How To Fix Hacked WordPress

If you have a WordPress website, it’s important to be prepared for the possibility of being hacked. Unfortunately, hacking is becoming more and more common, and even well-protected sites can be compromised if they’re not careful. 

If you suspect that your site has been hacked, don’t panic! In this article, we will walk you through the steps necessary to fix a hacked WordPress site.

Note that there’s two steps here – the first is cleaning up the hack and the second is upgrading your security and processes around your website to ensure it doesn’t get hacked again. If you don’t do this second step and plugin the hole that was exploited in the first place you’ll likely be hacked again almost immediately.

How Do You Know If Your WordPress Site is Hacked?

Before you can fix a hacked WordPress site, you need to know whether your site has been hacked in the first place. 

There are several ways that a hacker can compromise your WordPress website, and being able to recognize these signs will help you diagnose and fix the problem quickly.

  1. Slow loading site
  2. The site has been defaced or changed
  3. Can’t log into your site
  4. Google has backlisted your site or blocked you from running Google Ads
  5. When you Google your site or business, pages with foreign languages are indexed
  6. Your site is sending spam emails
  7. Malware hosted on your site
  8. Your site redirecting to another site, often weird foreign language sites, porn sites or generally shady looking sites

1. Your site is loading slower than usual

One of the most common signs of a hacked WordPress site is that it’s loading more slowly than usual. This can be caused by several different things, including malware or excessive spam comments. If your site has been hacked, you should check your traffic stats to see if there’s been a sudden increase in pageviews.

Hackers often use your website to host malware or redirect visitors to other sites. This means that your site has become a sort of middleman in the hacker’s operations, and is therefore taking longer than usual to load pages due to extra traffic from infected users.

If you notice an unusual increase in pageviews (especially if those views are coming from different parts of the world), it’s likely that your site has been hacked.

2. Your site has been defaced

Another common sign of a hacked WordPress site is when your website’s front page has been replaced with something that the hacker has put there. This could be anything from a message about the hack to a random picture or advertisement.

If you see something like this on your website, it’s definitely time to take action and fix the problem.

Hackers often deface websites as a way of bragging about their exploits, or as a warning to other site owners. So, if your website has been defaced, it’s likely that your site was hacked by someone who wants you to know that they did it.

3. You can’t log into your site’s admin panel

If you try to log into the back end of your site and find that you’re unable to do so, it could be because someone has changed your password or deleted your account. Your website is probably compromised in some way, but this doesn’t necessarily mean that hackers have taken control over everything on it (yet).

Sometimes hackers will change the password on your site as a way of locking you out so they can use it themselves without being noticed by anyone else. The sooner you notice this problem, the easier it will be for you to prevent further damage from happening.

4. Your site has been blacklisted by Google or your Google Ads have been turned off

Another common sign of a hacked WordPress site is when it’s been blacklisted by Google. If your website suddenly stops appearing in search results and you get a notification from Google, this means that they’ve detected something wrong with the content on your website.

The most likely reason for this is if there’s malware or spam content on your site, which Google considers to be a threat. If this happens to you, the first thing you need to do is make sure that any links leading back to your website are removed from other sites as soon as possible so they don’t continue spreading the problem further.

It’s also important not to panic if your website has been blacklisted by Google. It’s not the end of the world, and there are things you can do to fix the problem.

If you’re seeing any of the signs mentioned in this article, it’s possible that your site has been hacked and is now blacklisted by Google.

5. Your site is sending out spam email

One of the most dangerous signs that your WordPress site has been hacked is when it starts sending out spam emails. This can be caused by a number of different things, including malware or a hacked plugin. If your site is suddenly sending out spam emails, you need to take immediate action to fix the problem.

If your site has been hacked, it’s likely that the hacker is using it to send out spam emails. Hackers often use compromised websites for this purpose because they can hide their own IP address and make it look like you are sending those emails instead of them.

If you’re seeing an increase in spam emails, it’s a clear sign that your site has been hacked.

6. Your site is hosting malware

If your WordPress site has been hacked, there’s a good chance that it’s also hosting malware. Malware is a type of software that’s specifically designed to damage or take control of computers. It can be used to steal passwords, credit card numbers, or other sensitive information.

Hackers often use malware to take control of websites and use them for various purposes. For example, they might install it on your site in order to send spam emails or steal credit card information from visitors’ computers.

Malware can also be used by hackers as a way of defacing your website and making it look like you’re hosting illegal content such as child pornography or copyright-infringing material.

If you’re seeing any of the signs mentioned in this article, it’s likely that your site has been hacked and is hosting malware.

How to Fix a Hacked WordPress Site

Now that we’ve covered the most common signs of a hacked WordPress site, it’s time to look at what you can do about it.

1. Use a service that specializes in fixing hacked sites

The easiest and most effective way to fix a hacked WordPress site is to use a service that specializes in WordPress maintenance and support.

WPSpeedFix include hack fixes as part of their WordPress maintenance and support plans

WPSpeedFix has worked on over 4,000 sites and provides all types of WordPress services, including malware removal, SEO optimization, and website speed boosting.

They have a team of experts who know how to clean up hacked websites quickly and effectively. The best part is that they offer 24/hr support for any questions you may have about cleaning your site up or preventing future attacks from happening again in the future.

2. Wordfence Security Plugin

Wordfence Security is a popular plugin that provides website protection against hackers and malware. It works by scanning your site for any potential vulnerabilities and then blocking access from malicious IP addresses before they can cause damage.

If you’re not sure whether your site has been hacked or not, Wordfence Security is a great plugin to help you find out. It will scan your website for any signs of malware or other security threats and then provide you with a report on what needs to be fixed.

Another great feature of Wordfence Security is that it can prevent hackers from gaining access to your website by blocking their IP addresses. This is especially useful if you suspect that someone has been trying to hack into your site but hasn’t yet succeeded in doing so.

The basic features of the Wordfence plugin are free to use. However, if you want access to their advanced features, such as premium support and real-time threat alerts, you’ll need to upgrade to a paid plan.

If you’re looking for a plugin that can help protect your WordPress site from hackers and malware, Wordfence Security is a great option.

3. Hire a Freelancer

There are several sites where you can find a freelancer to help you clean up your hacked WordPress site. The two most popular sites are Upwork and Fiverr.

Upwork: Upwork is a site that allows you to create and list specific projects you need to be done. You can specify a list of requirements, budget, and other details about what you’re looking for in a freelancer.

When your job listing is created, qualified freelancers can submit proposals to do the work at a certain price that they think would be fair based on their experience level. You can then review all of these submissions before choosing which one works best for you!

Fiverr: Fiverr works a lot like Upwork, except the freelancers advertise what they’re willing to do for specific prices. This makes it easier for users who are not sure what they need help with. They can browse through the different services that are offered and find one that best suits their needs.

Another feature of Fiverr is that all gigs start at $5, and you can find many new sellers that are willing to do the job at a lower price in order to build up their portfolio.

Both of these sites are great options for finding a freelancer to help you clean up your hacked WordPress site. Just be sure to check the reviews and ratings of the freelancer before hiring them to make sure you’re getting someone reputable!

Fix a Hacked WordPress Site Yourself

If you’re comfortable with coding and have some experience in WordPress, you may be able to fix your hacked WordPress site yourself. 

4. Ask your hosting provider

Some of the premium hosting companies such as Kinsta and WPEngine offer automatic backups and malware removal. They can even help you restore a previous backup of your website if you’re having trouble getting it back up and running. If the malware-infected files were not backed up, they may be able to help you remove them from cPanel.

Below are a few steps we recommend you take:

Remove Malware: Start by searching for any non-WordPress-related files in your WordPress folder and delete those that don’t belong there. Also, look for anything that looks suspicious such as code inserted into WordPress core files, theme folders, or plugins – these are likely to be infected with malware.

Reinstall WordPress: If you’re unable to fix the malware infection manually, your best bet may be to reinstall WordPress. This will completely erase all of the files on your website and allow you to start fresh. So, only consider this as an option if your site is still new and doesn’t have much content.

Reset Usernames and Password: Reset all usernames and passwords for any users who have access to the website. This includes your own username and password, as well as those of any other users who have access to the WordPress dashboard.

How Do WordPress Sites Get Hacked?

WordPress is a very popular platform powering something like 40% of all websites on the internet and is often a target for hackers

There are many ways your WordPress site can be hacked, but some of the most common include:

1. Password Brute Force

Using an easy password is the most common reason for WordPress websites to be hacked. Hackers have “brute force” tools that can guess and figure out passwords that are commonly used.

It’s very common for people to reuse passwords across a range of different sites they have access to and if a password was included in a data breach it’s much more easily brute forced.

It’s important to use a strong password that is unique and not easily guessed or used on any other service.

Check your email address on Have I Been Pwned to see if it was included on a data breach (very good chance it is!)

Some password manager tools like 1Password integrate directly with Have I Been Pwned and will tell you if a password was included in a breach.

2. Vulnerability Exploits

These are vulnerabilities in WordPress core, plugins, and themes code that allow hackers to gain access to your site.

WordPress is a piece of software just like any other software you use, so it’s important to always keep your WordPress core and plugins up-to-date. If you’re using a premium plugin or theme, check with the developer periodically for updates as well!

If you’re not going to patch WordPress yourself then using a WordPress Maintenance Service is a good solution here.

3. Lack of Security

Having a secure WordPress site isn’t just about the hosting you choose. You also need to have your website set up with security plugins and proper security measures in place.

A typical small business WordPress site will have anywhere from 1000 to 10,000 hack attempts, probes and password brute force attempts on it PER DAY!

It’s important to install a plugin like Wordfence, which can help protect your site from brute force attacks and malware infections. You should also consider using a service like Cloudflare, which can help protect your website from DDoS attacks and malware infections.

4. Poor Hosting Configuration

If you’re hosting your WordPress site with a cheap or low-quality host, you may be sharing your server with other websites that are also infected with malware. This can quickly infect your website and make it difficult to clean up.

It’s important to choose a reliable hosting company that takes security seriously and has measures in place to protect their customers’ websites.

Why Do WordPress Sites Get Hacked?

It’s important to talk about why WordPress sites get hacked in the first place, here’s a few of the most common reasons.

To Steal Stripe, Paypal or Payment Gateway API Keys

A common but not often talked about reason for hacked websites is to steal payment gateway API keys. Once a malicious actor has your payment gateway keys they typically have full control over payments going in and out.

This is the most common reason for Woocommerce hacks we’ve seen. Typically the malicious actor will get access to the backend of the site, install an older version of the Stripe payment gateway plugin which shows the API key in plain text and then can easily copy and paste it.

It’s important if your Woocommerce site gets hacked to change API keys on payment gateways and other software connected to the site, e.g. Zapier, Mailchimp or email software, 3PL fulfilment tools

SEO Backlinks aka “Niche Edits”

Another very common reason for hacks is SEO Backlinks whereby a malicious actor will go and edit old blog posts or pages on the site and insert backlinks to other sites.

These links are often sold as “niche edits” whereby the SEO vendor claims they have a relationship with 10,000 bloggers and can get links for you on their sites. As is usually the case, if it sounds too good to be true it is – 99 times out of 100 these links are going on hacked websites.

This article has a excellent breakdown of this niche edits scam.

If you’ve been hacked, check your WordPress pages and posts to ensure no new pages were added. You can use the WordPress revisions feature to check for recent edits made to pages.

Fun or Because They Can

There’s definitely a “fun” element here where “script kiddies” simply hack and deface websites for fun. Often they’re running tools across 1000s of sites poking for holes and essentially do it for fun.

Negative SEO

Once Google determines a website is hacked it’s rankings will typically completely tank. Even after fixing the site it will take some time to recover Google rankings. In hyper competitive spaces, negative SEO is a common tactic some competitors use and there are certainly some website hacks that are done for negative SEO reasons.

How To Stop Your WordPress Site Getting Hacked (again)

Once you’ve fixed your WordPress site, it’s important to take some additional steps to help keep it safe to prevent is being hacked again.

1. Update Plugins and Patch Regularly

One of the most common reasons WordPress is hacked is due to security holes and exploits in plugins. Ensuring your site is patched regularly and kept up to date will ensure the risk of a security hole being exploited is negligible.

2. Use Strong Passwords

Using a strong password that you’re not using on any other app or service. It’s also worth checking your email addresses on Have I Been Pwned to determine whether any of your old passwords were included in a data breach.

3. Install a Security Plugin Like Wordfence

As we mentioned earlier, installing a plugin like Wordfence can help protect your website from brute force attacks and malware infections. It also provides an option to block IP addresses that have been flagged as malicious.

4. Use a Security Service Like Cloudflare

Cloudflare is a CDN (content delivery network), website acceleration service and website firewall. Using a service like Cloudflare will both speed up your site and make it more secure even on the free plan!

5. Regularly Backup Your Website

It’s always a good idea to have regular backups of your website in case you do get hacked. This way, you can restore your website to a previous backup and avoid losing any data or content. There are a number of plugins and services that can help you with this. We typically recommend Blogvault which we talk about in more detail on this post breaking down the Best WordPress Backup Plugins

6. Upgrade Your Hosting To a Host With Built-in Security

If you’re using a cheap or low-quality host, they may not have security measures in place to protect your site from hackers. Consider upgrading to a more reliable hosting company that offers better security features such as malware scanning and proper firewall built right now.

Conclusion

In this blog post, we’ve outlined a few things you can do to help fix your hacked WordPress site. We recommend using a service like WPSpeedFix to clean up your website quickly and effectively. Additionally, be sure to install security plugins, use a content delivery network, and regularly backup your website. Finally, consider upgrading to a more reliable hosting company that offers better security features.

Comments are closed.