Step-by-Step Guide – Fix WordPress Hacked Site

fix wordpress hacked site

Table of Contents

Discovering that your WordPress website has been hacked can be a stressful experience, but it’s essential to take immediate action to restore your site’s security and functionality. In this step-by-step guide, we’ll walk you through the process of fixing a hacked WordPress website. By following these carefully outlined steps, you can regain control, remove malware, and fortify your site against future attacks.

1. Backup your WordPress Site

Before you begin the cleanup process, ensure that you have a recent backup of your website. This is crucial in case anything goes wrong during the cleanup process. Then, temporarily take your site offline by using a “Maintenance Mode” plugin to prevent further damage.

There are two things we need to backup, the codebase (here we have all our plugins, themes and uploads) and the database.

We have a wide selection of backup plugins in WordPress, however here are 3 we recommend

– UpdraftPlus WordPress Backup & Migration Plugin

– All-in-One WP Migration

– Cyan Backup

After you backup your site, make sure you download the generated backup to a safe Cloud Storage like Dropbox or Google Drive. Warning: If you download it to your computer don’t decompress it since it’s infected.

2. Identify Malicious Code

Use well-known malware scanners to identify malicious code from your WordPress website. we have 2 options, one is to use online scanners and another is to install a malware scanner plugin such as Wordfence, Sucuri Security, or MalCare.

Here are our Top 5 Online scanners you can use without installing anything on your website.

– Sucuri Sitecheck

– HackerTarget WordPress Security Scan

– WPSec

– Pentest Tools Website Scanner

– Norton Safe Web


Here are our Top 5 Security Plugins you can use to scan your files and database.

– Sucuri Scanner

– MalCare


– Wordfence

– CleanTalk

It is also a good idea to manually look for odd-looking files. You can browse the files through an SSH or FTP/SFTP client.

Here are some directories you should look into

wp-content. This is one of the primary locations where malicious files are often hidden. Look for suspicious files or directories within wp-content/themes, wp-content/plugins, and wp-content/uploads.

Root directory. Sometimes you will find odd files in the WordPress root directory, so check for suspicious files there.

– wp-includes: Inspect the wp-includes directory, which contains core WordPress files. While it’s less common, some malware may attempt to hide here.

– .htaccess File: The .htaccess file, located in your website’s root directory, can be manipulated to control website behavior or redirect visitors. Check for any unauthorized rules or alterations.

3. Remove Malicious Code

Once you’ve identified any suspicious file, it is a good idea to scan it in order be 100% sure it is malware. Keep in mind that malicious code can be injected into core files, so part of the code might be legit, but another part can be malicious. 

Whenever you find a suspicious file, scan it on Virustotal and also compare it to the Core WordPress files (if applies).

tip: Whenever you remove a file, visit the website and tinker around to make sure that nothing broke.

4. Check database

Malicious code can also be inserted into the database. Review your database tables for any unusual or unauthorized entries. Make sure you back up your database before making any changes.

Most WordPress hosting providers provide some kind of database visualization tool like phpMyAdmin.

phpMyAdmin control panel

5. Make sure your site is working properly

After cleaning the suspected malicious files and database entries, we need to make sure that nothing broke and the site is working as expected.

This will heavily depend on your site and its functionalities, so there is no script for this one (unless you have automated testing, which most WordPress sites don’t have)

6. Rerun Malware scanners (Plugins and Online)

Once we’ve cleaned the malware, we will have to rerun all the malware scanning tools we used on Step 2. This will ensure we’re clean and we’re good to proceed with the hardening.

7. Update WordPress Core, Plugins & Themes

Outdated software is the most common vulnerability. Update your WordPress core, themes, and plugins to the latest versions. Remove any themes or plugins you no longer use.

8. Update all Admin user passwords

Lastly, update all password for high-privileged users, some common examples are listed below.

– Change your WordPress admin and database passwords.

– Reset your FTP and hosting control panel passwords.

– Update any user accounts with strong, unique passwords.

– Enable two-factor authentication for an extra layer of security.

9. Set up malware scan monitoring and alerts

On Step 2 we installed some useful plugins to detect and list malware. In this case, we want to do the same but on an automated regular basis, and we’d also like to be notified when a suspicious file is found. So you can configure any of those to run automated scans and notify you

10. (Extra) Apply WordPress best practices

There are a set of wordpress best security practices rules which you can implement to enhance your Website security, here we list the most important ones.

– Hide wp-admin login page from bots: Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.

– Change default wp_ database prefix: Hackers use automated code to attack these database tables.

– Login lockout: External users making multiple login attempts can be locked out for a configured period of time

– Force logouts: Ensure users don’t stay logged in indefinitely.

– Two-factor authentication: Enable two-factor authentication for the wp-admin console.

– WAF protection: Put a WAF in front of your application to avoid suspicious file uploads, XSS and DOOS attacks.


All of these can be handled by the plugins listed on Step 2.


Fixing a hacked WordPress website can be a challenging task, but with this step-by-step guide, you can regain control and strengthen your website’s security. Remember that prevention is the best defense, so practice good security habits and stay vigilant to protect your website from future threats.


At SolarDevs, we’re dedicated to making your WordPress website as secure as it can be. Our expertise in WordPress security, along with our commitment to staying up-to-date with the latest threats and solutions, means we’re well-prepared to help you clean and fortify your website’s security. Whether you’re dealing with a security breach or want to ensure your site remains safe from potential threats, we’re here to assist. Your website’s security is our priority, and we’re just a message away from helping you safeguard your digital presence. Schedule a consultation with us today to put your WordPress security concerns to rest.

Notify of
Inline Feedbacks
View all comments

Subscribe to our blog

Table of Contents

Would love your thoughts, please comment.x

You like this content?

Subscribe to our blog and stay tuned for all the new pieces of weekly content that we have for you.

Need help with your malware?

Receive a personalized quote in less than 24 hrs.

Or schedule a 30 min discovery call with us

Open chat
Need Help?
Hello 👋
Tap here for a personalized chat with your Solutions Architect.