How do I recover a hacked WordPress site?

Overview

If your WordPress website has been hacked, you should act quickly to secure your account, remove malicious files, and restore a clean version of your site. This guide walks you through the recovery process using your hosting control panel.

Step-by-Step Guide

1. Put your website into maintenance mode

• Log in to your hosting control panel
• Open File Manager
• Go to `public_html`
• Rename `index.php` to `index_old.php`
• Upload a simple maintenance page if needed

2. Scan your website files

Check for suspicious files in:

• `public_html`
• `wp-content/uploads`
• `wp-includes`
• `wp-content/plugins`

Look for:

• Unknown `.php` files
• Recently modified core files
• Obfuscated or unreadable code
• Files with names like `cache.php` or `wp-vcd.php`

3. Remove malicious files

• Delete any suspicious or unknown files

• Replace WordPress core folders:

  • `wp-admin`
  • `wp-includes`

• Download fresh copies from WordPress and upload them

4. Reset all passwords

Change all credentials immediately:

• WordPress admin accounts
• Hosting control panel login
• FTP accounts
• Database users

Also remove any unknown admin users in WordPress.

5. Check plugins and themes

• Delete any unused plugins
• Remove nulled or untrusted themes
• Update all remaining plugins and themes

6. Check the database for injected code

Using phpMyAdmin, review:

• `wp_posts`
• `wp_options`

Look for:

• Spam links
• Suspicious scripts
• Unknown iframes or redirects

7. Secure your installation

• Install a security plugin (e.g. Wordfence)

• Disable file editing in WordPress:

   

  `define('DISALLOW_FILE_EDIT', true);`

   

• Ensure correct permissions:

  • Files: `644`
  • Folders: `755`

8. Restore from backup (if necessary)

If the site is heavily compromised:

• Restore the latest clean backup
• Reapply security steps after restoration

Important Notes

• Always remove malware before restoring backups
• Core WordPress files should always be replaced with fresh copies
• Infections often come from outdated plugins or nulled themes
• Regular updates significantly reduce risk

Common Issues & Fixes

Site still redirecting after cleanup

Check:

• `.htaccess` file for malicious redirects
• `wp_options` table for altered site URLs

Malware keeps returning

This usually means:

• A plugin/theme is still infected
• A backdoor file was missed
• Passwords were not fully reset

Cannot access WordPress dashboard

Try:

• Resetting admin password via database
• Disabling plugins via File Manager (`plugins` folder rename)

Need Help?

If your website remains compromised after following these steps, your hosting support team can assist with deeper malware removal, file inspection, and recovery options.

Related Guides

• https://websitehosts.uk/blog/what-is-wordpress
• https://websitehosts.uk/blog/what-to-do-if-your-website-gets-hacked
• https://websitehosts.uk/blog/how-to-change-wordpress-password

Related Hosting Services

• https://websitehosts.uk/wordpress-hosting-uk
• https://websitehosts.uk/wordpress-vps-hosting-uk
• https://websitehosts.uk/wordpress-multisite-vps-hosting-uk