Restoring a Hacked WordPress Site: Effective Steps for Recovery

free wordpress themes

WordPress is a highly secure content management system. You can trust WordPress to keep the content of your website secure. Whether you run a blog or an e-commerce business, you should be safe from hackers with WordPress. However, no CMS or website is invulnerable to hackers. Today, more than 2000 cyber attacks happen every day. In addition, hackers can attack a higher level of security. So even if you choose the best options for your website, there are chances of getting WordPress hacked. 

Don’t panic if your WordPress site is hacked. Discover actionable steps to effectively recover your website and regain control with confidence. Many sites are vulnerable to hacking, but no other CMS can help you recover a hacked website like WordPress. 

WordPress Hacked: Reasons that your WordPress site got hacked 

You might have done everything in your power to keep your site safe. So when it does get hacked, you may wonder what you did wrong. There may have been a few key factors behind this. 

  1. Insecure Login Credentials 

8% of WordPress hacked websites have weak login credentials like “password,” “picture,” or “12345.” Although a strong password does not make your website immune from potential attacks, it does add a layer of security. 

  1. Using outdated software 

Using outdated WordPress core files, plugins, and WordPress themes are the most common vulnerabilities in your website. It is essential to keep your WordPress installations up to date because they usually come with new security patches. When a file gets too old, it becomes an easy target for hackers. 

  1. Low-quality website code 

Low-quality WordPress plugins and free WordPress themes generally have poor source code quality. When you add them to your website, you make it vulnerable to outside attacks. Kindly ensure that you are getting all the WordPress-related products from reputable marketplaces. 

Steps to recover your WordPress hacked website 

At first, it is difficult to believe that your website got hacked. However, after you can gain an official confirmation, you need to take immediate steps. Just because hackers were able to breach the security does not mean you cannot convert your website back to normal. You can take several steps to gain control of your website. 

  1. Put WordPress in Maintenance Mode 

If you still have access to your WordPress dashboard, immediately convert your website to maintenance mode. When you do this, visitors cannot open the hacked website. This will protect their information and device. Your brand image gets damaged if someone loses their information or gets a virus after visiting your website. If, for some reason, you cannot convert your website into maintenance mode, then be sure to post an apology message on your website. This will inform the customers about the incident, and they will realize it was a one-time attack. 

  1. Change your password 

If your website has been hacked, hackers have gained access to your login credentials. So the most crucial step that you can take is to reset your WP-admin, FTP, database, and hosting account passwords. You don’t even have to think about generating a strong password. You can get strong password suggestions for free from Google. Do not mistake using one password for most of your website-related accounts. Because if the hackers get to know your credentials, you will lose access to multiple accounts. 

  1. Update WordPress 

Before attempting to fix the WordPress hacked website, you should update all WordPress installations. This includes updating the plugins and free WordPress themes. Doing so ensures the hackers cannot exploit the site’s vulnerabilities. 

  1. Deactivate plugins and themes 

If your site was targeted, you should deactivate your plugins and themes. After that, activate them one by one; this will help you identify the infected installation. When you discover the installation that has been infected, uninstall and delete them. This is also an excellent time to check out the plugins and themes that you use. Having unnecessary downloaded plugins can create access points for the malware. Downloading too many plugins can also negatively impact your site’s performance. 

  1. Install WordPress once again 

If you have tried all of the steps mentioned above, the core files of WordPress may have been infected. So you have to reinstall WordPress and the files. Go to the updates section in the dashboard and click on the reinstall button at the bottom of the page. Before you move forward with this step, creating a backup for your WordPress website files is necessary. 

Don’t overwrite your old backup files with the new ones. You can compare the hacked version of WordPress files with the clean ones to identify suspicious files. Any file that seems suspicious must be removed. Whatever content those files had can be installed later. It is essential to secure your website and get it functioning again. 

  1. Try removing new WordPress users with admin control privileges. 

If you are suddenly seeing new users with admin privileges, then they are the hackers. Kindly confirm who has admin privileges and if it is not anyone from your team, proceed to remove them. 

  1. Search for malware 

You can simply install a plugin to remove malware. Unfortunately, many people try to do the whole thing manually, which can worsen the situation. However, using a plugin can automatically remove the malware-affected files. When you are thinking about installing plugins for WordPress security, read the features that they have. 

  1. Disable PHP Execution

Hackers can create backdoors in WordPress sites by uploading files with malicious code to the uploads folder. If you disable PHP execution, it prevents them from executing those infected files. 

Create a .htaccess file and add the following code to it: 

<Files *.php>

deny from all 


Then upload this file to the wp-content/uploads/ folder inside your root directory using a file manager. 

  1. Clean the WordPress database 

It is crucial to clean your site’s database. If the hackers have created any backdoors via database injection, then you should know about it and be able to eliminate records with malicious code. 

Doing this manually is time-consuming and risky. If you make one small mistake, you can lose important data. In addition, the site can break beyond repair if the wrong files are deleted. That’s why you should not take the risk and save time by using a plugin for this task. You should check the reviews from the customers and then decide which database plugin you want to install. 

  1. Clean the sitemap 

A sitemap is the site’s blueprint that helps search engines crawl your website. Search engines crawl content and show your site in search engine results when someone searches for related queries. If your sitemap has also been hacked, you will see a drop in your search engine rankings. Ranking well on search engines is how your site gets organic traffic. If that has been harmed by hackers, then you need to get back on track. So it is worth your time to create a new sitemap when dealing with malware attacks. 

The fastest and easiest way to create a WordPress sitemap is using a WordPress plugin. After your sitemap is regenerated, submit it to Google for crawling through Google Search Console. Search engines can take up to two weeks to fully crawl your website. So, kindly be patient during this time. If it takes time, don’t assume that something went wrong. 

  1. Contact the hosting provider 

If you run your site based on shared hosting, the issue can come from another site that shares the same server as you. Contact the provider, give them the details of your problem, and ask them if any other website has faced the same issue. 

Your hosting company should easily be able to recover access to your WordPress site. They can also provide web logs that can help you conclude the time of the attack. 

A hosting provider is responsible for ensuring that your website performs well and is secure. Therefore, they play a significant role, and if nothing works, you should not undermine what they can do for you. Instead, you should contact them immediately and ask for help. 

It is also essential to assess whether your hosting provider meets your needs regarding important aspects like security. You should find a hosting provider that can do its best to mitigate any sort of attack on your site. 

If your website is hacked repeatedly, your brand loses its value. That’s why you should choose your hosting partner carefully. If you think that shared hosting cannot meet your security needs, maybe it’s time to shift to managed WordPress hosting.  


While WordPress remains a safe haven from malicious cyber attacks. It is not invulnerable, and no CMS can be. However, it is effective because you can easily take multiple steps to gain control of your site in case of a breach. How difficult it is to regain control of your site depends on your technical skills and the severity of the attack. 

WordPress is the most popular CMS in the world; that’s why it is a target for hackers. However, it is not easy for anyone to hack into a WordPress-based site. WordPress frequently releases updates with security patches. 61% of the attacked sites were outdated. To secure yourself from cyber attacks, keep your WordPress updated.

%d bloggers like this: