One day, you navigate to the front end of your website and realize there is some content you never placed there. Perhaps it is a scammy ad, a statement that the site has been hacked or something more subtle. Hackers will often test the waters before completely taking over your site, even changing the code, logins and other access. Learn how to fix a hacked WordPress site.
The instant you notice anything strange on your site or it isn’t performing as expected, you should check to see if you’ve been hacked.
How to Check if your WordPress Site Has Been Hacked
WordPress powers over 43% of websites, making it an attractive target for hackers. At the same time, the thousands of plugins offer easy entry points for hackers intent on breaking into a site. Owners get busy and forget to update as frequently as they should, leaving an open door for cybercriminals to enter.
If you notice any of the following, your site may have a hacked WordPress site:
- You get an error for the site, such as a 401 or 403. These are sometimes caused by password changes.
- When you try to login to your WordPress dashboard with what you know are your credentials, it boots you back to login. You can’t reset with the “forgot password” prompt.
- You notice new content, popups or forms you never placed on your site.
- Google Safe Browsing throws up a warning when you try to visit your site. This can indicate a hacker installed malware.
- Your site redirects to a different website. This can indicate your site was hacked and likely your domain registrar account, too.
- Customers say they were charged for something they didn’t buy. Unauthorized charges can be a hacker trying to make money off your customer list and stored data.
- New user accounts pop up and likely with emails from generic third-party sites like hotmail or gmail.
If you have a security plugin, such as WordFence or Jetpack, you may receive notice of suspicious activity on your site.
Steps to Fix a Hacked WordPress Site
If your site has been hacked, don’t panic. There are some steps you can take to regain your site and get things back in working order.
Step 1: Find the Source
Figure out what changes were made and who made them. If you have Jetpack or another WordPress security plugin, you may be able to check the logs through your dashboard. A hacked WordPress site rarely functions correctly.
However, you also might be locked out of your Dashboard, so you can access files through the back-end of your site, via your control panel. Login and check your logs. If you can’t find the data, contact your web hosting provider with your hacking concerns and ask them to check records.
Your web hosting provider can be a great source of information and can help you block certain IPs from accessing your site again. If you use shared hosting, the culprit might be another customer on your server. With more than 300,000 hosting companies, it’s sometimes difficult to choose one with the most secure systems.
Step 2: Reset Users From Your Database
The last thing you want is to be working on the fix and have the hacker in your system at the same time. Before you begin working on restoring your site, go to your database via the control panel. Delete any users you don’t recognize and reset your username and password. You may want to make your administrator username something more difficult to guess.
This should help you regain control of your WordPress dashboard, where you can double check users and their permissions, deleting and changing as needed to protect your site.
Step 3: Restore Your Site
More than likely, the hackers have inserted code throughout your site. If you are aware of when the hacking occurred, you can go into your control panel and rewind your files and your databases to a date before the hacking occurred. This should remove any inserted code.
You can also ask your hosting provider to help with this process. Ideally, you and they will have backups of your site. In reality, time gets away from the best website manager and backups don’t always happen the way they should.
There are some drawbacks to restoring to an earlier time. E-commerce sites might lose customer orders, so they should grab them and the data before restoring. You might also lose content. You just don’t have a choice in some cases, though, if you want to regain control of your site.
When you restore to an earlier version of your database, your login credentials and users will revert. Go back in via your dashboard and check for unknown users and reset your admin name and password again. Force a reset for any other admins in the system.
Step 4: Install a Malware Scanner
Once you’ve regained control of your site, add a plugin that is a malware scanner and run it to see what else might be lurking in your files. If you don’t remove all the traces of the hacker, they’ll return with a vengeance. Run the scanner and make any recommended changes.
Step 5: Update Everything
Make sure you are using the latest version of WordPress and all plugins are updated. Updates often include security fixes to known vulnerabilities. Updating regularly prevents hackers from accessing your site.
If you don’t already have a security plugin installed, now is a good time to do so. People have their preferences on which works best. Your best bet is to search plugins for security and then choose the one that meets your needs and has excellent reviews. A couple of popular security plugins include WordFence and Jetpack.
Consider installing two-factor authentication (2FA) to slow down hackers. The 2FA market is worth an estimated $19.02 billion and predicted to reach $26.7 billion by 2027. It’s an inexpensive way to add protection to your site.
Step 6: Resubmit Your Site to Google
Your site may have been blocked by Google for suspicious activity as part of their safe browsing experience. If so, you’ll want to go to the Google Search Console and resubmit your site. Make sure all issues are resolved before doing so and allow a few days for review.
If your site still shows issues, you may need to call in an expert to clean up any remaining issues and get rid of anything the hackers left behind that might still be creating havoc.
Prevent Future Attacks
Now that you’ve regained control of your site, you can take a breath. It’s time to make sure it’s secure from future attempts. Keep your security plugin up to date and set other plugins and WordPress to update automatically. Strengthen your site by limiting login attempts, using stronger passwords, adding CAPTCHA to forms, enabling Akismet and enabling 2FA for at least admins and editors.
If you remain vigilant, you’re more likely to avoid a future hacking incident, which costs you time, peace of mind and potentially lost sales.