Discovering that your WordPress website has been hacked can be a stressful experience, but it’s essential to take immediate action to restore your site’s security and functionality. In this step-by-step guide, we’ll walk you through the process of fix wordpress hacked site. By following these carefully outlined steps, you can regain control, remove malware, and fortify your site against future attacks.
1. Backup your hacked WordPress Site
Before you begin the cleanup process, ensure that you have a recent backup of your website. This is crucial in case anything goes wrong during the cleanup process. Then, temporarily take your site offline by using a “Maintenance Mode” plugin to prevent further damage on your hacked wordpress site.
There are two things we need to backup, the codebase (here we have all our plugins, themes and uploads) and the database.
We have a wide selection of backup plugins in WordPress, however here are 3 we recommend
– UpdraftPlus WordPress Backup & Migration Plugin
After you backup your site, make sure you download the generated backup to a safe Cloud Storage like Dropbox or Google Drive. Warning: If you download it to your computer don’t decompress it since it’s infected.
2. Identify Malicious Code
Use well-known malware scanners to identify malicious code from your hacked WordPress site. we have 2 options, one is to use online scanners and another is to install a malware scanner plugin such as Wordfence, Sucuri Security, or MalCare.
Here are our Top 5 Online scanners you can use without installing anything on your website.
– HackerTarget WordPress Security Scan
– WPSec
– Pentest Tools Website Scanner
Here are our Top 5 Security Plugins you can use to scan your files and database.
– MalCare
– AIOS
It is also a good idea to manually look for odd-looking files. You can browse the files through an SSH or FTP/SFTP client.
Here are some directories you should look into
– wp-content. This is one of the primary locations where malicious files are often hidden. Look for suspicious files or directories within wp-content/themes, wp-content/plugins, and wp-content/uploads.
– Root directory. Sometimes you will find odd files in the WordPress root directory, so check for suspicious files there.
– wp-includes: Inspect the wp-includes directory, which contains core WordPress files. While it’s less common, some malware may attempt to hide here.
– .htaccess File: The .htaccess file, located in your website’s root directory, can be manipulated to control website behavior or redirect visitors. Check for any unauthorized rules or alterations.
3. Remove Malicious Code
Once you’ve identified any suspicious file, it is a good idea to scan it in order be 100% sure it is malware. Keep in mind that malicious code can be injected into core files, so part of the code might be legit, but another part can be malicious.
Whenever you find a suspicious file, scan it on Virustotal and also compare it to the Core WordPress files (if applies).
tip: Whenever you remove a file, visit the website and tinker around to make sure that nothing broke.
4. Check database
Malicious code can also be inserted into the database. Review your database tables for any unusual or unauthorized entries. Make sure you back up your database before making any changes.
Most WordPress hosting providers provide some kind of database visualization tool like phpMyAdmin.
5. Make sure your site is working properly
After cleaning the suspected malicious files and database entries, we need to make sure that nothing broke and the site is working as expected.
This will heavily depend on your site and its functionalities, so there is no script for this one (unless you have automated testing, which most WordPress sites don’t have)
6. Rerun Malware scanners (Plugins and Online)
Once we’ve cleaned the malware, we will have to rerun all the malware scanning tools we used on Step 2. This will ensure we’re clean and we’re good to proceed with the hardening.
7. Update WordPress Core, Plugins & Themes
Outdated software is the most common vulnerability. Update your hacked WordPress core, themes, and plugins to the latest versions. Remove any themes or plugins you no longer use.
8. Update all Admin user passwords
Lastly, update all password for high-privileged users, some common examples are listed below.
– Change your WordPress admin and database passwords.
– Reset your FTP and hosting control panel passwords.
– Update any user accounts with strong, unique passwords.
– Enable two-factor authentication for an extra layer of security.
9. Set up malware scan monitoring and alerts
On Step 2 we installed some useful plugins to detect and list malware. In this case, we want to do the same but on an automated regular basis, and we’d also like to be notified when a suspicious file is found. So you can configure any of those to run automated scans and notify you
10. (Extra) Apply WordPress best practices
There are a set of wordpress best security practices rules which you can implement to enhance your Website security, here we list the most important ones.
– Hide wp-admin login page from bots: Configure a custom URL for the WordPress ‘Admin’ login page, making it harder for bots to find.
– Change default wp_ database prefix: Hackers use automated code to attack these database tables.
– Login lockout: External users making multiple login attempts can be locked out for a configured period of time
– Force logouts: Ensure users don’t stay logged in indefinitely.
– Two-factor authentication: Enable two-factor authentication for the wp-admin console.
– WAF protection: Put a WAF in front of your application to avoid suspicious file uploads, XSS and DOOS attacks.
All of these can be handled by the plugins listed on Step 2.
FAQ About WordPress Malware
- How do wordpress websites get hacked?
Malicious bots and users crawl the internet looking for vulnerable WordPress sites to hack. If your website is not protected with a WordPress firewall and if you do not follow WordPress security best practices, your website can become a victim.
- How do I find malicious code in WordPress CMS?
You can use SiteCheck to scan your WordPress site for malicious code for free. We recommend reinstalling your core files with a fresh copy if you suspect there is malware in your WordPress website. If you want to be sure that your website is clean, you can sign up to Sucuri and submit a malware removal request.
- How can I protect my wordpress site?
You can secure your WordPress site by following website security best practices:
• Using a WordPress firewall
• Patching your website software with the latest version of WordPress core, plugins, themes and third-party services
• Enforcing strong password requirements
• Only granting the type of access that someone needs
• Isolating each WordPress website
• Implementing 2FA on the WordPress login page
• Limiting login attempts on wp-admin
• Leveraging IP access restrictions for the WordPress dashboard.
Conclusion
Fixing a wordpress hacked site can be a challenging task, but with this step-by-step guide, you can regain control and strengthen your website’s security. Remember that prevention is the best defense, so practice good security habits and stay vigilant to protect your website from future threats.
At SolarDevs, we’re dedicated to making your WordPress website as secure as it can be. Our expertise in hacked WordPress security improvements, along with our commitment to staying up-to-date with the latest threats and solutions, means we’re well-prepared to help you clean and fortify your website’s security. Whether you’re dealing with a security breach or want to ensure your site remains safe from potential threats, we’re here to assist. Your website’s security is our priority, and we’re just a message away from helping you safeguard your digital presence. Schedule a consultation with us today to put your WordPress security concerns to rest.