How To Deal With a Hacked WordPress Site
When you run a WordPress website, hacking is a very real possibility. Hackers exploit weak points in the WordPress system to gain access to your site files — usually, their goal is to redirect your traffic or insert ads to boost their own earnings. Dealing with your own WordPress hack? Don’t panic; with these tips, you can regain control and boost your WordPress security protocol to prevent future attacks.
Signs That Your WordPress Site Has Been Hacked
Before you do anything else, take some time to make sure that your WordPress website is actually the victim of a hack. Sometimes, problems with the coding or your hosting company can cause unusual behaviors that look like hacking. Resolving a hack can be time consuming, so it pays to be certain before you take action.
Keep in mind that every hack is different. Some hackers take over the full site, replacing your pages with a malicious message or graphic; this happens when your WordPress index.php is hacked. Others are sneaky, inserting tiny bits of code to achieve their goals while making it seem like your site is running normally. As technology changes, so does the sophistication of the hackers. Installations of WordPress hacked 2021 might look different than those of WordPress hacked 2019.
Some red flags of installations of WordPress hacked 2021 are:
- Users tell you that they’re being redirected to spam pages when they visit your site
- The meta descriptions and titles in your Google search results don’t match the back-end WordPress post
- Your login credentials have suddenly stopped working
- Page speed slows dramatically without a logical explanation
- Traffic drops suddenly and dramatically
- Strange links, ads, or pop-ups appear without your authorization
- New user accounts appear in your WordPress interface
- WordPress email stops working correctly
- You notice new and unauthorized files on your website’s server
As you can see, some of the methods used to hack WordPress sites are subtle and hard to detect. In fact, some signs are so subtle that installations of WordPress hacked 2019 or earlier can go undetected for years. If you think your site might be the victim, it’s a good idea to check all of these factors before continuing; this gives you a baseline to use for comparison as you find a solution.
What to Do to Fix a Hacked WordPress Site
If you discover that your WordPress site has been hacked, check to see if you still have login access. If you do, follow these steps to deal with the hack.
Switch into Maintenance Mode
Hacked sites can look unusual and behave in strange ways. Is your WordPress index.php hacked? You’ll probably notice a difference in the home page. This can damage user trust, particularly if you’re dealing with a WordPress hacked redirect situation. If you still have access to your login function, get into your WordPress dashboard and download a maintenance-mode plugin. Any highly rated, recently updated version will do. Turn on maintenance mode — then, when people land on your page, they’ll see a “we’re undergoing maintenance; check back soon” message instead of a compromised site. Then, change your passwords. Here is where you go to set up your maintenance mode:
(Image Credit: Elementor)
Backup Your Site Files
If you don’t have a recent backup of your WordPress site, create one now. Save it on your local drive and put a copy on a cloud server like Google Drive or DropBox as a safeguard. Since WordPress security plugins have been known to break websites, it doesn’t hurt to have a backup on hand just in case. Make sure to backup the databases and the files.
Scan for Malware
When a WordPress website is hacked, the perpetrators usually put a piece of code somewhere in your site files. Before you can do anything else, you need to remove those files; that’s where a scanner comes in. You can use WordPress security plugins such as GOTMLS or any other highly rated option. It’s also a good idea to run your URL through external virus scanners including VIRUSTOTAL, Sitecheck, or Is It Hacked?. Each one scans your site and lets you know if it finds an instance of known malware. For example, take a look at this scan done by VIRUSTOTAL:
(Image Credit: gHacks)
Is your WordPress database hacked? Once you’ve identified malware, locate the files on your server and remove them. Keep in mind that this process can break your site if you’re not familiar with what each file does. If you want to proceed, check this detailed guide for step-by-step instructions.
If you’re uncomfortable doing that, an easy option is to buy a subscription to a paid WordPress malware removable plugin. One option is MalCare. Your hosting provider may also have a malware-removal service that can help you, though it’s likely to be more expensive. The image below is what your MalCare Dash will look like. Notice how you can set when and how frequently you can scan.
(Image Credit: MalCare)
While you’re scanning your WordPress site, it’s a good idea to run a scan of your computer using your usual antivirus program. Do the same for any device you use to login to your WordPress dashboard. This process helps get rid of malware that’s used to steal your passwords.
Change Your Passwords Again
Once your website and computer are free of malware, change the password you use to log into the site. Even though you did this at the beginning of the process, it was before you cleaned out the malware; a second change prevents hackers from getting back into your clean site. If you have other authorized users, ask them to do the same. Have a variety of users? You can use a plugin to force every person to reset their passwords; this can prevent a compromised account from gaining access.
Make sure that your new passwords are impossible for a hacking program to guess. Great passwords are long, complex, and made with a broad variety of uppercase and lowercase letters, numbers, and special characters. Never reuse passwords between programs.
After your passwords have been changed, check out the “Users” tab in your WordPress dashboard. If you don’t recognize any of the accounts, or if you find any that you don’t use, delete them. This is what the Users Dashboard should look like:
(Image Credit: WPBeginner)
What to Do if You Can’t Login to Your Hacked Website in WordPress
Sometimes, hackers take over the account that you use to manage your WordPress website. If this happens, you will get an error message when you try to log in. To start, try resetting your password — just click on the “Lost your password?” link under the login form. Enter your email address, and WordPress will send you an email. If you succeed in this process, follow the steps above to deal with the hack.
Still can’t get in? Is your WordPress database hacked and locked? No problem. Most hosting providers offer a backdoor way to get into your site. To start:
- You’ll need to login to your cPanel account and search for a program called “phpMyAdmin”.
- In the phpMyAdmin interface, click on the “wp_users” folder.
- Locate your current administrator login from the list and look for the column marked “user_email”.
- Change that email address to another email that you have control of.
- Save your changes.
Here are the steps to take after you get to “phpMyAdmin:
Return to the login screen for your website, and enter the new email address. At that point, you should be able to use “Lost your password?” to send the password reset message to the new address. Follow the instructions to change your password, log into your site with the new combination, and follow the steps above to clear up the hack.
Restoring Your WordPress Site from a Backup After a Hack
Fixing a hacked website in WordPress is not an easy task. If you don’t have time, or if you simply don’t want to spend money on malware-removal tools, another option is to restore a backup. Keep in mind that this is only an option if you have a copy of the site that you know to be free of malware.
If you have a backup service through your hosting provider, the process is simple. Just login to your account and follow the instructions to restore to the clean backup copy. For local backups, you’ll need to replace all of the files on your server with the backed-up versions.
When you restore from a backup, you will lose any changes that you’ve made to the site since the backup date. For smaller sites and sites that are updated infrequently, this probably isn’t a big deal. If you just published a number of articles, or if you made changes to your CSS or theme, restoring from an older copy is problematic. At that point, it may be better to remove the malware or hire someone to fix the hack on your behalf.
Planning to go ahead with a backup copy of the site? Remember that it’s not a safe copy — after all, it was vulnerable enough to be hacked in the first place. You’ll still need to change passwords, make updates, and clear out any unused files to close the weakness that the hack exploited.
How to Improve Your WordPress Security and Prevent Future Hacks
Once you’ve been through a hack, you know what a hassle it is to fix — that’s why it’s well worth the effort to put a few safeguards in place. These simple steps can help you prevent other hackers from gaining access to your site.
Register with Google Search Console
If you haven’t done it yet, it’s time to set up your site in Google Search Console. When you do, you’ll gain access to a range of information, from your average Google ranking to the most popular keywords on your site. More importantly, you’ll add an extra layer of protection to your site.
Google scans websites frequently — when it finds malware or other suspicious code, it takes action to protect its users. Users might get a warning when they click on a link to your site, or Google might restrict traffic entirely. If the website in question is registered with Search Console, the system also sends a message to you. This warning helps you take action quickly; without it, you might not find out about the hack for weeks or months. Take a quick look at what your dashboard will look like:
(Image Credit: Yoast)
Update WordPress Regularly
One of the easiest ways to protect your site is to keep it updated. Updates often contain security patches — in other words, they block the holes and weaknesses that hackers use to breach your site. When everything is up to date, it’s harder for hackers to get in. Make sure to run regular update checks of your site theme, plugins, and WordPress itself. If you notice that a plugin or theme is no longer supported, it might be a good idea to switch to a different option.
While you’re at it, make sure that you clear out anything that’s not in use. Hackers can exploit outdated plugins, old themes, and other forgotten files to compromise your site.
Start Saving Backups
Websites take a great deal of time and effort to build, write, and optimize. While a backup won’t prevent a hack, it can be a lifesaver in case a hacker manages to decimate all of your files. Simply restore the latest backup copy, and you can avoid losing most of your work.
The easiest way to handle backups is to add them to your hosting plan. Most companies offer regular daily backups as an add-on service; they handle the process and the storage, so you don’t have to worry about it. If you want to save money, you can backup your WordPress site manually. There are also plenty of backup plugins that will handle the task. WordPress recommends that if you go this route, you also do a manual backup on occasion in case the plugin stops working.
Change Passwords Every 90 Days
If you’ve ever worked for a company with stringent data-security protocols, you know that most require frequent password updates. To prevent future hacks, it’s a good idea to use the same strategy. By changing your password every 90 days, you make it harder for a hacking program to guess it and breach your files. Make sure that other users do the same, and always use complex, long, and hard-to-guess passwords.
Get to Know Your Files
As the owner of the website, you’re in the best position to spot a hack quickly. To start, get familiar with the files on your WordPress website. Then, learn how to check out the User Log and the list of registered users. The better you know your site, the easier it is to see when something is amiss. One option is Website File Changes Monitor
If you run multiple websites, this type of hands-on approach can be challenging. In that case, you might use a plugin that lets you know every time one of your files is changed. One option is Website File Changes Monitor, which sends you an email when it finds malware, changes to your code, or unused files. For instance:
(Image Credit: WordPress)
How Does a Hack Affect Your WordPress SEO?
Hacking comes with so many unpleasant side effects that it’s easy to overlook SEO. A hacked site is often flagged by Google, particularly when it’s sending users to spammy websites, displaying malicious ads, or using a WordPress hacked redirect to divert your visitors. When this happens, the resulting Google warnings can cut off traffic and nullify your SEO efforts.
Is your WordPress index.php hacked? This has an obvious affect on SEO; it essentially erases all of the content you’ve worked so hard to create. Plus, once a visitor sees a hacked homepage, it takes a great deal of work to get them back to your site.
Some hacks are more sophisticated; they might insert code that changes the way your page titles and meta descriptions look in the search results. Since these two factors have a big impact on the SEO of your page, hacked versions can lead to a drop in the search rankings. As a result, fewer visitors come to your pages, causing rankings to drop even farther.
Hackers often use vulnerable websites to insert links that trick visitors into revealing private information or downloading malware. If your site has high traffic levels and high authority, a hacker might replace your existing links with links that direct visitors to ad-heavy spam sites. The goal is to increase traffic and ad revenue. When this happens, users are unlikely to come back to your website, which leads to a drop in trust. It can also affect the bounce rate and the amount of time that people spend on your site. These behaviors tell Google that users aren’t happy with your site; in many cases, it responds by pushing your site down in the rankings.
Diib®: Assisting in Maintaining Your Site Security!
No matter what type of hack you’re facing, it’s almost certain to have a negative impact on your SEO. If you rely on ads and affiliate sales for an income, hacking can cause a sudden decrease in revenue.
Whether you’re building a brand-new site or you run a large, profitable website, hacking puts your work at risk. By dealing with a hack quickly and establishing a set of security practices, you can solve the problem and reduce the risk of future insecurity. Diib Digital provides the most cutting edge integration with your WordPress account, giving you minute by minute details about your site security, minimizing potential threats and damage. Here are some of the features you’ll love about our user dashboard:
- Custom Alerts: keep you informed of your WordPress site health and any potential security issues.
- Objectives: will give you customized suggestions on ways to improve your website and WordPress health and organic traffic.
- Sync: Your Facebook profile to give you insights into the specifics of your social media campaign. Things like individual post performance, demographics of users, best time of day to post and conversions.
- Provide a monthly collaborative session: Speak with a Diib growth expert that can help you fine tune your WordPress security and overall website health.
Call today at 800-303-3510 or click here to get your free 60 website scan and learn more about your SEO strengths and weaknesses.
As long as you take your own security seriously, WordPress is as secure and safe as any other website. Always use the best practices, latest software and plugins, change your login information periodically and monitor your site regularly.
If you fail to protect your website with a WordPress firewall, you will leave your site vulnerable to malicious users looking for sites to hack. Use the best practices and heighten security before you become a victim.
First off, you can use SiteCheck to scan your WordPress site, which is free. Updating your plugins on a regular basis is recommended and removing any you may not be using is also a good idea. There are also companies that offer security for a monthly fee.
As we’ve discussed previously, outdated core software, plugins, themes and other software leaves your information exposed to security issues and hackers. Keep your site updated and free of unnecessary data.
According to statistics from over 40,000 WordPress websites, over 70% of WordPress websites are vulnerable to hackers.