How Do You Fix Your WordPress Site – After it is Hacked?

November 20, 2020

WordPress is one of the safest and most popular platforms to build your website. But its popularity has also made it a lucrative target for hackers.

Websites are hacked on a daily basis and the consequences are devastating. Many businesses don’t recover. But luckily, that doesn’t have to be you. There are ways to fix it and recover fast!

The earlier you identify a hack and fix it, the better your chances of overcoming it.

So, first, let us understand how you can determine if your website has indeed been hacked.

5 Common Signs of a Hacked WordPress Site

The signs of a hack that appear on your website vary based on the type of hacking attack used. In some cases, the signs are evident such as spam ads on your site. But in many cases, hackers disguise their attack so website admins are clueless for a long time. Here are five common signs of a compromised website:

  1. There is a sudden and significant drop in the SEO traffic entering your site – mainly due to your hosting company or Google suspending or blacklisting your website due to the hack. Or, you could see a sudden increase in bounce rate.
  2. There is a significant drop in your website loading speed on any device – because hackers are now utilizing your server resources to install suspicious plugins or send spam emails to your users.
  3. You cannot log into your admin account despite entering the correct login credentials – mainly due to the hacker using a brute force attack to take complete control of your account.
  4. Your website is being redirected to another unsolicited or malicious site, that has been set up either to collect user information or sell illegal products.
  5. You see a loss of valuable and sensitive information such as customer records or financial data from your database – as a result of a successful data breach.

If you see any of these five common signs on your site, it has probably been hacked. As malware attacks are among the common types of hacks, the first thing you need to do is scan your website for malware, and then remove it if detected.

How to Scan and Remove Malware

Before you perform any malware scan, it’s recommended that you take a complete backup of your website and database. Make sure that you have easy access to the backup files.

Primarily, you can scan and remove malware from your site using either of the following methods:

  • Manual malware scanning and removal
  • Automatic malware scanning and removal – with a security plugin

While manual scanning requires technical expertise, automatic scanning is much easier and user-friendly. Let us first look at how to automatically scan and clean a hacked site with a security plugin.

How to Automatically Scan and Clean Your Website with a WP Security Plugin

Automatic malware scanning and removal are much faster and easier to perform – with the help of a security plugin. Here is the complete list of steps that you need to perform:

1. Select the right security plugin

There are many free and paid security plugins for sites that can perform malware scanning and removal. Considering the complexities of malware attacks, we recommend selecting a paid security plugin like MalCare that provides a comprehensive malware removal solution.

Here are some reasons why MalCare is a good choice:

  • Uses over 100 intelligent signals to detect new and unknown malware variants
  • Detects website malware in under 60 seconds
  • One-click malware removal process
  • A user-friendly process that can be performed by any basic user

2. Take a complete backup of your files and database records

If you opt for the MalCare tool, you can also use its backup tool, BlogVault, designed for WP backups and restores.

3. Download and install your security plugin

The next step is to download and install your WP security plugin for your website. If you have chosen MalCare, access the plugin from your dashboard, enter your email address, and get started.


4. Perform a malware scan on your website

The next step is to run a thorough scan of your website. In the case of MalCare, it does this automatically – once you have installed the tool. Upon completion of the malware scan (that takes a few minutes), you will be notified of any hacked files. Here is an example:


5. Clean your website from malware infection

The final step is to remove (or clean) the malware files from your hacked website. In the case of MalCare, all you need to do is to click Auto-Clean – and MalCare does the rest for you.

That is it! Isn’t that so easy to perform? We would recommend you perform an additional step of finding and fixing the security-related vulnerability that caused the hack to happen in the first place.

Here are some additional measures that you can take to fix any vulnerabilities or security gaps on your website:

  • Update your Core WP and your installed plugins/themes to their latest versions.
  • Remove any unused plugins/themes from your WP installations.
  • Request your hosting company to remove any site block or suspension if it has been implemented.
  • Install effective firewall protection (built into MalCare) to block suspicious IP requests from your website.
  • Strengthen all your user credentials (username and password), including admin users.
  • Scan your website regularly for malware using security plugins like MalCare.

If a plugin isn’t for you and you want to perform a manual scan and removal of malware on your site, we discuss that next.

How to Manually Scan and Clean Your WP Website

For manual scanning and cleaning of your site, you need to first download and install an FTP tool like FileZilla on your system.

But, before you attempt to fix your website manually, it’s important to understand that this process requires technical expertise in FTP and backend WP files. Plus, each of the manual methods (discussed in this section) has its limitations, which is why we recommend that you follow this method only if you know you are an advanced WP User.

Note: This method is risky and the slightest mistake has the potential to further damage your site. Take a backup of your website before you start this process.

Here are the steps that you need to execute:

1. Connect to your site using your FTP credentials

Download and install an FTP client like FileZilla. This will enable you to connect with your WordPress files. Next, use your FTP credentials to first connect to your site installation. You can find your FTP credentials in your web hosting account.

Once you establish a successful connection, access a folder called public_html on the right-hand panel. Inside, you can now view each of your files and folders in your WP installation.


2. Search for any hacked files

Next, you need to check for backend files that may be infected manually. You can do that using any of the following methods:

  • Identify files that have been recently modified – Hackers typically target specific files and make edits to them. These usually include WP core, configuration, and database files. Also, check files in the wp-content folder – along with the crucial .htaccess From your FTP tool, check for any files that have been recently modified (using the date-time stamp).

The flip side is that this method is not fool-proof – as smart hackers have learned to hide their modifications – or make their changes into hidden backend files that you would overlook.

  • Search for any malicious signature patterns or codes – The majority of hacks use specific signature codes such as eval or base64_decode. Search for such malicious code in new backend files and, if found, delete them from your installation.

This method is also risky on the flip side – as hackers can add these codes even in legitimate files such as plugins or themes. Besides this, hackers have learned to use new signature codes that are not widely known.

  • Download and install a new WP with the same version – The other method is to make a fresh installation of WordPress. Ensure you download the same version as the one you are using.

Following that, you need to compare each file from the installation with your website’s files to see any differences. The ones that do have modifications are likely to have been changed during the hack.

These are three of the commonly used methods to detect any malicious or infected file manually.

3. Clean the hacked files from malware

The next step is to clean the infected files from any malicious code. You need to download the same WP version from the site and install it on your system.

Next, you need to replace the infected file with the corresponding file from the fresh installation using the FTP tool. This effectively removes any hack in the original file.

4. Reinstall all your plugins and themes

After reinstalling WordPress, you can reinstall all your plugins/themes on your fresh WP installation.

5. Reset all user passwords

The final step is to reset all your current user passwords – including your admin users. Ensure that they use strong password credentials – to make it difficult for hackers in the future.


Lastly, run a final check and scan your website on MalCare to check if all the malware and infected files have been completely wiped out from your site. This will ensure your site is clean.


Despite all the precautions, no site is 100% safe from hackers. As discussed in this article, it is possible to clean and fix your hacked website, and restore it to normalcy in a quick time.

As compared to manual cleanups, security plugins like MalCare are a sound investment, as they are equipped to handle the most complex malware attacks. Thanks to its deep-cleaning techniques and firewall protection, MalCare is designed for easy use and effective detection and removal of malware variants.

If you liked this article and want to prevent your site from getting hacked, check out our other articles on the different ways to protect your website.


Leave a reply

Your email address will not be published.