It’s quite scary. Maybe you were locked out of your site, or you get redirected to some random website, or have some weird message on your site.
But don’t worry; it’s something that can be fixed quite easily.
By the end of this article, your site will be restored back to normal and set up to prevent your site from being hacked again.
In this article, I’m going to show you:
- How to Fix a Hacked WordPress Website
- What To Do After Website is Fixed
- How To Prevent Your Website From Being Hacked
(Feel free to click any of the links to skip to that part of the article)
If you think your website was hacked but are not sure, you can use the free Malware Scanner from Sucuri. Just click the link below.
Now, let me show you how to fix a Hacked WordPress website.
Please Note: Some links in this article are affiliate links
How To Fix A Hacked WordPress Website
I’m going to show you the easy way to fix your hacked website first, but if you are more of a do-it-yourselfer, I’ve included resources for you.
The Easy Solution
Sucuri’s malware monitoring and removal service is what you need.
Just sign up for their service, submit a malware removal ticket, and your site will be fixed in no time.
It’s the same service I use for my websites and my clients’ websites.
The service is EXTREMELY affordbale.
It’s only $89 a year.
That includes malware monitoring and removal any time you get hacked.
Pretty good deal considering the peace of mind.
How To Fix It Yourself
If you’d rather fix the issue yourself, it can certainly be done.
But it will require quite a bit of technical knowledge and time.
Here are two handy resources you should check out if you’d like to learn how to fix a hacked WordPress website yourself.
What To Do After Website Is Fixed
After your website is fixed and brought back online, there are a number of steps you’ll want to take to fix any vulnerabilities on your site.
Here’s a list. Please go through one by one and make all changes:
- Update all plugins, themes, and WordPress to the latest versions
- Install clean copies of all plugins, themes, and WordPress (if you have made any customizations to plugins or themes, be sure not to overwrite those files)
- Delete old cache files (if you have a cacheing plugin installed)
- Remove any unknown users from your site or users that are no longer being used
- Change all users’ passwords to strong passwords (I like passwordsgenerator.net to help with this)
- Change the password to your hosting account and/or control panel
- Change all FTP passwords
- Run a malware scan (use Sucuri’s Free Malware Scanner)
- Install the 3 tools mentioned in the next section
How To Prevent Your Website From Being Hacked
By now, your website should be malware free. You should have completed the 9 steps in the section above.
But how do you prevent your WordPress website from being hacked in the first place (or again)?
There are three tools we use here at myWPexpert to prevent our clients’ sites and our own websites from being hacked:
1. iThemes Security Plugin
This plugin will harden your website’s security to help prevent any future attacks.
Once you’ve installed the plugin, just go through each step of the set up process.
2. Sucuri Malware Monitoring and Removal Service
Sucuri is a service that will monitor your website 24/7 for any malware.
If it detects malware or a security breach, it will notify you.
You can then submit a malware removal request and they’ll remove it for you, usually within the hour.
You can get Sucuri’s Malware Monitoring and Removal service for the incredibly low price of $89 a year.
I love CloudFlare.
CloudFlare does so many great things for your website.
But the main one we’ll concern ourselves with here is the added security.
CloudFlare will prevent any known spam and malicious visitors from even being able to access your website.
How can someone hack your site if they can’t even access it?
Safe and Sound
See, it wasn’t as bad as it seemed.
Your website is back, you fixed any vulnerabilities, and you’ve made your site secure to prevent this from happening again.
If you have any advice or personal stories about your website being hacked, please share them in the comments below.