website for me? A hosting provider generally does not intervene in the content of a hosting solution or the development of a website. Its role is to guarantee the availability, performance and security of your server and to support you in the use of your web hosting solution (e.g. to update the PHP version of your websites or to start antivirus analysis of a website). Creating or maintaining a website is a very different job. If you need help repairing a hacked WordPress website, the most effective way is to have a professional accompany you. If necessary, Infomaniak provides you with a tenders platform free of charge, which puts you in touch with recognised professionals free of charge.
The best option: restore your website with a healthy backup
The fastest and safest way to get a hacked website back on track is to restore a healthy backup.
- At Infomaniak, websites are backed up daily and you can restore them automatically over the last 7 rolling days. For more information, please take a look at this guide.
- Most hosting providers automatically back up websites for a few days. React as quickly as possible to increase your chances of recovering a healthy backup of your website.
💡 Don’t have a healthy backup of your website? We can only encourage you to set up an automatic backup of your website as soon as the situation is restored. With Swiss Backup and Acronis, Infomaniak allows you to automate the backup of your website via FTP wherever it is hosted. You can also use Swiss Backup with the UpdraftPlus extension via the S3 protocol.
Step 1: put your website in maintenance
The first thing you need to do is to protect the reputation of your website and the security of your visitors. Maintenance mode will prevent search engines and your visitors from noticing that your website has been hacked and will also prevent their security from being compromised with malware or fraud attempts.
The easiest options are:
- Activate maintenance for your website via your hosting dashboard. With Infomaniak, it takes just a few clicks.
- Use a maintenance plugin from the official WordPress directory.
- If your hosting solution does not have maintenance mode and you no longer have access to your WordPress console, move the files from your WordPress website to a subfolder via FTP. Then create an index.html file at the website root with the “SITE UNDER MAINTENANCE” text.
Step 2: Change your passwords and check your WordPress users
The second thing you need to do is prevent the hacker from being able to access your website’s data easily or modify its content.
To do so, change the following passwords:
- Password for accessing the WordPress console (guide pour Infomaniak).
- Hosting solution FTP/SSH password (guide for Infomaniak).
- Password for the website database (guide pour Infomaniak).
- Password to access your hosting provider’s account (guide for Infomaniak).
Then remember to check the list of your accounts via the WordPress console. Delete all suspicious users.
💡 For maximum security: do not reuse old passwords or use the same password multiple times. If you haven’t already done so, we recommend using software such as BitWarden to secure and manage your passwords easily.
Step 3: Remove all suspicious and unused extensions and themes
The next step is to check the list of your WordPress extensions:
- Delete plugins that you have not installed yourself.
- Delete plugins that have not been updated recently.
- Delete plugins that come from an unknown source.
💡 Good to know: the fewer the plugins you use, the clearer the situation. This will also reduce your exposure to security risks.
Step 4: Scan your website with an antivirus
Now’s the time to check the integrity of your WordPress installation and the files stored on your hosting solution!
There are several options available to you to do this important task:
- Run a full antivirus scan of your hosting solution (guide for Infomaniak).
- Check for malware (automatic at Infomaniak).
- Use a security extension such as JetPack Scan, Wordfence Security or Sucuri Security.
Before paying for a third-party plugin, think about the free tools of your hosting provider. For example, Infomaniak’s hosting solutions include antivirus and anti-malware protection that automatically fixes known vulnerabilities in popular CMSs such as WordPress, Joomla or Drupal.
Step 5: Update WordPress, your plugins and themes
This is one of the basics, and you should do it regularly: update your WordPress installation as well as your extensions and your theme. To get a good night’s sleep, please take a few seconds to enable your website’s automatic update.
💡Why does it matter? As soon as a security breach is detected, an update is offered to correct the vulnerability on the user’s installations. If you don’t update your website, it’s a bit like advertising your vulnerability.
Step 6: Delete unwanted files and content
After the automatic scan of your site, it is necessary to switch to manual checks:
- Check and correct the content of the pages and articles on your website, especially the links.
- Log in to your hosting solution via FTP and check the tree structure of your WordPress installation. If you notice any unexpected files compared to the original files, delete them or proceed to step 8.
- Check the WordPress configuration file (wp-config.php) by comparing it with the original WordPress version.
💡Need help? If you do not have the technical skills to carry out these checks, you have the possibility to launch a tender via this platform and be accompanied by an expert. You will receive quotations within 48 hours – free and without obligation for you.
Step 7: Regenerate your sitemap
The sitemap contains the map of your website and is used by search engines to understand what it contains.
If your website triggers search engine and browser alerts, it may be because your website’s sitemap.xml file has been hacked.
You can use a plugin to generate a new sitemap file and resubmit it to search engines. Some extensions do both for you, such as XML Sitemaps or Yoast SEO for example. You can also do it manually from the Search console for Google.
Step 8: Reinstall WordPress (if necessary)
If everything you have done has failed or you are still unable to access the WordPress console, reinstalling WordPress may unblock your situation.
There are several options available to you to reinstall the WordPress core without affecting the content of your website.
You still have access to the WordPress console (automatic method)
- Go to Dashboard => Updates
- Click on the Reinstall Version X.XX button.
You can no longer access the WordPress console (manual method)
- Get the latest official version of WordPress.
- Unzip the ZIP file on your computer.
- Delete the /wp-content/ folder.
- Log in to your hosting solution via FTP (guide for Infomaniak).
- Download the WordPress files (without /wp-content/) to the folder where you originally installed them.
- Your FTP software should detect similar elements: choose the Overwrite option and continue.
💡 Need help? If you do not have the technical skills to follow these steps, you have the possibility to launch a tender via this platform and be accompanied by an expert. You will receive quotations within 48 hours – free and without obligation for you.
Step 9: Reinstall themes and extensions (if needed)
If you are experiencing a major hack or suspect that an extension or your theme is causing the problem, it is recommended to reinstall the latest version of the affected theme or extension. You can rest assured that you get going again on a good footing.
Here are the actions to follow:
- Log in to your hosting solution via FTP (guide for Infomaniak).
- Go to the WordPress themes or plugins folder (/wp-content/themes or /wp-content/plugins)
- Find the folder of the theme or extension to be reinstalled and rename this folder with _old at the end (e.g.: Yoast SEO_old).
- Get the latest version of your theme or extension from a reliable source.
- Unzip the ZIP file on your computer.
- Download the extension or theme folder to the folder where you originally installed it.
- Check that everything is working properly with the reinstalled version and delete the old _old folder.
💡 Need help? If you do not have the technical skills to follow these steps, you have the possibility to launch a tender via this platform and be accompanied by an expert. You will receive quotations within 48 hours – free and without obligation for you.
Step 10: Deactivate maintenance mode
Is your website back on track? Congratulations 👏
Now it’s time to disable maintenance mode and reopen it to the public 😎🚀
Remember to clear the cache of your website and browser before loading your website to have the latest version.
Why is a WordPress website hacked?
Bots are constantly scanning the web for websites that contain vulnerabilities that are easy to exploit automatically. In the vast majority of cases, the attacks do not specifically target your website and you simply need to follow best practices to avoid problems 😇
Eight best practices to protect yourself against piracy of your WordPress website
Here are the best practices to follow to secure your WordPress websites as far as possible against hacking attempts.
1. Choose a secure WordPress hosting solution
Some hosting providers, such as Infomaniak, implement advanced measures to increase the security of websites:
- protection against DDoS attacks
- protection against viruses
- auto-corrected malware protection
- support for the latest versions of PHP and MySQL/MariaDB
- daily backup (last 7 days) in another data center
- automatic and full recovery in a single click
- high-quality local support by email, chat and phone, 7 days a week
- Elegant Themes themes and extensions with Divi included
- free and professional SSL certificates (Sectigo)
2. Limit and use only popular plugins
Each WordPress extension increases your chances of introducing vulnerabilities to your site. Limit them to what is strictly necessary.
Systematically prioritise popular resources, as WordPress themes and extensions that are not regularly updated lead to significant vulnerabilities over time.
3. Enable the automatic update of WordPress and your plugins
Don’t update WordPress, extensions, themes and your version of PHP is literally the same as leaving your door open when you go out and advertising it with a sign 😅
It only takes a few seconds to configure WordPress auto-update, and this can avoid big problems.
4. Automatically back up your website
In the event of a security issue, you should be able to restore your website easily using a healthy version. An automatic backup system will minimise the time it takes to return to normal.
You can count on free automatic backups of your hosting solution and, in addition, you can set up a routine via FTP to back up your website in a secure cloud space such as Swiss Backup:
- Backing up a WordPress website with the UpdraftPlus plugin and Swiss Backup via the S3 protocol
- Backing up a WordPress website with Acronis via FTP
5. Enhance the security of your WordPress users
Many WordPress installations still have the “admin” user as their login. This is therefore more likely to be exploited by a robot or a hacker to force access to your website:
- Change the pseudonym of your WordPress users to unique names via the Accounts menu of your WordPress console
- Opt for unique, long and complex passwords and use secure software such as BitWarden to manage your passwords
6. Protect your WordPress console access from robots
By default, the URL for accessing the login page of a WordPress website always follows the same structure: yourdomain.com/wp-admin. As it is very easy to know whether a website uses WordPress (this can be seen immediately in the source code of a website), this access URL is necessarily accessible to hackers and robots. Then all you have to do is attack this page by brute force.
- Securing the WordPress login page is quick and easy with an extension such as WPS Hide Login.
- It is advisable to limit login attempts to your WordPress console (e.g. with Limit Login Attempts Reloaded). This will prevent robots and hackers from trying thousands of passwords in a row.
💡 Important:
- If you set a login limit and change the access URL of your WordPress console, make a note of this information so that these protections do not backfire on you: make a note of the new access URL and avoid entering the wrong password or username multiple times.
- All-in-one security plugins, such as Wordfence, natively integrate several security measures. Avoid installing different extensions that have the same function and, if in doubt, consult a professional.
7. Use up-to-date technologies (PHP, MySQL/MariaDB)
WordPress works with PHP/MySQL, and these technologies are constantly evolving. When you use a version of PHP that is no longer up to date, you expose your website to security risks. Malicious people could, for example, exploit known security vulnerabilities to break into your website and modify its content. It is therefore important to use a maintained version of PHP. In addition, the latest versions of PHP are more efficient and speed up the loading of websites.
- Checking for outdated and maintained versions of PHP
- Modifying the PHP version of a website with Infomaniak
8. Block comments and unwanted messages (spam)
Bots and malicious people often exploit the comment space below your articles to place advertising content and links. To stop this scourge that affects the reputation and referencing of your site, there are fortunately several easy options you can implement.
Here are 3 popular options for blocking spam from a WordPress website:
- Install and configure the Akismet plugin (free for non-commercial use)
- Install and configure the hcaptcha plugin (an open source alternative to Google’s reCAPTCHA solution)
- Install and configure the Google Captcha plugin
***
We hope that this guide has enabled you to repair your WordPress website or improve its security. Otherwise, we recommend that you seek support from a web agency or a recognised professional, especially if you did not create your WordPress website yourself.
Find out more
How to protect your online presence and manage your domain names properly
Wednesday November 29th, 2023