Welcome Guest! Login
0 items Join Now

RocketTheme Blog

What Do You Do if Your WordPress Site Has Been Hacked?

Internet tools and resources have witnessed a meteoric rise in line with the fast-paced increase in internet use since 2000. It is hard to believe that WordPress, with all of its current popularity, saw its dawn only in 2003.

It has grown tremendously into one of the most-used CMS applications online. It has developed into a platform with the ability to handle and produce rich and interactive web contents on many levels. Concisely, WordPress powers up the biggest chunk of the internet.

However, WordPress has not failed to attract the attention of hackers. It is commonplace for hackers to target WordPress-based blogs in a bid to further their ulterior motives. So, what should you do if your WordPress blog is hacked?

This has been a guest post by Lisa Smith. Lisa is a Designer, Author at Template.net and Sample Templates.

Confirm the Hack

More commonplace than WordPress blogs being hacked is the occurrence of blog owners coming to the false conclusion that their blogs have been hacked. Below are a few ways to ascertain, without any doubt, if your blog has been hacked or if it is just a case of the usual WordPress or hosting issues.

Spam Ads

If your site has all of a sudden become spammed with ads that did not originate from you, especially in the headers and footers, you should be concerned. Often times, such ads may not even be legible since most hackers do not concern themselves with content presentation. The ads can be on anything from drugs to pornography, illegal services, and the like.

Change in Link Destination

If your links all of a sudden change their destination leading your readers to malicious websites, you have probably been hacked.  Most times though, when it comes to you, the site administrator, the links will work just fine since hacking attempts mostly factor in the site administrator. In addition, if you do a search of your site and you notice that the search engine results you get are malicious and have content that did not originate from your blog, it might be likely that your website was hacked.

Malicious Emails

If your site starts to send malicious mail and you get reports from your hosting provider, high chances are that you have been hacked and the hackers are using your website to cloak themselves and direct those who click the links to their own sites.

What then!?

Backup your WordPress Blog

After confirmation that you have been hacked, the only option that you can pursue to remedy the issue is cleaning your site and dealing with your vulnerability. For starters, it would be prudent that you perform a backup of your site. The reason for this is that quite too many hosting service providers immediately delete a site once it has been confirmed or reported as hacked.

They often delete the entire blog in a bid to curtail any more malicious activity and at the same time protect other integral components of their network. Again, their concern is, often, that if they do not delete a hacked website, other clients may also have their websites hacked. You can back up your site by downloading it using a backup plugin or by utilizing the backup system provided by your hosting provider.

Contact Your Hosting Provider

You should then contact your hosting service provider. Notify them that you have been hacked if they do not already know. Ask them how they can help you out. Make a point of asking them to find out what really happened and what caused you to be hacked and how. Be professional and cool about it, avoid any exhibition of negative emotion in your words. Be rational and have a problem solving mentality.

Change Back-end Password

While you are in your hosting account, change all the passwords in the site’s back end, including the password of anyone that you might have given previous access to the site. Avoid simple passwords that can be easily hacked. At the same time, avoid over complex passwords that you can easily forget.

Cleaning your site

Start by cleaning your local computer. Run a good antivirus with a good performance. One of the top brand antiviruses should do just fine. Also, always make sure that your antivirus is updated and working properly. Update all your local computer files too. However, do not be rash about it to avoid making any mistake and losing more than you have already lost.

Restoring Your Website

The next step is restoration of your site, which by this time should have been deleted by your hosting service provider. You should restore your most recent working backup of the site if it is available. If it is not, restoring the backup you just made as the first step should do just fine.

At this point, it is important to point out that restoring a site, though easy, can be a little bit technical. However, there are good guides that you can get your hands on through a simple online search. Otherwise, you can employ the services of an expert to do it all for you at a cost. Whomever you choose should be trustworthy as trusting another person is tantamount to increasing the risk of being hacked in the future.

Close Backdoors

After the site has been restored, close and secure any backdoors that the hacker might have left. If you do not know how to go about, there are tools such as Wordfence that can help you out. Such tools conduct an in-depth search of your site unearthing vulnerabilities and anything that may be out of place by comparing your site files with core WordPress files. You may find many infected files; you should therefore be mentally prepared to put in some considerable time in the cleaning process. After working through all the vulnerabilities and infected files, you should do a final scan to check if there is anything you might have missed.

You should then update your site to the latest version of WordPress and update any other component. You can also go a step further and change your passwords again. To avoid chances of being hacked in the future, utilize services such as Sucuri and managed hosting to give you extra security.


To be on the safe side, always make sure that you follow all WordPress security recommendations. They include prompt updating of core files, making your username secret, installing a WordPress file monitor, putting a cap on login attempts, among others.

Join the Conversation

comments powered by Disqus