Do you want to resolve Hacked WordPress Site? WordPress has a lots of updates and security features to save user’s data. But hackers and spammers finding new vulnerabilities to exploit the user’s data day by day. So it is really important to secure the WordPress site from being hacked.
This article will describe you to protect your WordPress site if it has been hacked by malicious codes, backdoors, spam, malware and other vulnerabilities.
Few Steps if Your WordPress Website Gets Hacked
Step 1: Restore your backup
To keep safe of your data, you should always make backup wordpress website on a daily, weekly or monthly basis depending on how frequently you post new content or make site-wide changes.
If you got hacked, you have to just go to your archives and find the most stable backup to restore your website.
In case of an automated scheduled backup, use the backup files from the day /week /month before your website was hacked. If you are not proactive in taking backups, you can also get in touch with your web host and ask them for a backed up copy of your website.
Most of the web hosts usually take periodic updates of their websites which they host.
Read Also: 11 essential tips to ensure your WordPress Security
Step 2: Ask for help from your web host
This is the best way to restore your hacked WordPress website when especially if you are not a techie. Most of the web host’s place websites on shared servers which often means that hackers target other websites on the server as well.
For this reason web hosts keep in track of hacked websites so that they can track the exact reason of hacking. Web hosts are also have many special tools by which they are able to scan your website for vulnerabilities and suspicious codes. A good host is always available in addition to help you in restoring your website.
Step 3: Update your plugins and themes
There are 22% and 29% of hacked websites which are a result of vulnerabilities inside the install. Research has settled that 22% and 29% of all hacked websites are as a result of susceptibility in installed plugins and themes.
As a plugin is defined as a type of software that contains a group of functions that can be added to a WordPress website. They are used to provide additional functionality to your application.
You should always update your themes and plugins to avoid website hacking issues. A theme is a group of stylesheets and templates that are used to describe the appearance and display of a WordPress site. A WordPress theme changes the layout & design of your site.
Also, templates are those files which control how your WordPress site will be displayed on the Web. These files draw information from your WordPress MySQL database and generate the HTML code which is then sent to the web browser.
For more security purpose you are advised to only install those themes and plugins which have thumb up impression by WordPress community. You are also advised to check whether your WordPress is updated or not, if not then update it quickly.
Step 4: Reinstall WordPress
In hacking most of the steps are done more times in website. This is because if your website was running on an outdated version of WordPress. We suggested you to take a complete backup wordpress site before doing anything related to installation.
Backup all the files which you have uploaded If you had uploaded any files using the media center, back them up so that you replace the folder in the new installation. You can upload themes and plugins later with original source. Follow these steps to reinstall the WordPress after backup all necessary files.
- First, download a fresh copy of WordPress
- Delete all the WordPress files from your server
- Upload new root files to WordPress or where you have the previous files.
- Locate the wp-config file by going to back up files and use database settings to modify new files.
- Scan your uploads folder and if you get not threats, re-upload it to /wp-content/uploads/
- Now your WordPress should be working fine. Now next step is to manually install the themes and plugins.
Step 5: Reset all passwords
You are advised to reset all user passwords if this problem is coming out from the server. Most of the user make a mistake that they only reset the admin password, but you should reset all passwords.
There are two methods available for resetting passwords. The first method is to reset password by going to user manager inside your WordPress dashboard and reset the user passwords from there.
This can only be successful if hackers don’t deny your access. In case if you are not able to login to dashboard you can use phpMyAdmin method to reset your password.
a) How to reset the password using PHPMyAdmin method
- First of all, login to cPanel. If you don’t know the credentials of your cPanel then contact web-hosts and they will definitely help you.
- In the cPanel, click on phpMyAdmin icon and then phpMyAdmin loads, locate your WordPress database and click on it. Navigate to the file manager and find your database in wp-config file, if you are not sure about such database if more than one is present there.
- Navigate to the wp-user table after clicking on the database name.
- You will here see all users with edit buttons. Click on the edit button and in the user_password field, change your function to MD5, enter on new password and click on go button.
- Repeat these steps for all available users.
- You are recommended to use a strong password for strong security. You can also take help from Google online password generator for strong passwords.
Here, cPanel is also known as control panel which is basically a web hosting panel based on Linux system and provided by many hosting providers. It provides a website all the automation tools to simplify the process of hosting a website.
b) Use SSL
Secure Socket Layer (SSL) encrypts sensitive data so that only the node that was meant to receive the data can decipher what it is all about. But except encryption, SSL also helps you that whether you are not sending data to a hacker. Public infra key of SSL tells the user that data is secure on the internet.
After recovering your website it is necessary for you to get rid of doing this again. Here are the simple steps which will help you that your site doesn’t hack again:
- Make sure your website is hosted by a reputable web host
- Install a two-factor authentication plugin.
- On your forms, use recaptcha to help prevent robots and SQL.
- Install reviewed WordPress plugins.
- Use unique and strong passwords for tight security.
- Set file permission correctly.
- Activate auto-update WordPress installation to ensure better security.
- All WordPress installed plugins should be updated and have been tested with the current version of it.
If you are still facing problem in fixing the Hacked WordPress site contact our WordPress Technical Support Team. Dial +1-888-738-0846 (Toll-Free). We will be pleased to help you.