Restoring Your WordPress Website After It Got Hacked
So Your WordPress Website Got Hacked!
Hopefully, you implemented our essential WordPress security tips and kept your website secured. But just in case you are reading this post after the fact, we don’t want you to give up hope. In most cases, restoring your WordPress site after it was compromised is possible. It may take a little time and may cost money to hire a professional to help you. But it can be done.
Restoring Your WordPress Website
The first step in restoring your WordPress website is to realize that your site was compromised. While specific hacks are easy to spot immediately, other signs that your WordPress site was compromised are harder to spot. In some cases, you will not even notice anything wrong as a logged-in user, but your website visitors will certainly see.
7 Signs Your WordPress Site was Compromised
Most WordPress sites face hacking attempts over time. And in most cases, you will notice right away that your website was compromised. But there are instances when you may not realize it for quite some time. If you are not sure if your WordPress site is compromised, you should look for these seven telltale signs:
1 – You Are Unable to Login
Not being able to access your site is a pretty obvious sign unless you completely forgot both your username and password. If you are no longer able to login to your WordPress admin dashboard, it means your site is compromised. Usually, the main reason this happened is because of a weak user name and password.
2 – You Receive a Ransom Request
In 2020, ransomware is frequently the result of a compromised website. The hacker inserts code that prevents you from accessing your site information and requests payment before restoring your content. Most often this type of ransom involves untraceable bitcoin payments.
3 – A Sudden Drop in Website Traffic
A frequent reason for hackers to target your website is to redirect your website traffic to other websites. Most often, these are low quality or spam sites. For this reason, Google penalizes and blacklists sites that contain spammy links or direct to spammy web sites.
4 – Your Website Looks Different
Another noticeable sign your website got hacked is a change in appearance. It may merely be some inappropriate content or images on your home page or a simple note that your site is compromised. Some spammers hack sites simply to feed their ego. The results, in this case, are usually more short term rather than long-lasting damage.
5 – You Content Has Changed
In some cases, hackers add new and most often inappropriate content to your website pages, or create new pages. A widespread example is finding porn on your website. Other forms of malicious content include fake comments or reviews, and products, or services you don’t offer. Changed business info, such as your contact info or business location, is another indication of a breach.
Malicious content usually leads your visitors to spam websites. It not only damages your website and impacts your website traffic, but also your online reputation.
6 – New Pop-Ups and Other Unwanted Ads
Unwanted pop-ups are a particularly nasty form of hacking a WordPress site. Even worse, this type of compromise usually does not involve a hacker. It is an automated attack that penetrated your WordPress core system either through a weakly protected theme or an insecure plugin. This form of attack can make it almost impossible to notice that your site is compromised.
Most often, website owners simply notice their site has become very slow, or even completely unresponsive. The ads won’t show up for logged in users or users who can access your website directly. Instead, the malicious content only shows up for those visitors who come to your site via Google or another referral site or a direct link.
7 – Unusual Activity in Your Server Logs
Sometimes hackers gain access to your WordPress site not to hurt your business or demand ransom. Instead, they want to use your WordPress website for other purposes. Common examples include botnets, who use your site to spam other sites, and even certain forms of bitcoin mining.
Most website owners notice this type of compromise by merely looking at their server logs. Server logs are located in your cPanel and accessed by logging in to your hosting account. In cPanel, under statistics, you’ll find two kinds of records:
- Access Logs: these logs show you who accessed your WordPress through which IP.
- Error Logs: these logs show you what errors occurred during the modification of your WordPress system files.
Using this information, you can tell if your WordPress website is compromised. You can also use this information to blacklist or block those IPs which are not from your location or are unknown.
3 Ways to Restore Your WordPress Website After It Got Hacked
Once again, hopefully, you followed our essential WordPress security tips before your WordPress site or e-commerce store was compromised or hacked. If you are reading this after the fact, there are specific steps you can take to recover your website.
If your WordPress website got hacked, don’t panic and follow the steps below to bring it back to normal.
Restoring your WordPress Website From a Backup
In our essential WordPress security tips, we mentioned the importance of regular backups. Backups are by far the most effective and fastest way to restore a hacked WordPress website.
The first step is to locate your most recent backup. You should never keep the actual backup files on your website. They will either be gone or corrupted when you need them most. Instead, you should always store your backups at a remote location. Here are the three most common options:
Inside your WordPress Backup Plugin
If you’ve installed a WordPress backup plugin, chances are they’ve stored a backup of your site on their cloud service or a cloud service like Google Drive or Dropbox.
In Your Own Cloud Backup Account
Check out your Google Drive, Dropbox, or other cloud services if you have a manual backup of your website you might have put there by yourself.
With your WordPress Hosting Provider
If you didn’t invest in a WordPress backup plugin or manually backup your website, your last bet is to contact your hosting provider. It is highly likely that they also regularly create a backup of your website on their server.
Once you locate a recent backup from one of these places, you’re good to go. You can restore your website manually or by using the same plugins that created the backup. You can also request your hosting provider to do so.
Restoring Your WordPress Website Without a Backup
OK, so you don’t have an existing WordPress backup. While that is not exactly great, you can still restore your WordPress website; it will merely require a few extra steps.
If You Can Access Your WordPress Admin Dashboard
The first step in restoring your WordPress website without a backup is to determine if you can still log in to your WordPress dashboard. If you can gain access to your WordPress website, you are one big step closer to restoring it.
Removing Infected Files
The next step in restoring your WordPress website is to remove any infected files. In some instances, Google or your WordPress web host will let you know when you’ve been hacked and provide you with a list of hacked and infected files.
If you do not know which of your WordPress files got infected, you can run a scan of your website using Wordfence or Sucuri. A scan will provide you with the info you need to clean and disinfect your WordPress site and installation.
Once you know which files have been corrupted or infected, the final step in restoring your WordPress website is removing the affected files.
In some cases, you will need to update your entire WordPress installation. This process is more straightforward than it sounds.
In your WordPress admin dashboard, go to “Updates.” You will notice the current version of WordPress installed on your site. Below that is a button to “Re-Install WordPress.” That will re-install the most recent version of WordPress on your website.
Replacing Infected Themes and Plugins
The final step in restoring your WordPress website is to replace infected themes and plugins with new fresh copies as well. Let’s start with your WordPress theme. You should always have at least two WordPress themes installed, your active theme, and a backup theme.
We recommend using the latest WordPress theme, which currently is the Twenty-Twenty WP Theme. Delete the version you have on your website as it may be infected as well and download and activate a fresh copy.
Since you can not update an active theme, make your backup theme active. Activating your backup theme will enable you to delete your potentially infected WordPress theme. Then you simply need to install and activate a fresh copy of your primary theme. If you purchased your WordPress theme from a trusted WordPress theme repository, you can locate and download a clean copy there. Otherwise, you need to ask your web developer or agency for a fresh copy.
To replace your plugins, you must first deactivate and delete any exiting plugin from your WordPress site. Once you have done that, you can download and activate fresh copies of each plugin.
And this will complete your WordPress website restoration if you can still access your admin area. If not, things get a bit more complicated.
Restoring Your WordPress Website if You Are Locked Out
If you are not able to access your site at all, restoring your WordPress website will be a much more complicated process. It is still possible, of course, but you may want to ask your WordPress web designer or agency for help at this point. We certainly don’t want to scare you, but things can get tricky here.
Determine Which Files Were Infected
If you already have a list of infected or corrupted files, you can skip this step. Otherwise, please read on.
If your web host did not already provide you with a list of infected or corrupted files, you need to contact your WordPress hosting provider. In some cases, they may not be willing to provide you with the info you need for restoring your WordPress website. This situation arises most often with low-cost hosting providers, which is why we recommend reputable WordPress hosting. But you need to be both persistent and polite, and you will eventually receive the info you need to proceed.
Replacing Infected or Corrupted Files
Once you know which files you need to replace, you can begin the process of doing so. In most cases, all you have to do is log in to your cPanel and access your File Manager. Once you are there, you can simply delete the infected files.
We do have to warn you that this step in restoring your WordPress website may require you to delete entire plugins and even your WordPress themes. But don’t be overly concerned. As described above, you can always replace themes and plugins, so this should not be a huge problem.
Restoring WordPress Core Files
Most likely, restoring your WordPress website after it got hacked will require deleting a few WordPress core files as well. Unfortunately, there is no way around that in most cases. You will need to replace these files as well. Be careful that any core files you have to restore are from the same version of WordPress as your WordPress site. Otherwise, you will simply break your site!
Rebuilding Your WordPress Website
Once you regain access to your WordPress admin dashboard, the next step in restoring your WordPress site may involve rebuilding some or all of your WordPress website. The first thing you need to do is to check if your WordPress site is still fully functional. Make sure that your navigation menu is operational, you have a working contact form, and all your pages are visible and accessible.
If you have an e-commerce site, you also need to make sure that your shop pages are working correctly. Check your shop page as well as individual product pages, product categories, your shopping cart, and the payment gateway, and any other e-commerce options such as related products, upsells, and wishlists.
Be sure to check everything carefully, rather than merely looking for missing items. Especially plugins may contain malicious code, which is why we highly recommend replacing them as part of your WordPress restoration efforts. You may lose some data, at least initially, but that is a relatively small price to pay for getting your site back to normal.
Replacing Your WordPress Content
In some cases, hackers will replace your existing website content with everything from links to spammy websites, false or misleading text content or product descriptions and reviews, to images depicting pornography. Therefore, it is essential that you make sure to check all your web content as part of your WordPress restoration. Replace anything that appears different from your original images and text. And be sure to check all links point to the intended sites and pages.
After Restoring Your WordPress Website, You Must Do This!
Once you completed restoring your WordPress website, there are a few more things you need to do. If search engines or your WordPress host has blacklisted you, you need to contact them to be removed from these lists.
Be sure to change all of your login info to more secure versions as outlined in our essential WordPress security tips. After going through the effort, not to mention headache, of restoring your WordPress website after it got hacked, we are sure you don’t want to go through all that again.
And here are a few things we recommend to add an extra layer of protection to your WordPress site moving forward.
Update all Usernames and Passwords
Once you restore your WordPress website, you must update your WordPress username and password. The restore includes the same info your hacker used to gain access to your site in the first place! If your WordPress site has been hacked, doing this is a good idea since it’s the best way to protect yourself from future attacks.
Another way you can protect your website is by hiding the ‘wp-admin’ directory and by limiting the number of login attempts that can be made.
Remove Unused or Outdated WordPress Themes and Plugins
It pays to repeat this: outdated WordPress themes and plugins are the most common way hackers gain access to your website. Therefore, after you successfully restore your WordPress site, you must carefully review all themes and plugins on your WordPress site. Here is what you should check.
Unnecessary and unused WordPress themes and plugins leave your website vulnerable to further attacks. The first thing you want to do is browse the list of plugins and themes you have and delete the ones you haven’t used in a long time, especially the deactivated ones. Even a deactivated plugin can provide easy access for hackers.
You should also check if your plugins are still updated and how many sites are using them. A plugin that is used by 100,000+ sites and was updated two weeks ago is usually not a significant security risk. But if the plugin was last updated over six months ago, it may no longer be supported by the developer. If the plugin is no longer supported, it is vulnerable to more recent threats.
A Warning About Free WordPress Themes and Plugins
Part of our WordPress security tips is to warn you once again about using free themes. Yes, we understand that free is very appealing to especially small business owners. But keep in mind that you get what you pay for! And free themes are hardly ever supported or updated and present a very significant WordPress security risk. If you’re using a free WordPress theme, consider upgrading to its paid version or another paid theme as those provide better security for your WordPress site.
Update All WordPress Themes and Plugins
Next on our WordPress security tips list is to make sure that you update all your WordPress themes and plugins. If your WordPress website was compromised because of a recent security flaw, chances are the theme or plugin developer has released an update, including a security patch.
Make a Full Backup of Your Restored WordPress Site
Many people forget to make a full backup of their restored site, which is why we wanted to make sure to remind you as part of our WordPress security tips. Once you restored your hacked WordPress site and followed all the above recommendations, be sure to make a new complete backup. That way, you have all updates and WordPress security fixes, just in case something goes wrong again.
Securing Your WordPress Site from Further Attacks
4 Bonus WordPress Security Tips
We want to round out our essential WordPress security tips to help you protect your WordPress website even more. By following all of our above recommendations, you have already created a secure WordPress site. But here are a few bonus WordPress security tips to make your WordPress website extra safe.
Tip # 1: Enable Two-Factor Authentication.
If you’ve shared the password to your WordPress backend with multiple people, you should enable two-factor authentication for each one of them (including yourself).
Two-factor authentication ensures that even if your WordPress login details get leaked by someone, no hacker can enter your dashboard without you knowing.
Tip # 2: Use a Reputed WordPress Hosting Provider
Another one of our bonus WordPress security tips is not to skimp on your WordPress hosting. Security vulnerabilities on hosting providers cause a significant number of hacked websites. Therefore, make sure you host your WordPress website with one of the best WordPress hosting providers for 2020.
Unfortunately, many hosting providers fail to provide the high level of security need to keep your site safe. Most WordPress websites get hacked because of a security vulnerability on the hosting platform.
Tip # 3: Install an SSL Certificate
Not only is this a Google requirement in 2020, but SSL Certificates also add an extra layer of trust and transparency to your WordPress website or e-commerce store. Most WordPress hosting providers provide and install free SSL Certificates.
Tip # 4: Invest in a Firewall Solution
A firewall will block any suspicious network traffic from getting inside your WordPress website. For that reason, most WordPress hosting providers include it. If you are not sure, ask your service provider.
Final Thoughts on Restoring your WordPress Website
Hopefully, you will never have to restore your WordPress website. If you follow some essential WordPress security tips, you protected your online presence from online threats. But do not be lulled into a false sense of security here. WordPress attacks can and do happen.
Therefore we recommend that you keep our tips for restoring your WordPress website handy, just in case! If your WordPress website or e-commerce store does get hacked, you will be able to restore it to complete functionality and appearance quickly.
But we do need to caution you. WordPress security needs to be an ongoing concern and effort of yours, not a one-time task. For this reason, we recommend that you keep the best practices in mind as you work on and update your site over time. You may never wholly keep intruders at bay. But at least you will make penetrating your WordPress site much harder for them. We are here to help.
Do You Need Help Restoring Your WordPress Website?
Of course, we would be happy to help you and restore your WordPress website. We are experts at building, restoring, securing, and maintaining mobile-first WordPress websites and e-commerce stores.
Here at PixoLabo, we offer a full range of mobile-first WordPress website consulting and design services, including mobile-first web design and development, e-commerce solutions, and business website hosting and maintenance.
And if you are still not sure if your WordPress website was compromised, don’t worry! Simply reach out and contact us. Our expert team will listen to you, answer your questions, and determine if your website suffered a malicious breach or attack and restore and secure it for you. That is one of our specialties, after all!
Did Your WordPress Website Get Hacked?
Did you suffer from a recent attack on your WordPress website? Was your WordPress site hacked, infected with malware, or experienced another form of website intrusion? If so, how did you restore your WordPress website? And how did that go for you? Or do you have any other WordPress security questions or concerns? Please feel free to let us know so our audience can benefit as well, and grab our feed, so you don’t miss our next post! And feel free to share these essential WordPress security tips with your audience!
Thank you! We appreciate your help to end bad business websites, one pixel at a time!