How do I recover a hacked WordPress site?

24 views

How do I recover a hacked WordPress site?

Overview

If your WordPress website has been hacked, you should act quickly to secure your account, remove malicious files, and restore a clean version of your site. This guide walks you through the recovery process using your hosting control panel.

Step-by-Step Guide

1. Put your website into maintenance mode

  • Log in to your hosting control panel
  • Open File Manager
  • Go to public_html
  • Rename index.php to index_old.php
  • Upload a simple maintenance page if needed

2. Scan your website files

Check for suspicious files in:

  • public_html
  • wp-content/uploads
  • wp-includes
  • wp-content/plugins

Look for:

  • Unknown .php files
  • Recently modified core files
  • Obfuscated or unreadable code
  • Files with names like cache.php or wp-vcd.php

3. Remove malicious files

  • Delete any suspicious or unknown files

  • Replace WordPress core folders:

    • wp-admin
    • wp-includes

  • Download fresh copies from WordPress and upload them

4. Reset all passwords

Change all credentials immediately:

  • WordPress admin accounts
  • Hosting control panel login
  • FTP accounts
  • Database users

Also remove any unknown admin users in WordPress.

5. Check plugins and themes

  • Delete any unused plugins
  • Remove nulled or untrusted themes
  • Update all remaining plugins and themes

6. Check the database for injected code

Using phpMyAdmin, review:

  • wp_posts
  • wp_options

Look for:

  • Spam links
  • Suspicious scripts
  • Unknown iframes or redirects

7. Secure your installation

  • Install a security plugin (e.g. Wordfence)

  • Disable file editing in WordPress:

     

    define('DISALLOW_FILE_EDIT', true);

     

  • Ensure correct permissions:

    • Files: 644
    • Folders: 755

8. Restore from backup (if necessary)

If the site is heavily compromised:

  • Restore the latest clean backup
  • Reapply security steps after restoration

Important Notes

  • Always remove malware before restoring backups
  • Core WordPress files should always be replaced with fresh copies
  • Infections often come from outdated plugins or nulled themes
  • Regular updates significantly reduce risk

Common Issues & Fixes

Site still redirecting after cleanup

Check:

  • .htaccess file for malicious redirects
  • wp_options table for altered site URLs

Malware keeps returning

This usually means:

  • A plugin/theme is still infected
  • A backdoor file was missed
  • Passwords were not fully reset

Cannot access WordPress dashboard

Try:

  • Resetting admin password via database
  • Disabling plugins via File Manager (plugins folder rename)

Need Help?

If your website remains compromised after following these steps, your hosting support team can assist with deeper malware removal, file inspection, and recovery options.

Go back Similar articles
Top